Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: slow start up

  1. #1
    Member
    Join Date
    Nov 2011
    Posts
    5
    Points
    0

    Default slow start up

    First time poster.

    I saw in the requirements three process scanners. It was unclear to me whether I needed one of the three or all three of them.

    Oh well here's what I got.

    Thank you very much in advance.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:50:19 PM, on 11/18/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17103)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Nuance\dgnsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\WINDOWS\twain_32\DELL\MFP1125\Monitor\Stsmon.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SmartToolbar\AutoUpdate.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\BitTorrent\BitTorrent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
    C:\Program Files\Encore\ENUWI-N4 Wireless USB Adapter\WlanCU.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\WINDOWS\system32\msiexec.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Comcast.net | Entertainment | News | Sports | Email | Watch TV Online | Comcast Deals | On Demand
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {29d74f6a-eeee-4669-8907-6394393238cc} - (no file)
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
    O2 - BHO: 3274240 - {879d928d-86ad-4c82-ab7f-329374e93671} - C:\WINDOWS\system32\cbXPhfEX.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [buvudulemi] Rundll32.exe "C:\WINDOWS\system32\jarumala.dll",s
    O4 - HKLM\..\Run: [443a7dd1] rundll32.exe "C:\WINDOWS\system32\beyewowa.dll",b
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
    O4 - HKLM\..\Run: [MFPMonitor] C:\WINDOWS\twain_32\DELL\MFP1125\Monitor\Stsmon.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking11\Ereg.ini
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [waiterror] C:\DOCUME~1\GREGDA~1\APPLIC~1\CITYSI~1\Mediadeaf.exe
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
    O4 - HKCU\..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Auto Update] C:\Program Files\SmartToolbar\AutoUpdate.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe"
    O4 - HKUS\S-1-5-19\..\Run: [buvudulemi] Rundll32.exe "C:\WINDOWS\system32\jarumala.dll",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [buvudulemi] Rundll32.exe "C:\WINDOWS\system32\jarumala.dll",s (User 'NETWORK SERVICE')
    O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
    O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\Encore\ENUWI-N4 Wireless USB Adapter\WlanCU.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46...abblecubes.cab
    O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/select/asusTek_sys_ctrl3.cab
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47...amesLoader.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41...an/hangman.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v47...s/wwspades.cab
    O20 - AppInit_DLLs: vwporc.dll C:\WINDOWS\system32\rofenima.dll c:\windows\system32\mivadulu.dll c:\windows\system32\nawowami.dll sabyij.dll C:\WINDOWS\system32\jesamude.dll c:\windows\system32\zofowoda.dll c:\windows\system32\ketowero.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files\Common Files\Nuance\dgnsvc.exe
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: WLSVC - Unknown owner - C:\Program Files\Encore\ENUWI-N4 Wireless USB Adapter\WLSVC.exe

    --
    End of file - 13390 bytes

  2. #2
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello and welcome to Help2Go

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply' and add the new log to this thread.


    We need to see some information about what is happening in your machine. Please perform the following scan again:

    • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE


    We also need a new log from the GMER anti-rootkit Scanner.

    Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

    Please first disable any CD emulation programs using the steps found in this topic:

    Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:


    Note:
    If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.




    Thanks and again sorry for the delay.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  3. #3
    Member
    Join Date
    Nov 2011
    Posts
    5
    Points
    0

    Default Files

    here are the files you requested.

    hopefully I did it all right

    Thank you for the help!
    Attached Files

  4. #4
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    Lets begin cleaning your machine up.


    1.
    Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If TDSSKiller does not run, try renaming it.
    • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
    • Click the Start Scan button.
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
      Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
    • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C.
    • Copy and paste the contents of that file in your next reply.




    2.
    Install Recovery Console and Run ComboFix

    This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

    Download Combofix from any of the links below, and save it to your desktop.

    Link 1
    Link 2
    • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
    • Close any open windows, including this one.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • If you did not have it installed, you will see the prompt below. Choose YES.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
    should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
    Leave your computer alone while ComboFix is running.
    ComboFix will restart your computer if malware is found; allow it to do so.


    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


    Things to include in your next reply::
    TDssKIller log
    Combofix.txt
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  5. #5
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello.

    Are you still there?

