[RESOLVED] Avira log

148 posts in this topic

ID: 1   Posted

Avira AntiVir Personal

Report file date: Thursday, December 16, 2010 17:58

Scanning for 2261081 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : WIR-47971040CF0

Version information:

BUILD.DAT : 10.0.0.607 31826 Bytes 11/30/2010 19:17:00

AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/1/2010 00:13:17

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04

LUKE.DLL : 10.0.3.2 104296 Bytes 12/1/2010 00:13:24

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36

VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 21:36:05

VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 21:36:05

VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 21:36:05

VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 21:36:05

VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 21:36:05

VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 21:36:06

VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 21:36:06

VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 21:36:06

VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 21:36:06

VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 21:36:06

VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 21:36:06

VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 21:36:06

VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 23:26:30

VBASE014.VDF : 7.11.0.53 2048 Bytes 12/16/2010 23:26:30

VBASE015.VDF : 7.11.0.54 2048 Bytes 12/16/2010 23:26:30

VBASE016.VDF : 7.11.0.55 2048 Bytes 12/16/2010 23:26:30

VBASE017.VDF : 7.11.0.56 2048 Bytes 12/16/2010 23:26:31

VBASE018.VDF : 7.11.0.57 2048 Bytes 12/16/2010 23:26:31

VBASE019.VDF : 7.11.0.58 2048 Bytes 12/16/2010 23:26:31

VBASE020.VDF : 7.11.0.59 2048 Bytes 12/16/2010 23:26:31

VBASE021.VDF : 7.11.0.60 2048 Bytes 12/16/2010 23:26:31

VBASE022.VDF : 7.11.0.61 2048 Bytes 12/16/2010 23:26:32

VBASE023.VDF : 7.11.0.62 2048 Bytes 12/16/2010 23:26:32

VBASE024.VDF : 7.11.0.63 2048 Bytes 12/16/2010 23:26:32

VBASE025.VDF : 7.11.0.64 2048 Bytes 12/16/2010 23:26:32

VBASE026.VDF : 7.11.0.65 2048 Bytes 12/16/2010 23:26:32

VBASE027.VDF : 7.11.0.66 2048 Bytes 12/16/2010 23:26:32

VBASE028.VDF : 7.11.0.67 2048 Bytes 12/16/2010 23:26:32

VBASE029.VDF : 7.11.0.68 2048 Bytes 12/16/2010 23:26:33

VBASE030.VDF : 7.11.0.69 2048 Bytes 12/16/2010 23:26:33

VBASE031.VDF : 7.11.0.73 20992 Bytes 12/16/2010 23:26:33

Engineversion : 8.2.4.126

AEVDF.DLL : 8.1.2.1 106868 Bytes 12/1/2010 00:13:13

AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 12/13/2010 21:52:33

AESCN.DLL : 8.1.7.2 127349 Bytes 12/1/2010 00:13:12

AESBX.DLL : 8.1.3.2 254324 Bytes 12/1/2010 00:13:12

AERDL.DLL : 8.1.9.2 635252 Bytes 12/1/2010 00:13:12

AEPACK.DLL : 8.2.4.5 512375 Bytes 12/16/2010 23:26:45

AEOFFICE.DLL : 8.1.1.10 201084 Bytes 12/1/2010 00:13:11

AEHEUR.DLL : 8.1.2.57 3142008 Bytes 12/16/2010 23:26:43

AEHELP.DLL : 8.1.16.0 246136 Bytes 12/13/2010 21:52:18

AEGEN.DLL : 8.1.5.0 397685 Bytes 12/13/2010 21:52:17

AEEMU.DLL : 8.1.3.0 393589 Bytes 12/1/2010 00:13:06

AECORE.DLL : 8.1.19.0 196984 Bytes 12/13/2010 21:52:15

AEBB.DLL : 8.1.1.0 53618 Bytes 12/1/2010 00:13:05

AVWINLL.DLL : 10.0.0.0 19304 Bytes 12/1/2010 00:13:17

AVPREF.DLL : 10.0.0.0 44904 Bytes 12/1/2010 00:13:16

AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 20:27:13

AVREG.DLL : 10.0.3.2 53096 Bytes 12/1/2010 00:13:17

AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/1/2010 00:13:17

AVARKT.DLL : 10.0.22.6 231784 Bytes 12/1/2010 00:13:14

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 12/1/2010 00:13:15

SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22

AVSMTP.DLL : 10.0.0.17 63848 Bytes 12/1/2010 00:13:17

NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:21

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20

RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/1/2010 00:13:38

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: E:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, E:, G:, H:, I:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Thursday, December 16, 2010 17:58

Starting search for hidden objects.

The scan of running processes will be started

Scan process 'spider.exe' - '23' Module(s) have been scanned

Scan process 'msdtc.exe' - '39' Module(s) have been scanned

Scan process 'dllhost.exe' - '60' Module(s) have been scanned

Scan process 'dllhost.exe' - '44' Module(s) have been scanned

Scan process 'vssvc.exe' - '47' Module(s) have been scanned

Scan process 'avscan.exe' - '65' Module(s) have been scanned

Scan process 'avcenter.exe' - '60' Module(s) have been scanned

Scan process 'AAWTray.exe' - '18' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '41' Module(s) have been scanned

Scan process 'unsecapp.exe' - '35' Module(s) have been scanned

Scan process 'AAWService.exe' - '92' Module(s) have been scanned

Scan process 'alg.exe' - '32' Module(s) have been scanned

Scan process 'WDDMService.exe' - '24' Module(s) have been scanned

Scan process 'wdfmgr.exe' - '14' Module(s) have been scanned

Scan process 'avshadow.exe' - '24' Module(s) have been scanned

Scan process 'svchost.exe' - '40' Module(s) have been scanned

Scan process 'sprtlisten.exe' - '27' Module(s) have been scanned

Scan process 'jqs.exe' - '32' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '32' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '44' Module(s) have been scanned

Scan process 'avguard.exe' - '54' Module(s) have been scanned

Scan process 'psi.exe' - '84' Module(s) have been scanned

Scan process 'BTTray.exe' - '43' Module(s) have been scanned

Scan process 'ISUSPM.exe' - '21' Module(s) have been scanned

Scan process 'avgnt.exe' - '43' Module(s) have been scanned

Scan process 'svchost.exe' - '33' Module(s) have been scanned

Scan process 'sched.exe' - '51' Module(s) have been scanned

Scan process 'spoolsv.exe' - '59' Module(s) have been scanned

Scan process 'Explorer.EXE' - '96' Module(s) have been scanned

Scan process 'svchost.exe' - '37' Module(s) have been scanned

Scan process 'svchost.exe' - '31' Module(s) have been scanned

Scan process 'svchost.exe' - '162' Module(s) have been scanned

Scan process 'svchost.exe' - '38' Module(s) have been scanned

Scan process 'svchost.exe' - '50' Module(s) have been scanned

Scan process 'lsass.exe' - '57' Module(s) have been scanned

Scan process 'services.exe' - '26' Module(s) have been scanned

Scan process 'winlogon.exe' - '65' Module(s) have been scanned

Scan process 'csrss.exe' - '12' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Master boot sector HD2

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'E:\'

[iNFO] No virus was found!