    If you are please follow the instructions in my previous post.

    If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

    Please reply back telling us so. If you don't reply within 1-2 days the topic will need to be closed.

    Thanks for understanding

    With Regards,
    fireman4it
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  6. #6
    Member
    Join Date
    Nov 2011
    Posts
    5
    Points
    0

    Default

    Sorry for the delay, busy weekend.

    ComboFix 11-11-28.02 - Greg David-Craft 11/28/2011 17:30:41.1.2 - FAT32x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.263 [GMT -8:00]
    Running from: c:\documents and settings\Greg David-Craft\Desktop\ComboFix.exe
    AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\0FF263E8.TMP
    c:\documents and settings\All Users\Application Data\TEMP\EE03D6BD.TMP
    c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
    c:\documents and settings\Greg David-Craft\Application Data\alot
    c:\documents and settings\Greg David-Craft\Application Data\facemoods.com
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Greg David-Craft\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Greg David-Craft\My Documents\~WRL0328.tmp
    c:\documents and settings\Greg David-Craft\My Documents\~WRL1240.tmp
    c:\documents and settings\Greg David-Craft\My Documents\~WRL1750.tmp
    c:\documents and settings\Greg David-Craft\My Documents\~WRL1923.tmp
    c:\documents and settings\Greg David-Craft\My Documents\~WRL1932.tmp
    c:\documents and settings\Greg David-Craft\Start Menu\Programs\BitDownload
    c:\documents and settings\Greg David-Craft\Start Menu\Programs\BitDownload\BitDownload Downloads.lnk
    c:\documents and settings\Greg David-Craft\WINDOWS
    c:\program files\Adobe Systems,inc
    c:\program files\Adobe Systems,inc\Flash Video\9.avi
    c:\program files\Mozilla Firefox\extensions\mail@context.help
    c:\program files\Mozilla Firefox\extensions\mail@context.help\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\mail@context.help\chrome\chelp.jar
    c:\program files\Mozilla Firefox\extensions\mail@context.help\defaults\preferences\defaults.js
    c:\program files\Mozilla Firefox\extensions\mail@context.help\install.rdf
    c:\program files\SmartToolbar
    c:\program files\SmartToolbar\AutoUpdate.exe
    c:\program files\SmartToolbar\laa.dll
    c:\program files\SmartToolbar\main.exe
    c:\program files\SmartToolbar\setup.exe
    c:\program files\SmartToolbar\SmartToolbar.txt
    c:\program files\SmartToolbar\temp
    c:\windows\system32\cbXPhfEX.dll
    c:\windows\system32\nnWyIRqr.ini
    c:\windows\system32\nnWyIRqr.ini2
    c:\windows\system32\PWyIPXyb.ini
    c:\windows\system32\PWyIPXyb.ini2
    c:\windows\Tasks\gpxvdqqt.job
    c:\windows\tsoc.log
    c:\windows\WindowsUpdate.log
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-25 20:04 . 2011-11-25 20:04 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-11-16 04:18 . 2011-11-16 04:18 -------- d-----w- c:\program files\iPod
    2011-11-13 19:41 . 2011-11-13 19:41 -------- d-----w- C:\FOUND.030
    2011-11-02 22:33 . 2011-11-02 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCapY
    2011-11-02 22:31 . 2011-11-02 22:31 -------- d-----w- c:\program files\PopCap Games
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-17 04:39 . 2011-05-24 00:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22 . 2007-05-17 03:45 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-09 08:08 . 2011-10-09 08:08 388096 ----a-r- c:\documents and settings\Greg David-Craft\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-10-05 22:14 . 2010-07-06 03:37 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2011-10-05 22:14 . 2010-07-06 03:37 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-10-03 13:06 . 2010-07-12 21:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-03 10:37 . 2007-05-17 08:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-09-28 07:06 . 2002-09-23 23:10 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 19:41 . 2008-07-30 03:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 19:41 . 2001-08-23 20:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 19:41 . 2001-08-23 20:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-06 14:20 . 2001-08-23 20:00 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-09-05 21:24 . 2011-09-05 21:24 249856 ------w- c:\windows\Setup1.exe
    2011-09-05 21:24 . 2011-09-05 21:24 73216 ----a-w- c:\windows\ST6UNST.EXE
    2011-08-31 07:05 . 2011-08-31 07:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-08-31 07:05 . 2011-08-31 07:05 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-08-31 07:05 . 2011-08-31 07:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-08-31 07:05 . 2011-08-31 07:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
    2011-11-10 21:13 . 2011-05-14 17:56 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2010-07-23 222496]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
    "BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2011-05-20 4771184]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
    "CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-11-21 283792]
    "NBKeyScan"="c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-09-24 2254120]