Boot sector 'G:\'

[iNFO] No virus was found!

Boot sector 'H:\'

[iNFO] No virus was found!

Boot sector 'I:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '1773' files ).

Starting the file scan:

Begin scan in 'C:\'

Begin scan in 'E:\' <SimpleDrive>

Begin scan in 'G:\' <WDprt1games>

G:\System Volume Information\_restore{8D12E375-91C0-4FC8-A471-0BDF31870CFB}\RP22\A0004007.exe

[DETECTION] Is the TR/Crypt.ZPACK.Gen2 Trojan

Begin scan in 'H:\' <WDprt2pixal>

Begin scan in 'I:\' <WDprt3misc>

Beginning disinfection:

G:\System Volume Information\_restore{8D12E375-91C0-4FC8-A471-0BDF31870CFB}\RP22\A0004007.exe

[DETECTION] Is the TR/Crypt.ZPACK.Gen2 Trojan

[NOTE] The file was moved to the quarantine directory under the name '478d7805.qua'.

End of the scan: Thursday, December 16, 2010 21:43

Used time: 3:42:18 Hour(s)

The scan has been done completely.

10123 Scanned directories

345417 Files were scanned

1 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

1 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

345416 Files not concerned

3585 Archives were scanned

0 Warnings

1 Notes

376919 Objects were scanned with rootkit scan

0 Hidden objects were found


Share this post


Link to post
Share on other sites

ID: 2   Posted

I ran this after Avira's routine check graabbed that bug

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5322

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/16/2010 9:59:07 PM

mbam-log-2010-12-16 (21-59-07).txt

Scan type: Quick scan

Objects scanned: 128286

Time elapsed: 6 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)


Share this post


Link to post
Share on other sites

ID: 3   Posted

Please, complete ALL steps listed here:


Share this post


Link to post
Share on other sites

ID: 4   Posted

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit quick scan 2010-12-16 22:35:36

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC35L060AVV207-0 rev.V22OA66A

Running: 30lkn22i.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwlyrfow.sys

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

---- EOF - GMER 1.0.15 ----


Share this post


Link to post
Share on other sites

ID: 5   Posted

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x000001fd

Kernel Drivers (total 138):

0x804D7000 \WINDOWS\system32\ntoskrnl.exe

0x806EE000 \WINDOWS\system32\hal.dll

0xF7987000 \WINDOWS\system32\KDCOM.DLL

0xF7897000 \WINDOWS\system32\BOOTVID.dll

0xF75A8000 ACPI.sys

0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF7597000 pci.sys

0xF75F7000 isapnp.sys

0xF7A4F000 pciide.sys

0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF798B000 intelide.sys

0xF7607000 MountMgr.sys

0xF74D8000 ftdisk.sys

0xF798D000 dmload.sys

0xF74B2000 dmio.sys

0xF770F000 PartMgr.sys

0xF7617000 VolSnap.sys

0xF749A000 atapi.sys

0xF7627000 disk.sys

0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xF747A000 fltmgr.sys

0xF7423000 SYMDS.SYS

0xF7411000 sr.sys

0xF7647000 Lbd.sys

0xF7B36000 SYMEFA.SYS

0xF787A000 CBUFS.sys

0xF7863000 KSecDD.sys

0xBA773000 Ntfs.sys

0xBA746000 NDIS.sys

0xBA72C000 Mup.sys

0xBA71B000 bdisk.sys

0xBA6B4000 cbvd.sys

0xF7577000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xB9BD3000 \SystemRoot\system32\DRIVERS\ialmnt5.sys

0xB9BBF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xF775F000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xB9B9B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF7767000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xB9B83000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys

0xF776F000 \SystemRoot\system32\DRIVERS\fdc.sys

0xF7567000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xF7777000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xF777F000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF7557000 \SystemRoot\system32\DRIVERS\serial.sys

0xBA627000 \SystemRoot\system32\DRIVERS\serenum.sys

0xB9B6F000 \SystemRoot\system32\DRIVERS\parport.sys

0xF7547000 \SystemRoot\system32\DRIVERS\imapi.sys

0xF7537000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xF7527000 \SystemRoot\system32\DRIVERS\redbook.sys

0xB9B4C000 \SystemRoot\system32\DRIVERS\ks.sys

0xF7787000 \SystemRoot\system32\drivers\InCDPass.sys

0xF7517000 \SystemRoot\system32\drivers\InCDRm.sys

0xB9AC6000 \SystemRoot\system32\drivers\smwdm.sys

0xB9AA2000 \SystemRoot\system32\drivers\portcls.sys

0xF7507000 \SystemRoot\system32\drivers\drmk.sys

0xF79AB000 \SystemRoot\system32\drivers\aeaudio.sys

0xB99C0000 \SystemRoot\system32\DRIVERS\btkrnl.sys

0xF7AA3000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF74F7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xBA61B000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xB99A9000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xBA5AB000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xBA59B000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF778F000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xB98F8000 \SystemRoot\system32\DRIVERS\psched.sys

0xBA58B000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF779F000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF77A7000 \SystemRoot\system32\DRIVERS\raspti.sys

0xB9803000 \SystemRoot\system32\DRIVERS\rdpdr.sys

0xBA57B000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF79B1000 \SystemRoot\system32\DRIVERS\swenum.sys

0xB97A5000 \SystemRoot\system32\DRIVERS\update.sys

0xBA5FF000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF77FF000 \SystemRoot\system32\DRIVERS\btport.sys

0xF7687000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF76D7000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xF79C9000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xF780F000 \SystemRoot\system32\DRIVERS\flpydisk.sys

0xB9959000 \SystemRoot\System32\Drivers\btwusb.sys

0xB9949000 \SystemRoot\system32\drivers\NAV\1201000.025\SRTSPX.SYS

0xB11B7000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

0xF79DF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7AC1000 \SystemRoot\System32\Drivers\Null.SYS

0xF79E1000 \SystemRoot\System32\Drivers\Beep.SYS

0xF773F000 \SystemRoot\System32\drivers\vga.sys

0xF79E3000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF79E5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xB98F4000 \SystemRoot\System32\Drivers\InCDrec.SYS

0xB117B000 \SystemRoot\system32\drivers\InCDFs.sys

0xF7747000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF774F000 \SystemRoot\System32\Drivers\Npfs.SYS

0xB98F0000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xB1168000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xB110F000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xB10B6000 \SystemRoot\system32\drivers\NAV\1201000.025\SYMTDI.SYS

0xB108E000 \SystemRoot\system32\DRIVERS\netbt.sys

0xB106C000 \SystemRoot\System32\drivers\afd.sys

0xB9939000 \SystemRoot\system32\DRIVERS\netbios.sys

0xF7757000 \SystemRoot\system32\DRIVERS\ssmdrv.sys

0xB1041000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xB98E0000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS

0xB0FD1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xB9919000 \SystemRoot\System32\Drivers\Fips.SYS

0xB0FAB000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xB95B3000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xB95A3000 \SystemRoot\system32\DRIVERS\LVCD.sys

0xB0F98000 \SystemRoot\system32\DRIVERS\LVCam2.dll

0xB0F30000 \SystemRoot\system32\DRIVERS\LVCodek2.dll

0xB9593000 \SystemRoot\system32\DRIVERS\STREAM.SYS

0xB0F0A000 \SystemRoot\system32\DRIVERS\avipbb.sys

0xB9523000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xB960B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xB1349000 \SystemRoot\system32\DRIVERS\wdcsam.sys

0xB0C3F000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF79BB000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xB95D7000 \SystemRoot\System32\drivers\Dxapi.sys

0xF77F7000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xB13CD000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF020000 \SystemRoot\System32\ialmdnt5.dll

0xBF012000 \SystemRoot\System32\ialmrnt5.dll

0xBF03F000 \SystemRoot\System32\ialmdev5.DLL

0xBF05E000 \SystemRoot\System32\ialmdd5.DLL

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xB0BB2000 \SystemRoot\system32\DRIVERS\avgntflt.sys

0xB0B92000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xB08E6000 \SystemRoot\System32\Drivers\Fastfat.SYS

0xB080D000 \SystemRoot\System32\Drivers\Udfs.SYS

0xB07F8000 \SystemRoot\system32\drivers\wdmaud.sys

0xB9979000 \SystemRoot\system32\drivers\sysaudio.sys

0xB05E5000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xF7A05000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xB04D9000 \??\C:\WINDOWS\system32\drivers\PfModNT.sys

0xB0385000 \SystemRoot\system32\DRIVERS\srv.sys

0xAFF6A000 \SystemRoot\System32\Drivers\HTTP.sys

0xAEC07000 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwlyrfow.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 35):

0 System Idle Process

4 System

688 C:\WINDOWS\system32\smss.exe

756 csrss.exe

780 C:\WINDOWS\system32\winlogon.exe

824 C:\WINDOWS\system32\services.exe

840 C:\WINDOWS\system32\lsass.exe

1020 C:\WINDOWS\system32\svchost.exe

1128 svchost.exe

1224 C:\WINDOWS\system32\svchost.exe

1340 svchost.exe

1600 svchost.exe

1812 C:\WINDOWS\system32\spoolsv.exe

1872 E:\Program Files\Avira\AntiVir Desktop\sched.exe

2024 svchost.exe

656 E:\Program Files\Avira\AntiVir Desktop\avguard.exe

672 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

708 C:\Program Files\Bonjour\mDNSResponder.exe

800 C:\Program Files\Java\jre6\bin\jqs.exe

1192 C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe

1468 C:\WINDOWS\system32\svchost.exe

1564 E:\Program Files\Avira\AntiVir Desktop\avshadow.exe

1264 wdfmgr.exe

520 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

2604 alg.exe

1152 C:\WINDOWS\system32\dllhost.exe

3836 msdtc.exe

2508 C:\WINDOWS\explorer.exe

2836 E:\Program Files\Avira\AntiVir Desktop\avgnt.exe

2784 C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

3384 E:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

3300 E:\Program Files\Secunia\PSI\psi.exe

932 E:\Program Files\Mozilla Firefox\Mozilla Firefox 4.0 Beta 7\firefox.exe

1368 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

2720 C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

\\.\G: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

\\.\H: --> \\.\PhysicalDrive2 at offset 0x0000004d`922df200 (NTFS)

\\.\I: --> \\.\PhysicalDrive2 at offset 0x00000099`5318fa00 (NTFS)

PhysicalDrive0 Model Number: IC35L060AVV207-0, Rev: V22OA66A

PhysicalDrive1 Model Number: STECHSimple Drive, Rev: 1.04

PhysicalDrive2 Model Number: WDMy Book 1110, Rev: 1030

Size Device Name MBR Status

--------------------------------------------

37 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

149 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

930 GB \\.\PhysicalDrive2 RE: Unknown MBR code

SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


Share this post


Link to post
Share on other sites

ID: 6   Posted

So far, all good :)

Go on....


Share this post


Link to post
Share on other sites

ID: 7   Posted

STEP 4.

Please, download DDS from one of the 2 mirrors and save it to your desktop.

Mirror 1

Mirror 2

BAD LINKS


Share this post


Link to post
Share on other sites

ID: 8   Posted

They work just fine for me...

Zipped DDS attached


Share this post


Link to post
Share on other sites

ID: 9   Posted

dds.scr
this what i keep getting or a pif txt

Share this post


Link to post
Share on other sites

ID: 10   Posted

Double click on the file to run it.


Share this post


Link to post
Share on other sites

ID: 11   Posted

DDS (Ver_10-12-12.02) - NTFSx86

Run by Administrator at 23:12:48.82 on Thu 12/16/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.774 [GMT -6:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Norton AntiVirus Online *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

E:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

E:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

E:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

E:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

E:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

E:\Program Files\Secunia\PSI\psi.exe

E:\Program Files\Mozilla Firefox\Mozilla Firefox 4.0 Beta 7\firefox.exe

I:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://sn133w.snt133.mail.live.com/default.aspx?wa=wsignin1.0

uWindow Title = Windows Internet Explorer provided by Microsoft

uInternet Settings,ProxyOverride = *.local

BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File

BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll

TB: Reasonable Antiphishing 2.0: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll

uRun: [iSUSPM] "c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe" -scheduler

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [avgnt] "e:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\secuni~1.lnk - e:\program files\secunia\psi\psi.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - e:\program files\widcomm\bluetooth software\BTTray.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - e:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll

Notify: igfxcui - igfxsrvc.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\6d716cf2.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.smartestcomputing.us.com/index

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\nuance\pdf reader\bin\nppdf.dll

FF - plugin: c:\program files\nuance\pdf reader\bin\nppdf.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin2.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin3.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin4.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin5.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin6.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin7.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\mozilla firefox\mozilla firefox 4.0 beta 7\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: Photobucket Uploader em:version=1.3>: pbupload@photobucket.com - %profile%\extensions\pbupload@photobucket.com

FF - Ext: Search Engine Security: {197573FA-9BF9-11DF-9D68-A441DFD72085} - %profile%\extensions\{197573FA-9BF9-11DF-9D68-A441DFD72085}

============= SERVICES / DRIVERS ===============

R0 bdisk;COMODO Disk Raw Access Filter;c:\windows\system32\drivers\bdisk.sys [2010-12-2 73416]

R0 CBUfs;CBUFS;c:\windows\system32\drivers\cbufs.sys [2010-12-2 123240]

R0 cbvd;Comodo Encrypted Virtual Disk;c:\windows\system32\drivers\CBVD.sys [2010-12-2 428248]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-14 64288]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1201000.025\SymDS.sys [2010-11-9 339504]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1201000.025\SymEFA.sys [2010-11-9 666672]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\avira\antivir desktop\sched.exe [2010-12-13 135336]

R2 AntiVirService;Avira AntiVir Guard;e:\program files\avira\antivir desktop\avguard.exe [2010-12-13 267944]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-12 61960]

R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-10-4 11520]

S1 avgio;avgio;e:\program files\avira\antivir desktop\avgio.sys [2010-12-13 11608]

S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20101123.003\bhdrvx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20101123.003\BHDrvx86.sys [?]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1201000.025\Ironx86.sys [2010-11-9 134704]

S2 COSService.exe;Comodo Online Storage Service;e:\my works\back it up\comodo\comodo backup\cosservice.exe --> e:\my works\back it up\comodo\comodo backup\COSService.exe [?]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]

S2 NAV;Norton AntiVirus;"c:\program files\norton antivirus\engine\18.1.0.37\ccsvchst.exe" /s "nav" /m "c:\program files\norton antivirus\engine\18.1.0.37\dimaster.dll" /prefetch:1 --> c:\program files\norton antivirus\engine\18.1.0.37\ccSvcHst.exe [?]