    "MFPMonitor"="c:\windows\twain_32\DELL\MFP1125\Monitor\Stsmon.exe" [2007-08-08 2002944]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-12 7630848]
    "nwiz"="nwiz.exe" [2006-08-12 1519616]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-12 86016]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
    "HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
    "DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
    .
    c:\documents and settings\Jennifer Craft\Start Menu\Programs\Startup\
    Last.fm Helper.lnk - c:\program files\Last.fm\LastFMHelper.exe [N/A]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-5-9 1474631]
    Wireless Configuration Utility.lnk - c:\program files\Encore\ENUWI-N4 Wireless USB Adapter\WlanCU.exe [2010-11-13 360448]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "c:\\Program Files\\Corel\\Graphics10\\Register\\NAVBrowser.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "%windir%\\system32\\drivers\\svchost.exe"=
    "c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    "67:UDP"= 67:UDPHCP Discovery Service
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\symds.sys [10/5/2011 2:14 PM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\symefa.sys [10/5/2011 2:14 PM 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111114.002\BHDrvx86.sys [11/14/2011 11:28 AM 819320]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\ironx86.sys [10/5/2011 2:14 PM 136312]
    R2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [7/23/2010 12:24 PM 296808]
    R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [10/5/2011 2:14 PM 130008]
    R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [11/13/2010 9:16 PM 20480]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/21/2011 10:07 AM 106104]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111128.030\IDSXpx86.sys [11/28/2011 3:38 PM 356280]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2/12/2008 6:05 PM 57440]
    S2 WLSVC;WLSVC;c:\program files\Encore\ENUWI-N4 Wireless USB Adapter\WLSVC.exe [11/13/2010 9:16 PM 167936]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]
    S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [11/17/2010 4:48 PM 29184]
    S3 FNETTHJM;Verbatim Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm.sys [1/5/2011 2:49 PM 24448]
    S3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [10/12/2010 9:59 AM 206072]
    S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 11:54 AM 360547]
    S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [5/31/2008 2:46 PM 453120]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://xfinity.comcast.net/?
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.1
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Greg David-Craft\Application Data\Mozilla\Firefox\Profiles\pi877gs1.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2956131&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/?
    FF - prefs.js: keyword.URL - hxxp://www.sitfy.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=ukA9L4AD&q=
    FF - user.js: keyword.URL - hxxp://www.sitfy.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=ukA9L4AD&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{29d74f6a-eeee-4669-8907-6394393238cc} - (no file)
    HKCU-Run-waiterror - c:\docume~1\GREGDA~1\APPLIC~1\CITYSI~1\Mediadeaf.exe
    HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
    HKCU-Run-Auto Update - c:\program files\SmartToolbar\AutoUpdate.exe
    HKLM-Run-buvudulemi - c:\windows\system32\jarumala.dll
    HKLM-Run-443a7dd1 - c:\windows\system32\beyewowa.dll
    AddRemove-LogoStoreEq - c:\docume~1\GREGDA~1\APPLIC~1\CITYSI~1\Mediadeaf.exe
    AddRemove-{C4B3A7F9-5CD8-4608-B623-689CA3604A08} - c:\documents and settings\Greg David-Craft\Local Settings\Application Data\{68D98ECE-8350-4B76-A666-6DAA2183091C}\RiffTrax Setup.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2011-11-28 17:50
    Windows 5.1.2600 Service Pack 3 FAT NTAPI
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Auto Update = c:\program files\SmartToolbar\AutoUpdate.exe????@???????t??????????????????????????|????????????????????? ??????? ???????;?=??y7?????[???????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-527237240-789336058-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D6CCCEA4-6CAA-6FEF-94A8-66D9B6E0FB28}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-527237240-789336058-839522115-1004\Software\SecuROM\License information*]
    "datasecu"=hex:10,e0,cd,77,a0,67,9d,cc,7b,1b,91,c9,1e,59,62,21,87,88,f7,45,c9,
    04,17,c4,eb,1a,ae,ee,4b,5a,f1,59,c0,d8,e0,8a,76,c1,0b,92,b7,fc,a8,44,a1,80,\
    "rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(1792)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Microsoft Office\OFFICE11\msohev.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\acs.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Nero\Nero BackItUp 4\IoctlSvc.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    c:\windows\system32\RUNDLL32.EXE
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-28 18:00:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-29 02:00
    .
    Pre-Run: 2,748,153,856 bytes free
    Post-Run: 3,399,483,392 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    C:\ = "Microsoft Windows"
    .
    - - End Of File - - E0FB5FCECCF60B7D3CE720EE07C8BAB6