S2 SynchronizationService.exe;Comodo BackUp Service;e:\my works\back it up\comodo\comodo backup\synchronizationservice.exe --> e:\my works\back it up\comodo\comodo backup\SynchronizationService.exe [?]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20101208.001\idsxpx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20101208.001\IDSxpx86.sys [?]

S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20101208.002\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20101208.002\NAVENG.SYS [?]

S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20101208.002\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20101208.002\NAVEX15.SYS [?]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]

S3 reparse;Reparse;c:\windows\system32\drivers\cbreparse.sys [2010-12-2 427608]

S4 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]

=============== Created Last 30 ================

2010-12-17 04:15:35 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-12-14 20:19:59 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-12-14 20:19:52 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-12-14 20:12:31 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Sunbelt Software

2010-12-14 18:53:36 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-14 08:05:09 -------- d-----w- c:\program files\Bonjour

2010-12-14 07:52:41 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2010-12-14 07:52:41 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2010-12-14 07:52:41 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2010-12-14 07:52:41 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2010-12-14 07:52:41 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2010-12-14 07:52:41 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2010-12-14 07:52:41 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2010-12-13 22:03:59 -------- d-----w- c:\windows\system32\wbem\repository\FS

2010-12-13 22:03:59 -------- d-----w- c:\windows\system32\wbem\Repository

2010-12-13 22:03:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-12-13 22:03:31 -------- d-----w- c:\docume~1\admini~1\applic~1\Avira

2010-12-13 21:49:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira(2)

2010-12-13 08:23:48 201344 ----a-w- c:\windows\system32\drivers\sfi.dat

2010-12-13 06:33:14 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2010-12-13 06:33:14 1060864 ----a-w- c:\windows\system32\mfc71.dll

2010-12-12 06:04:54 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-12-12 04:46:50 -------- d-----w- c:\docume~1\admini~1\applic~1\GetRightToGo

2010-12-12 04:32:32 -------- dc----w- c:\docume~1\alluse~1\applic~1\Boxtools

2010-12-09 23:32:49 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}

2010-12-09 23:32:04 -------- d-----w- c:\program files\Lavasoft

2010-12-04 23:15:42 -------- d-----w- c:\docume~1\admini~1\applic~1\Skinux

2010-12-04 09:36:01 5632 ----a-w- c:\windows\system32\ptpusb.dll

2010-12-04 09:36:01 159232 ----a-w- c:\windows\system32\ptpusd.dll

2010-12-04 09:35:59 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2010-12-04 09:35:59 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2010-12-04 09:31:52 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys

2010-12-04 09:31:52 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll

2010-12-04 09:31:52 465920 ------w- c:\windows\system32\imapi2fs.dll

2010-12-04 09:31:52 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll

2010-12-04 09:31:52 317952 ------w- c:\windows\system32\imapi2.dll

2010-12-04 04:43:58 -------- d-----w- c:\program files\Speccy

2010-12-03 18:53:25 -------- d-----w- c:\docume~1\admini~1\applic~1\DonationCoder

2010-12-03 18:52:02 -------- dc----w- c:\docume~1\alluse~1\applic~1\DonationCoder

2010-12-03 07:22:48 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Mozilla

2010-12-03 07:02:16 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\PCHealth

2010-12-02 12:59:52 73416 ----a-w- c:\windows\system32\drivers\bdisk.sys

2010-12-02 12:59:44 123240 ----a-w- c:\windows\system32\drivers\cbufs.sys

2010-12-02 12:59:38 428248 ----a-w- c:\windows\system32\drivers\CBVD.sys

2010-12-02 12:59:32 573856 ----a-w- c:\windows\system32\drivers\vdbus.sys

2010-12-02 12:59:26 427608 ----a-w- c:\windows\system32\drivers\cbreparse.sys

2010-12-02 08:21:31 -------- d-----w- c:\windows\system32\XPSViewer

2010-12-02 08:20:08 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-12-02 08:19:35 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-12-02 08:19:35 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-12-02 08:19:35 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-12-02 08:19:35 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-12-02 08:19:35 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-12-02 08:19:35 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-12-02 08:19:35 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-12-02 08:19:35 117760 ------w- c:\windows\system32\prntvpt.dll

2010-12-02 06:45:41 178 ----a-w- c:\windows\system32\systemkc.sys

2010-12-02 06:45:41 178 ----a-w- C:\rootdrv.drv

2010-12-02 06:45:34 602 ----a-w- c:\windows\pscw9561.sys

2010-12-01 21:57:57 -------- dc----w- c:\windows\ie8updates

2010-12-01 21:57:10 -------- d-----w- c:\program files\MSXML 4.0

2010-12-01 15:54:43 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-12-01 15:54:13 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-12-01 15:54:12 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-12-01 15:53:56 138496 -c----w- c:\windows\system32\dllcache\afd.sys

2010-12-01 15:53:45 357248 -c----w- c:\windows\system32\dllcache\srv.sys

2010-12-01 15:53:11 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-12-01 15:53:02 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-12-01 15:52:42 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-12-01 15:52:42 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-12-01 15:52:23 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-12-01 10:37:29 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe

2010-12-01 10:36:26 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-12-01 10:36:26 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-12-01 10:36:25 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2010-12-01 10:36:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-12-01 10:35:45 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-12-01 10:35:44 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-12-01 10:35:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-12-01 10:35:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-12-01 10:35:31 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-12-01 10:35:31 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-12-01 10:35:24 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-12-01 10:33:16 331776 -c----w- c:\windows\system32\dllcache\msadce.dll

2010-12-01 10:33:14 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-12-01 10:26:52 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-12-01 10:19:29 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2010-12-01 10:19:29 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2010-12-01 10:19:29 110592 -c----w- c:\windows\system32\dllcache\services.exe

2010-12-01 10:19:28 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2010-12-01 10:19:28 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2010-12-01 10:19:28 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2010-12-01 10:19:28 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2010-12-01 10:19:27 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll

2010-12-01 10:10:25 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-12-01 10:09:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-12-01 09:58:15 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll

2010-12-01 09:58:15 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-12-01 07:08:53 -------- d-----w- c:\windows\system32\PreInstall

2010-12-01 07:08:25 -------- d--h--w- c:\windows\$hf_mig$

2010-12-01 06:09:45 -------- d-----w- c:\windows\system32\SoftwareDistribution

2010-12-01 06:09:31 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-12-01 05:40:56 9728 ------w- c:\windows\system32\ativdaxx.ax

2010-12-01 05:37:07 -------- d-----w- c:\windows\ServicePackFiles

2010-12-01 05:36:36 294912 ------w- c:\program files\windows media player\dlimport.exe

2010-12-01 05:36:29 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe

2010-12-01 01:58:19 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Apple

2010-12-01 01:57:25 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Apple Computer

2010-12-01 01:39:52 -------- d-----w- c:\program files\WOT

2010-11-30 04:38:28 -------- d-----w- c:\program files\ESET

2010-11-30 03:12:45 472808 ------w- c:\windows\system32\deployJava1.dll

2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-28 23:44:45 -------- d-sh--r- C:\cmdcons

2010-11-27 22:45:22 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes

2010-11-27 22:45:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-27 22:45:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-27 22:45:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-11-26 19:41:23 161296 ------w- c:\windows\system32\drivers\tmcomm.sys

2010-11-26 07:20:59 -------- d-----w- c:\program files\Defraggler

2010-11-25 21:40:57 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2010-11-25 08:23:41 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\WeatherBug

2010-11-25 08:23:26 -------- d-----w- c:\docume~1\admini~1\applic~1\WeatherBug

2010-11-25 08:23:18 18944 -c----r- c:\docume~1\admini~1\applic~1\microsoft\installer\{8f018a9e-56de-4a79-a5ef-25f413f1d538}\IconBB6A16301.exe

2010-11-24 05:21:50 -------- d-----w- c:\program files\common files\DTI

2010-11-18 18:12:44 81920 -c----w- c:\windows\system32\dllcache\isign32.dll

2010-11-18 07:30:28 -------- d-----w- c:\program files\SystemRequirementsLab

2010-11-18 04:37:43 -------- d-----w- c:\docume~1\admini~1\applic~1\DriverCure

2010-11-18 04:37:42 -------- d-----w- c:\docume~1\admini~1\applic~1\ParetoLogic

2010-11-17 05:50:00 -------- d-----w- c:\docume~1\admini~1\applic~1\RegistryKeys

2010-11-17 05:45:46 -------- d-----w- c:\docume~1\admini~1\applic~1\com.w3i.FlipToast

2010-11-17 05:44:11 -------- dc----w- c:\program files\FlipToast

==================== Find3M ====================

2010-11-20 04:32:41 21840 -c---tw- c:\windows\system32\SIntfNT.dll

2010-11-20 04:32:41 17212 -c---tw- c:\windows\system32\SIntf32.dll

2010-11-20 04:32:41 12067 -c---tw- c:\windows\system32\SIntf16.dll

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-13 07:03:34 1409 ------w- c:\windows\QTFont.for

2010-11-13 02:55:07 398744 ------r- c:\windows\system32\cpnprt2.cid

2010-11-10 00:25:01 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ------w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

2010-10-08 06:36:43 28672 ------w- c:\windows\system32\qttask.exe

2010-10-07 18:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-10-07 18:23:02 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2010-10-07 18:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-10-07 18:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-09-18 18:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

============= FINISH: 23:13:59.95 ===============


Share this post


Link to post
Share on other sites

ID: 12   Posted

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 10/2/2010 10:00:12 PM

System Uptime: 12/16/2010 5:14:25 PM (6 hours ago)

Motherboard: Dell Computer Corp. | | 0U1324

Processor: Intel® Celeron® CPU 2.00GHz | Microprocessor | 1995/400mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 20 GiB total, 11.218 GiB free.

D: is CDROM (CDFS)

E: is FIXED (NTFS) - 149 GiB total, 130.452 GiB free.

F: is CDROM (UDF)

G: is FIXED (NTFS) - 310 GiB total, 306.437 GiB free.

H: is FIXED (NTFS) - 303 GiB total, 300.761 GiB free.

I: is FIXED (NTFS) - 318 GiB total, 309.517 GiB free.

==== Disabled Device Manager Items =============

Class GUID:

Description: Ethernet Controller

Device ID: PCI\VEN_8086&DEV_100E&SUBSYS_01511028&REV_02\4&1C660DD6&0&60F0

Manufacturer:

Name: Ethernet Controller

PNP Device ID: PCI\VEN_8086&DEV_100E&SUBSYS_01511028&REV_02\4&1C660DD6&0&60F0

Service:

==== System Restore Points ===================

RP127: 12/14/2010 5:52:54 PM - shitloads of A\V updates

RP128: 12/15/2010 7:10:30 PM - System Checkpoint

RP129: 12/15/2010 7:12:21 PM - foxy beta test

==== Installed Programs ======================

Ad-Aware

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

American Greetings CreataCard Select 6

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Avira AntiVir Personal - Free Antivirus

Bluetooth by hp

Boggle

Bonjour

Bookworm Adventures Deluxe 1.0

CCleaner

Chuzzle Deluxe 1.01

Coupon Printer for Windows

Defraggler

Dell ResourceCD

DVD Suite

Dynex DX-E102 PCI 10/100Mb Network Adapter

ESET Online Scanner v3

FlipToast

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB954550-v5)

Intel® Extreme Graphics 2 Driver

Java Auto Updater

Java 6 Update 22

LG ODD Auto Firmware Update

LightScribe 1.6.43.1

Logitech QuickCam

Malwarebytes' Anti-Malware

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Age of Empires Gold

Microsoft Age of Empires II

Microsoft Age of Empires II: The Conquerors Expansion

Microsoft Encarta Encyclopedia Standard 2003

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Web Publishing Wizard 1.52

Monopoly by Parker Brothers

Monopoly Here & Now Edition

Mozilla Firefox (3.6.12)

Mozilla Firefox 4.0b7 (x86 en-GB)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 7 Essentials

neroxml

Nuance PDF Reader

Plants vs. Zombies

PowerDVD

PowerProducer

Print Screen W95&NT

Process Tamer 2.11.01

QuickTime

Reasonable Anti-Phishing 2.1

Rimu Schematic version 2.0

Risk (remove only)

RollerCoaster Tycoon 2

RollerCoaster Tycoon 2: Time Twister

RollerCoaster Tycoon 2: Wacky Worlds

RollerCoaster Tycoon Deluxe

Samsung Master

SCRABBLE

Secunia PSI

SecurDisc Viewer

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Shockwave

SoundMAX

Speccy

System Requirements Lab for Intel

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WD SmartWare

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 8

Windows Media Format Runtime

Windows XP Service Pack 3

WinZip

Works Suite OS Pack

WOT for Internet Explorer

Yahtzee

Zuma Deluxe 1.0

==== Event Viewer Messages From Past Week ========

12/14/2010 4:05:57 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/14/2010 4:03:52 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

12/14/2010 4:03:52 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/13/2010 4:58:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio BHDrvx86 eeCtrl SRTSP SymIRON

12/13/2010 4:49:00 PM, error: Service Control Manager [7000] - The Norton AntiVirus service failed to start due to the following error: The system cannot find the path specified.