    12:00:23.0694 4696 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
    12:00:25.0522 4696 ============================================================
    12:00:25.0522 4696 Current date / time: 2011/11/25 12:00:25.0522
    12:00:25.0522 4696 SystemInfo:
    12:00:25.0522 4696
    12:00:25.0522 4696 OS Version: 5.1.2600 ServicePack: 3.0
    12:00:25.0522 4696 Product type: Workstation
    12:00:25.0522 4696 ComputerName: LEEFAMILY
    12:00:25.0522 4696 UserName: Greg David-Craft
    12:00:25.0522 4696 Windows directory: C:\WINDOWS
    12:00:25.0522 4696 System windows directory: C:\WINDOWS
    12:00:25.0538 4696 Processor architecture: Intel x86
    12:00:25.0538 4696 Number of processors: 2
    12:00:25.0538 4696 Page size: 0x1000
    12:00:25.0538 4696 Boot type: Normal boot
    12:00:25.0538 4696 ============================================================
    12:00:29.0413 4696 Initialize success
    12:00:46.0319 1492 ============================================================
    12:00:46.0319 1492 Scan started
    12:00:46.0319 1492 Mode: Manual; SigCheck; TDLFS;
    12:00:46.0319 1492 ============================================================
    12:00:47.0991 1492 Abiosdsk - ok
    12:00:48.0132 1492 abp480n5 - ok
    12:00:48.0226 1492 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    12:00:57.0772 1492 ACPI - ok
    12:00:59.0335 1492 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    12:00:59.0788 1492 ACPIEC - ok
    12:01:01.0444 1492 adpu160m - ok
    12:01:02.0757 1492 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
    12:01:02.0897 1492 aeaudio - ok
    12:01:04.0413 1492 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    12:01:04.0726 1492 aec - ok
    12:01:09.0772 1492 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    12:01:09.0866 1492 AegisP ( UnsignedFile.Multi.Generic ) - warning
    12:01:09.0866 1492 AegisP - detected UnsignedFile.Multi.Generic (1)
    12:01:12.0022 1492 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
    12:01:17.0944 1492 Afc - ok
    12:01:20.0663 1492 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    12:01:20.0819 1492 AFD - ok
    12:01:22.0522 1492 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    12:01:22.0866 1492 agp440 - ok
    12:01:26.0413 1492 Aha154x - ok
    12:01:26.0976 1492 aic78u2 - ok
    12:01:27.0554 1492 aic78xx - ok
    12:01:28.0085 1492 AliIde - ok
    12:01:28.0491 1492 Alpham1 (acd2f2df292b6cc28f58095bba63a068) C:\WINDOWS\system32\DRIVERS\Alpham1.sys
    12:01:28.0663 1492 Alpham1 - ok
    12:01:29.0179 1492 Alpham2 (f4fafb2e74b83a156408b1b02302799e) C:\WINDOWS\system32\DRIVERS\Alpham2.sys
    12:01:29.0241 1492 Alpham2 - ok
    12:01:29.0413 1492 amsint - ok
    12:01:29.0585 1492 asc - ok
    12:01:30.0116 1492 asc3350p - ok
    12:01:31.0069 1492 asc3550 - ok
    12:01:31.0210 1492 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    12:01:31.0476 1492 AsyncMac - ok
    12:01:32.0616 1492 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    12:01:32.0929 1492 atapi - ok
    12:01:37.0585 1492 Atdisk - ok
    12:01:38.0726 1492 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    12:01:39.0101 1492 Atmarpc - ok
    12:01:39.0929 1492 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    12:01:40.0257 1492 audstub - ok
    12:01:40.0882 1492 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    12:01:41.0226 1492 Beep - ok
    12:01:42.0944 1492 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111114.002\BHDrvx86.sys
    12:01:43.0397 1492 BHDrvx86 - ok
    12:01:44.0491 1492 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
    12:01:44.0538 1492 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
    12:01:44.0538 1492 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
    12:01:45.0147 1492 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    12:01:45.0538 1492 cbidf2k - ok
    12:01:46.0116 1492 cd20xrnt - ok
    12:01:46.0319 1492 CdaD10BA (841cefab8228ee691705d059e7f21c47) C:\WINDOWS\system32\drivers\CdaD10BA.SYS
    12:01:46.0351 1492 CdaD10BA ( UnsignedFile.Multi.Generic ) - warning