12/13/2010 4:05:45 PM, error: Service Control Manager [7000] - The Comodo Online Storage Service service failed to start due to the following error: The system cannot find the file specified.

12/13/2010 4:05:45 PM, error: Service Control Manager [7000] - The Comodo BackUp Service service failed to start due to the following error: The system cannot find the file specified.

12/13/2010 2:05:44 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Norton AntiVirus service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

12/13/2010 2:03:44 AM, error: Service Control Manager [7031] - The Norton AntiVirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/13/2010 12:41:11 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

12/13/2010 12:41:11 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/13/2010 12:36:20 AM, error: Service Control Manager [7000] - The Comodo Online Storage Service service failed to start due to the following error: Access is denied.

12/13/2010 12:36:20 AM, error: Service Control Manager [7000] - The Comodo BackUp Service service failed to start due to the following error: Access is denied.

12/12/2010 12:09:42 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio BHDrvx86 SRTSP SymIRON

12/11/2010 6:23:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio

12/11/2010 6:22:47 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .

12/11/2010 6:22:47 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL. Reference error message: The operation completed successfully. .

12/11/2010 6:22:47 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

12/11/2010 6:22:27 PM, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 0019E064F2D0 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

12/11/2010 11:56:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 SRTSP SymIRON

12/11/2010 11:56:24 PM, error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.

12/11/2010 11:56:24 PM, error: SRTSP [4] - Error loading virus definitions.

12/10/2010 4:25:09 AM, error: Service Control Manager [7034] - The WD SmartWare Drive Manager service terminated unexpectedly. It has done this 1 time(s).

12/10/2010 4:25:09 AM, error: Service Control Manager [7034] - The SupportSoft Listener Service service terminated unexpectedly. It has done this 1 time(s).

12/10/2010 4:25:09 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

12/10/2010 4:25:09 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

==== End Of File ===========================


Share this post


Link to post
Share on other sites

ID: 13   Posted

You're running two AV programs, Avira and Norton.

I don't see Norton in Add\Remove, so I assume some leftovers.

Run Norton Removal Tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

When done...

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    NOTE1. If Combofix asks you to install Recovery Console, please allow it.

    NOTE 2. If Combofix asks you to update the program, always do so.

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    [*]Double click on combofix.exe & follow the prompts.

    [*]When finished, it will produce a report for you.

    [*]Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.

Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools

We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.

If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.

Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com

Rkill.scr

Rkill.pif

Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!


Share this post


Link to post
Share on other sites


ID: 15   Posted

I wasn't aware of you running the tool already.

In that case, proceed with Combofix and we'll start removing Norton manually.


Share this post


Link to post
Share on other sites

ID: 16   Posted

In that case, proceed with Combofix and we'll start removing Norton manually.
combo fix freaked out concerning norton,still pro ced?

I ve poted about norton removal a couple of times, {still unresolved} about its refusal to go away.


Share this post


Link to post
Share on other sites

ID: 17   Posted

This all junk that has been "removed"

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1201000.025\SymDS.sys [2010-11-9 339504]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1201000.025\SymEFA.sys [2010-11-9 666672]S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20101123.003\bhdrvx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20101123.003\BHDrvx86.sys [?]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1201000.025\Ironx86.sys [2010-11-9 134704]

S2 COSService.exe;Comodo Online Storage Service;e:\my works\back it up\comodo\comodo backup\cosservice.exe --> e:\my works\back it up\comodo\comodo backup\COSService.exe [?]S2 NAV;Norton AntiVirus;"c:\program files\norton antivirus\engine\18.1.0.37\ccsvchst.exe" /s "nav" /m "c:\program files\norton antivirus\engine\18.1.0.37\dimaster.dll" /prefetch:1 --> c:\program files\norton antivirus\engine\18.1.0.37\ccSvcHst.exe [?]

S2 SynchronizationService.exe;Comodo BackUp Service;e:\my works\back it up\comodo\comodo backup\synchronizationservice.exe --> e:\my works\back it up\comodo\comodo backup\SynchronizationService.exe [?]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20101208.001\idsxpx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20101208.001\IDSxpx86.sys [?]

S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20101208.002\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20101208.002\NAVENG.SYS [?]

S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20101208.002\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20101208.002\NAVEX15.SYS [?]


Share this post


Link to post
Share on other sites

ID: 18   Posted

Re-ran norton remover


Share this post


Link to post
Share on other sites

ID: 19   Posted

ComboFix ran fine this time,though I'll bet norton will pop up again.....

ComboFix 10-12-16.02 - Administrator 12/17/2010 1:23.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.959 [GMT -6:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator\Recent\Thumbs.db

.

((((((((((((((((((((((((( Files Created from 2010-11-17 to 2010-12-17 )))))))))))))))))))))))))))))))

.

2010-12-17 07:05 . 2010-12-17 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2010-12-17 04:15 . 2010-12-03 09:05 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-12-14 20:19 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-12-14 20:19 . 2010-12-14 20:19 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-12-14 20:12 . 2010-12-14 20:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sunbelt Software

2010-12-14 18:53 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-14 08:05 . 2010-12-14 08:17 -------- d-----w- c:\program files\Bonjour

2010-12-14 07:52 . 2010-12-14 07:52 159744 -c--a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll

2010-12-14 07:52 . 2010-12-14 07:52 159744 -c--a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll

2010-12-14 07:52 . 2010-12-14 07:52 159744 -c--a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll

2010-12-14 07:52 . 2010-12-14 07:52 159744 -c--a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll

2010-12-14 07:52 . 2010-12-14 07:52 159744 -c--a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll

2010-12-14 07:52 . 2010-12-14 07:52 159744 -c--a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll

2010-12-14 07:52 . 2010-12-14 07:52 159744 -c--a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll

2010-12-14 07:51 . 2010-12-14 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-12-14 07:50 . 2010-12-14 07:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer

2010-12-13 22:03 . 2010-12-13 22:03 -------- d-----w- c:\windows\system32\wbem\Repository

2010-12-13 22:03 . 2010-12-13 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-12-13 22:03 . 2010-12-13 22:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira

2010-12-13 08:23 . 2010-12-13 22:04 201344 ----a-w- c:\windows\system32\drivers\sfi.dat

2010-12-13 08:02 . 2010-12-13 08:02 -------- d-----w- c:\windows\system32\config\systemprofile\IETldCache

2010-12-13 08:00 . 2010-12-13 08:00 -------- d-----w- c:\windows\system32\config\systemprofile\PrivacIE

2010-12-13 06:33 . 2010-12-13 06:33 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2010-12-13 06:33 . 2010-12-13 06:33 1060864 ----a-w- c:\windows\system32\mfc71.dll

2010-12-12 06:04 . 2010-12-01 00:48 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-12-12 06:04 . 2010-12-01 00:13 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-12-12 06:04 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-12-12 06:04 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-12-12 04:46 . 2010-12-12 04:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo

2010-12-12 04:32 . 2010-12-13 22:59 -------- dc----w- c:\documents and settings\All Users\Application Data\Boxtools

2010-12-09 23:32 . 2010-12-14 20:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}