    12:01:46.0351 1492 CdaD10BA - detected UnsignedFile.Multi.Generic (1)
    12:01:46.0476 1492 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    12:01:46.0772 1492 Cdaudio - ok
    12:01:46.0835 1492 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    12:01:47.0132 1492 Cdfs - ok
    12:01:47.0226 1492 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    12:01:47.0507 1492 Cdrom - ok
    12:01:47.0694 1492 Changer - ok
    12:01:47.0866 1492 CmdIde - ok
    12:01:48.0054 1492 Cpqarray - ok
    12:01:48.0210 1492 dac2w2k - ok
    12:01:48.0366 1492 dac960nt - ok
    12:01:48.0507 1492 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    12:01:48.0804 1492 Disk - ok
    12:01:49.0022 1492 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    12:01:49.0397 1492 dmboot - ok
    12:01:49.0694 1492 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    12:01:50.0007 1492 dmio - ok
    12:01:50.0069 1492 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    12:01:50.0522 1492 dmload - ok
    12:01:50.0726 1492 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    12:01:50.0991 1492 DMusic - ok
    12:01:56.0585 1492 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
    12:01:56.0616 1492 DNINDIS5 ( UnsignedFile.Multi.Generic ) - warning
    12:01:56.0616 1492 DNINDIS5 - detected UnsignedFile.Multi.Generic (1)
    12:01:56.0804 1492 dpti2o - ok
    12:01:56.0866 1492 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    12:01:57.0054 1492 drmkaud - ok
    12:01:57.0288 1492 dsiarhwprog (f35b5d0cc142b87e687fc504baa69d82) C:\WINDOWS\system32\Drivers\dsiarhwprog.sys
    12:01:57.0304 1492 dsiarhwprog ( UnsignedFile.Multi.Generic ) - warning
    12:01:57.0304 1492 dsiarhwprog - detected UnsignedFile.Multi.Generic (1)
    12:01:57.0476 1492 E1000 (d94437e7ee086677b266099f695cdea1) C:\WINDOWS\system32\DRIVERS\e1000325.sys
    12:01:57.0538 1492 E1000 - ok
    12:01:57.0772 1492 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    12:01:57.0804 1492 eeCtrl - ok
    12:01:57.0991 1492 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    12:01:58.0007 1492 EraserUtilRebootDrv - ok
    12:01:58.0147 1492 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    12:01:58.0351 1492 Fastfat - ok
    12:01:58.0507 1492 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    12:01:58.0710 1492 Fdc - ok
    12:01:58.0804 1492 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    12:01:59.0007 1492 Fips - ok
    12:01:59.0304 1492 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    12:01:59.0569 1492 Flpydisk - ok
    12:02:00.0054 1492 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    12:02:00.0272 1492 FltMgr - ok
    12:02:00.0366 1492 FNETTHJM (9339335cfaf1ebd80734098ff938b32a) C:\WINDOWS\system32\drivers\fnetthjm.sys
    12:02:00.0397 1492 FNETTHJM ( UnsignedFile.Multi.Generic ) - warning
    12:02:00.0397 1492 FNETTHJM - detected UnsignedFile.Multi.Generic (1)
    12:02:00.0460 1492 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    12:02:00.0694 1492 Fs_Rec - ok
    12:02:00.0772 1492 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    12:02:01.0022 1492 Ftdisk - ok
    12:02:01.0210 1492 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    12:02:01.0226 1492 GEARAspiWDM - ok
    12:02:01.0304 1492 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    12:02:01.0491 1492 Gpc - ok
    12:02:01.0632 1492 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    12:02:01.0819 1492 hidusb - ok
    12:02:01.0991 1492 hpn - ok
    12:02:02.0132 1492 hpt3xx - ok
    12:02:02.0288 1492 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    12:02:02.0397 1492 HPZid412 - ok
    12:02:02.0647 1492 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    12:02:02.0726 1492 HPZipr12 - ok
    12:02:02.0897 1492 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    12:02:02.0929 1492 HPZius12 ( UnsignedFile.Multi.Generic ) - warning
    12:02:02.0929 1492 HPZius12 - detected UnsignedFile.Multi.Generic (1)
    12:02:03.0116 1492 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    12:02:03.0210 1492 HTTP - ok