2010-12-09 23:32 . 2010-12-09 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-12-09 23:32 . 2010-12-09 23:32 -------- d-----w- c:\program files\Lavasoft

2010-12-04 23:15 . 2010-12-04 23:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skinux

2010-12-04 09:36 . 2008-04-14 11:42 159232 ----a-w- c:\windows\system32\ptpusd.dll

2010-12-04 09:36 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\ptpusb.dll

2010-12-04 09:35 . 2008-04-14 06:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2010-12-04 09:35 . 2008-04-14 06:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2010-12-04 09:31 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll

2010-12-04 09:31 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll

2010-12-04 09:31 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll

2010-12-04 09:31 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll

2010-12-04 09:31 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys

2010-12-04 04:43 . 2010-12-04 04:44 -------- d-----w- c:\program files\Speccy

2010-12-03 18:53 . 2010-12-03 18:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\DonationCoder

2010-12-03 18:52 . 2010-12-03 18:52 -------- dc----w- c:\documents and settings\All Users\Application Data\DonationCoder

2010-12-03 07:22 . 2010-12-03 07:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2010-12-03 07:02 . 2010-12-03 07:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PCHealth

2010-12-02 12:59 . 2010-12-02 12:59 73416 ----a-w- c:\windows\system32\drivers\bdisk.sys

2010-12-02 12:59 . 2010-12-02 12:59 123240 ----a-w- c:\windows\system32\drivers\cbufs.sys

2010-12-02 12:59 . 2010-12-02 12:59 428248 ----a-w- c:\windows\system32\drivers\CBVD.sys

2010-12-02 12:59 . 2010-12-02 12:59 573856 ----a-w- c:\windows\system32\drivers\vdbus.sys

2010-12-02 12:59 . 2010-12-02 12:59 427608 ----a-w- c:\windows\system32\drivers\cbreparse.sys

2010-12-02 08:21 . 2010-12-02 08:21 -------- d-----w- c:\windows\system32\XPSViewer

2010-12-02 08:21 . 2010-12-02 08:21 -------- d-----w- c:\program files\MSBuild

2010-12-02 08:20 . 2010-12-02 08:20 -------- d-----w- c:\program files\Reference Assemblies

2010-12-02 08:20 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-12-02 08:19 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-12-02 08:19 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-12-02 08:19 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-12-02 08:19 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-12-02 08:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-12-02 08:19 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2010-12-02 08:19 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-12-02 08:19 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-12-02 06:45 . 2010-12-12 08:57 178 ----a-w- c:\windows\system32\systemkc.sys

2010-12-02 06:45 . 2010-12-12 08:57 178 ----a-w- C:\rootdrv.drv

2010-12-02 06:45 . 2010-12-02 06:45 602 ----a-w- c:\windows\pscw9561.sys

2010-12-01 21:57 . 2010-12-14 20:34 -------- dc----w- c:\windows\ie8updates

2010-12-01 21:57 . 2010-12-01 21:57 -------- d-----w- c:\program files\MSXML 4.0

2010-12-01 15:54 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-12-01 15:54 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-12-01 15:54 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-12-01 15:53 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys

2010-12-01 15:53 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys

2010-12-01 15:53 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-12-01 15:53 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-12-01 15:52 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-12-01 15:52 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-12-01 15:52 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-12-01 10:37 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe

2010-12-01 10:36 . 2010-04-28 02:25 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-12-01 10:36 . 2010-04-27 13:59 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-12-01 10:36 . 2010-04-27 13:05 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2010-12-01 10:36 . 2010-04-27 13:05 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-12-01 10:35 . 2010-11-06 00:26 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-12-01 10:35 . 2010-11-06 00:26 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-12-01 10:35 . 2010-11-06 00:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-12-01 10:35 . 2010-11-06 00:26 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-12-01 10:35 . 2010-11-06 00:26 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-12-01 10:35 . 2010-11-06 00:26 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-12-01 10:35 . 2010-11-06 00:26 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-12-01 10:33 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll

2010-12-01 10:33 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-12-01 10:26 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-12-01 10:19 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2010-12-01 10:19 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2010-12-01 10:19 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe

2010-12-01 10:19 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2010-12-01 10:19 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2010-12-01 10:19 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2010-12-01 10:19 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2010-12-01 10:19 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll

2010-12-01 10:10 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-12-01 10:09 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-12-01 09:58 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-12-01 09:58 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll

2010-12-01 07:08 . 2010-12-14 20:34 -------- d--h--w- c:\windows\$hf_mig$

2010-12-01 06:09 . 2008-04-14 11:42 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-12-01 05:40 . 2008-04-14 11:42 9728 ------w- c:\windows\system32\ativdaxx.ax

2010-12-01 05:37 . 2010-12-01 05:41 -------- d-----w- c:\windows\ServicePackFiles

2010-12-01 05:36 . 2008-04-14 11:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe

2010-12-01 05:36 . 2008-04-14 11:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe

2010-12-01 01:59 . 2010-12-14 08:05 -------- d-----w- c:\program files\Common Files\Apple

2010-12-01 01:58 . 2010-12-01 01:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple

2010-12-01 01:58 . 2010-12-01 01:58 -------- d-----w- c:\program files\Apple Software Update

2010-12-01 01:58 . 2010-12-01 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-12-01 01:57 . 2010-12-01 01:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer

2010-12-01 01:39 . 2010-12-01 01:39 -------- d-----w- c:\program files\WOT

2010-11-30 04:38 . 2010-11-30 04:38 -------- d-----w- c:\program files\ESET

2010-11-30 03:13 . 2010-11-30 03:13 -------- d-----w- c:\program files\Common Files\Java

2010-11-30 03:12 . 2010-09-15 10:50 472808 ------w- c:\windows\system32\deployJava1.dll

2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-27 22:45 . 2010-11-27 22:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-20 04:32 . 2010-10-04 08:04 21840 -c---tw- c:\windows\system32\SIntfNT.dll

2010-11-20 04:32 . 2010-10-04 08:04 17212 -c---tw- c:\windows\system32\SIntf32.dll

2010-11-20 04:32 . 2010-10-04 08:04 12067 -c---tw- c:\windows\system32\SIntf16.dll

2010-11-18 18:12 . 2010-10-03 02:52 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-13 07:03 . 2010-11-13 07:03 1409 ------w- c:\windows\QTFont.for

2010-11-13 02:55 . 2010-11-13 02:55 398744 ------r- c:\windows\system32\cpnprt2.cid

2010-11-06 00:26 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26 . 2004-08-12 13:21 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26 . 2004-08-12 13:20 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25 . 2004-08-12 13:19 385024 ------w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2004-08-12 13:24 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:13 . 2004-08-12 13:17 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25 . 2004-08-12 13:33 1853312 ----a-w- c:\windows\system32\win32k.sys

2010-10-08 06:36 . 2010-10-08 06:36 28672 ------w- c:\windows\system32\qttask.exe

2010-10-07 18:23 . 2010-10-07 18:23 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-10-07 18:23 . 2010-10-07 18:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2010-10-07 18:23 . 2010-10-07 18:23 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-10-07 18:23 . 2010-10-07 18:23 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-09-18 18:23 . 2004-08-12 13:21 974848 ----a-w- c:\windows\system32\mfc42u.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\COSDriveOverlayIcon]

@="{5FDACB62-6B7B-4116-9403-C5E0D3852A57}"

[HKEY_CLASSES_ROOT\CLSID\{5FDACB62-6B7B-4116-9403-C5E0D3852A57}]

2010-12-02 12:59 627120 ----a-w- e:\my works\back it up\comodo\COMODO BackUp\ShellExtension_3.0.171317.130.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-06 222496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-15 155648]

"avgnt"="e:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-01 281768]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

Secunia PSI.lnk - e:\program files\Secunia\PSI\psi.exe [2010-7-21 965176]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - e:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-6 576104]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^FlipToast.lnk]

path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\FlipToast.lnk

backup=c:\windows\pss\FlipToast.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDDMStatus.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk

backup=c:\windows\pss\WDDMStatus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDSmartWare.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk

backup=c:\windows\pss\WDSmartWare.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boxoft Tools]

2010-12-10 22:42 2990592 ----a-w- c:\documents and settings\All Users\Application Data\Boxtools\Boxofttoolbox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-03-15 10:37 118784 ------w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2007-05-15 22:55 1057328 -c--a-w- e:\program files\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-12-06 05:55 54832 -c--a-w- e:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]

2006-08-17 20:45 249856 -c--a-w- e:\program files\DvD\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2007-04-19 20:26 484904 -c----w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]

2001-09-24 16:39 98304 -c----w- c:\program files\Common Files\Logitech\QCDriver\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 11:42 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 22:57 153136 -c----w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance PDF Reader-reminder]

2008-11-03 19:02 328992 -c----w- c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 23:38 421888 -c--a-w- e:\program files\quicktime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2006-11-23 22:10 56928 -c----w- e:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

2007-05-15 22:55 1628208 -c--a-w- e:\program files\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WDSmartWareBackgroundService"=2 (0x2)

"NBService"=3 (0x3)

"LightScribeService"=2 (0x2)

"InCDsrv"=2 (0x2)

"RichVideo"=2 (0x2)

"NMIndexingService"=3 (0x3)

"lxcf_device"=3 (0x3)

"btwdins"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"g:\\program files\\games 'n' sh**\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 bdisk;COMODO Disk Raw Access Filter;c:\windows\system32\drivers\bdisk.sys [12/2/2010 6:59 AM 73416]

R0 CBUfs;CBUFS;c:\windows\system32\drivers\cbufs.sys [12/2/2010 6:59 AM 123240]

R0 cbvd;Comodo Encrypted Virtual Disk;c:\windows\system32\drivers\CBVD.sys [12/2/2010 6:59 AM 428248]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/14/2010 2:19 PM 64288]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [12/13/2010 3:49 PM 135336]

R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 2:02 PM 1213728]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [10/14/2009 3:31 PM 98304]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [10/4/2010 1:54 AM 11520]

S2 COSService.exe;Comodo Online Storage Service;e:\my works\back it up\comodo\COMODO BackUp\COSService.exe --> e:\my works\back it up\comodo\COMODO BackUp\COSService.exe [?]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 3:05 AM 1389400]

S2 SynchronizationService.exe;Comodo BackUp Service;e:\my works\back it up\comodo\COMODO BackUp\SynchronizationService.exe --> e:\my works\back it up\comodo\COMODO BackUp\SynchronizationService.exe [?]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 8:05 AM 14904]

S3 reparse;Reparse;c:\windows\system32\drivers\cbreparse.sys [12/2/2010 6:59 AM 427608]

S4 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 10:58 AM 20480]

--- Other Services/Drivers In Memory ---

*Deregistered* - Lavasoft Kernexplorer

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-04-19 20:23 452136 -c----w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-12-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 09:05]

2010-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://sn133w.snt133.mail.live.com/default.aspx?wa=wsignin1.0

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6d716cf2.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.smartestcomputing.us.com/index

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\Mozilla Firefox\Mozilla Firefox 4.0 Beta 7\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: Photobucket Uploader em:version=1.3>: pbupload@photobucket.com - %profile%\extensions\pbupload@photobucket.com

FF - Ext: Search Engine Security: {197573FA-9BF9-11DF-9D68-A441DFD72085} - %profile%\extensions\{197573FA-9BF9-11DF-9D68-A441DFD72085}

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

MSConfigStartUp-LXCFCATS - c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-17 01:31

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-1647877149-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,41,b3,4c,96,d6,fb,f2,47,9a,06,78,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,41,b3,4c,96,d6,fb,f2,47,9a,06,78,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,41,b3,4c,96,d6,fb,f2,47,9a,06,78,\

[HKEY_USERS\S-1-5-21-1659004503-1647877149-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2010-12-17 01:35:13

ComboFix-quarantined-files.txt 2010-12-17 07:35

Pre-Run: 11,951,607,808 bytes free

Post-Run: 11,914,584,064 bytes free

- - End Of File - - 5E5A5FF0EA0906BEBC4BE0CB889AEFD1


Share this post


Link to post
Share on other sites

ID: 20   Posted

still alot of junk in there...........

h - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6d716cf2.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.smartestcomputing.us.com/index

FF - prefs.js: network.proxy.type - 0

Does this earn me any browny points?


Share this post


Link to post
Share on other sites

ID: 21   Posted

Do you still use COMODO BackUp, or those are leftovers as well?


Share this post


Link to post
Share on other sites

ID: 22   Posted

Do you still use COMODO BackUp, or those are leftovers as well?
junk

Share this post


Link to post
Share on other sites

ID: 23   Posted

OK...

1. Please open Notepad

  • Click Start , then Run
  • Type notepad .exe in the Run Box.


2. Now copy/paste the entire content of the codebox below into the Notepad window:


File::
c:\windows\system32\drivers\bdisk.sys
c:\windows\system32\drivers\cbufs.sys
c:\windows\system32\drivers\CBVD.sys
e:\my works\back it up\comodo\COMODO BackUp\COSService.exe
e:\my works\back it up\comodo\COMODO BackUp\SynchronizationService.exe


Folder::
c:\documents and settings\All Users\Application Data\NortonInstaller
c:\documents and settings\Administrator\Local Settings\Application Data\Sunbelt Software


Driver::
bdisk
CBUfs
cbvd
COSService.exe
SynchronizationService.exe

[/code]




3. [b]Save[/b] the above as [b]CFScript.txt[/b]

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then [b]drag the CFScript.txt[/b] into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • [b]Combofix.txt [/b]


Share this post


Link to post
Share on other sites

ID: 24   Posted

kids machine

combofix updated itself

combofix did its fifty steps + everything

combofix restarted my machine

dos screens came up okay

windows refuses to load due to...

0x0000007B(0xF789E528, 0xC0000034, 0x00000000, 0x00000000)

something about new hard drives\configeration

run chkdsk/ f

How do wish me to proceed?


Share this post


Link to post
Share on other sites

ID: 25   Posted

run chkdsk/ f

Do it, since it asks you to do it.


Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.