    12:02:03.0382 1492 i2omgmt - ok
    12:02:03.0522 1492 i2omp - ok
    12:02:03.0601 1492 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    12:02:03.0788 1492 i8042prt - ok
    12:02:04.0007 1492 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    12:02:04.0163 1492 ialm - ok
    12:02:04.0554 1492 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111124.030\IDSxpx86.sys
    12:02:04.0585 1492 IDSxpx86 - ok
    12:02:04.0710 1492 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    12:02:04.0897 1492 Imapi - ok
    12:02:05.0116 1492 ini910u - ok
    12:02:05.0257 1492 IntelIde - ok
    12:02:05.0351 1492 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    12:02:05.0554 1492 intelppm - ok
    12:02:05.0663 1492 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    12:02:05.0866 1492 ip6fw - ok
    12:02:05.0944 1492 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    12:02:06.0163 1492 IpFilterDriver - ok
    12:02:06.0335 1492 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    12:02:06.0507 1492 IpInIp - ok
    12:02:06.0601 1492 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    12:02:06.0788 1492 IpNat - ok
    12:02:06.0866 1492 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    12:02:07.0085 1492 IPSec - ok
    12:02:07.0226 1492 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    12:02:07.0413 1492 IRENUM - ok
    12:02:07.0538 1492 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    12:02:07.0741 1492 isapnp - ok
    12:02:07.0913 1492 JSWSCIMD (335a35f4c6c3eee724201eafcd6ffc46) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
    12:02:07.0944 1492 JSWSCIMD ( UnsignedFile.Multi.Generic ) - warning
    12:02:07.0944 1492 JSWSCIMD - detected UnsignedFile.Multi.Generic (1)
    12:02:08.0132 1492 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    12:02:08.0335 1492 Kbdclass - ok
    12:02:08.0616 1492 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    12:02:08.0788 1492 kbdhid - ok
    12:02:08.0819 1492 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    12:02:09.0022 1492 kmixer - ok
    12:02:09.0194 1492 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    12:02:09.0288 1492 KSecDD - ok
    12:02:09.0522 1492 lbrtfdc - ok
    12:02:09.0632 1492 mfeavfk (26653763d99ea717fc9e069f6be6771e) C:\WINDOWS\system32\drivers\mfeavfk.sys
    12:02:09.0647 1492 mfeavfk - ok
    12:02:09.0804 1492 mfebopk (e65ce1279f2c1fd9bd81184ceb7f5468) C:\WINDOWS\system32\drivers\mfebopk.sys
    12:02:09.0819 1492 mfebopk - ok
    12:02:09.0882 1492 mfehidk (f817bfca67475cf04925ece4fcf9c3c0) C:\WINDOWS\system32\drivers\mfehidk.sys
    12:02:09.0913 1492 mfehidk - ok
    12:02:10.0069 1492 mferkdk (fe03be0b990983a08a33389c00636175) C:\WINDOWS\system32\drivers\mferkdk.sys
    12:02:10.0085 1492 mferkdk - ok
    12:02:11.0116 1492 mfesmfk (9c73aca963ad8883b9fc44b410e70b71) C:\WINDOWS\system32\drivers\mfesmfk.sys
    12:02:11.0132 1492 mfesmfk - ok
    12:02:11.0241 1492 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    12:02:11.0476 1492 mnmdd - ok
    12:02:11.0554 1492 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    12:02:11.0741 1492 Modem - ok
    12:02:11.0851 1492 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    12:02:12.0054 1492 Mouclass - ok
    12:02:12.0147 1492 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    12:02:12.0444 1492 mouhid - ok
    12:02:12.0554 1492 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    12:02:12.0741 1492 MountMgr - ok
    12:02:12.0913 1492 mraid35x - ok
    12:02:12.0991 1492 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    12:02:13.0241 1492 MRxDAV - ok
    12:02:13.0491 1492 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    12:02:13.0632 1492 MRxSmb - ok
    12:02:13.0757 1492 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    12:02:13.0929 1492 Msfs - ok
    12:02:14.0022 1492 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    12:02:14.0226 1492 MSKSSRV - ok
    12:02:14.0335 1492 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    12:02:14.0507 1492 MSPCLOCK - ok
    12:02:14.0585 1492 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    12:02:14.0788 1492 MSPQM - ok
    12:02:15.0069 1492 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    12:02:15.0272 1492 mssmbios - ok
    12:02:15.0507 1492 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    12:02:15.0569 1492 Mup - ok
    12:02:15.0913 1492 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111125.002\NAVENG.SYS
    12:02:15.0929 1492 NAVENG - ok
    12:02:16.0491 1492 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111125.002\NAVEX15.SYS
    12:02:16.0585 1492 NAVEX15 - ok
    12:02:16.0726 1492 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    12:02:16.0944 1492 NDIS - ok
    12:02:17.0054 1492 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    12:02:17.0132 1492 NdisTapi - ok
    12:02:17.0272 1492 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    12:02:17.0491 1492 Ndisuio - ok
    12:02:17.0616 1492 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    12:02:17.0804 1492 NdisWan - ok
    12:02:17.0976 1492 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    12:02:18.0022 1492 NDProxy - ok
    12:02:18.0116 1492 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    12:02:18.0304 1492 NetBIOS - ok
    12:02:18.0397 1492 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    12:02:18.0601 1492 NetBT - ok
    12:02:18.0694 1492 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    12:02:18.0882 1492 Npfs - ok
    12:02:18.0976 1492 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    12:02:19.0226 1492 Ntfs - ok
    12:02:19.0335 1492 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    12:02:19.0569 1492 Null - ok
    12:02:20.0022 1492 nv (5645072033c2e51386e91bc137c0beb5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    12:02:20.0616 1492 nv - ok
    12:02:20.0741 1492 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    12:02:20.0960 1492 NwlnkFlt - ok
    12:02:21.0022 1492 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    12:02:21.0288 1492 NwlnkFwd - ok
    12:02:21.0491 1492 OmniUsb (e6622491f114b8c9cb179011d300c009) C:\WINDOWS\system32\DRIVERS\OmniUsb.sys
    12:02:21.0538 1492 OmniUsb - ok
    12:02:21.0741 1492 OmniUsbl (a20310e06fb9a26753979220fd50382c) C:\WINDOWS\system32\DRIVERS\OmniUsbl.sys
    12:02:21.0772 1492 OmniUsbl - ok
    12:02:21.0866 1492 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    12:02:22.0069 1492 Parport - ok
    12:02:22.0116 1492 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    12:02:22.0319 1492 PartMgr - ok
    12:02:22.0397 1492 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    12:02:22.0616 1492 ParVdm - ok
    12:02:22.0741 1492 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    12:02:22.0929 1492 PCI - ok
    12:02:23.0085 1492 PCIDump - ok
    12:02:23.0851 1492 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    12:02:24.0116 1492 PCIIde - ok
    12:02:24.0335 1492 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    12:02:24.0585 1492 Pcmcia - ok
    12:02:24.0944 1492 PDCOMP - ok
    12:02:25.0085 1492 PDFRAME - ok
    12:02:25.0210 1492 PDRELI - ok
    12:02:25.0351 1492 PDRFRAME - ok
    12:02:25.0491 1492 perc2 - ok
    12:02:25.0632 1492 perc2hib - ok
    12:02:25.0866 1492 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    12:02:26.0069 1492 PptpMiniport - ok
    12:02:26.0132 1492 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    12:02:26.0319 1492 Processor - ok
    12:02:26.0382 1492 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    12:02:26.0632 1492 PSched - ok
    12:02:26.0694 1492 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    12:02:26.0929 1492 Ptilink - ok
    12:02:27.0069 1492 ql1080 - ok
    12:02:27.0210 1492 Ql10wnt - ok
    12:02:27.0351 1492 ql12160 - ok
    12:02:27.0491 1492 ql1240 - ok
    12:02:27.0632 1492 ql1280 - ok
    12:02:27.0694 1492 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    12:02:27.0913 1492 RasAcd - ok
    12:02:28.0085 1492 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    12:02:28.0272 1492 Rasl2tp - ok
    12:02:28.0429 1492 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    12:02:28.0601 1492 RasPppoe - ok
    12:02:28.0647 1492 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    12:02:28.0897 1492 Raspti - ok
    12:02:29.0069 1492 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    12:02:29.0257 1492 Rdbss - ok
    12:02:29.0319 1492 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    12:02:29.0554 1492 RDPCDD - ok
    12:02:29.0632 1492 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    12:02:29.0694 1492 RDPWD - ok
    12:02:29.0897 1492 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    12:02:30.0101 1492 redbook - ok
    12:02:30.0288 1492 RimUsb - ok
    12:02:30.0460 1492 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    12:02:30.0522 1492 RimVSerPort - ok
    12:02:30.0616 1492 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    12:02:30.0835 1492 ROOTMODEM - ok
    12:02:31.0069 1492 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    12:02:31.0272 1492 Secdrv - ok
    12:02:31.0429 1492 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    12:02:31.0616 1492 serenum - ok
    12:02:31.0772 1492 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    12:02:32.0038 1492 Serial - ok
    12:02:32.0210 1492 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    12:02:32.0413 1492 Sfloppy - ok
    12:02:32.0554 1492 Simbad - ok
    12:02:32.0726 1492 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
    12:02:32.0819 1492 smwdm - ok
    12:02:33.0007 1492 Sparrow - ok
    12:02:33.0147 1492 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    12:02:33.0335 1492 splitter - ok
    12:02:33.0491 1492 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    12:02:33.0679 1492 sr - ok
    12:02:33.0913 1492 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS
    12:02:34.0022 1492 SRTSP - ok
    12:02:34.0241 1492 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
    12:02:34.0257 1492 SRTSPX - ok
    12:02:34.0460 1492 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    12:02:34.0569 1492 Srv - ok
    12:02:34.0726 1492 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    12:02:34.0897 1492 swenum - ok
    12:02:35.0054 1492 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    12:02:35.0241 1492 swmidi - ok
    12:02:35.0397 1492 symc810 - ok
    12:02:35.0522 1492 symc8xx - ok
    12:02:35.0757 1492 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
    12:02:35.0788 1492 SymDS - ok
    12:02:36.0069 1492 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
    12:02:36.0132 1492 SymEFA - ok
    12:02:36.0366 1492 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    12:02:36.0382 1492 SymEvent - ok
    12:02:36.0585 1492 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
    12:02:36.0616 1492 SymIRON - ok
    12:02:37.0007 1492 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS
    12:02:37.0085 1492 SYMTDI - ok
    12:02:37.0319 1492 sym_hi - ok
    12:02:37.0476 1492 sym_u3 - ok
    12:02:37.0616 1492 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    12:02:37.0819 1492 sysaudio - ok
    12:02:38.0022 1492 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    12:02:38.0163 1492 Tcpip - ok
    12:02:38.0335 1492 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    12:02:38.0507 1492 TDPIPE - ok
    12:02:38.0663 1492 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    12:02:38.0835 1492 TDTCP - ok
    12:02:39.0007 1492 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    12:02:39.0163 1492 TermDD - ok
    12:02:39.0319 1492 TosIde - ok
    12:02:39.0476 1492 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    12:02:39.0679 1492 Udfs - ok
    12:02:39.0804 1492 ultra - ok
    12:02:39.0929 1492 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    12:02:40.0163 1492 Update - ok
    12:02:40.0366 1492 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
    12:02:40.0429 1492 USBAAPL - ok
    12:02:40.0522 1492 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    12:02:40.0710 1492 usbaudio - ok
    12:02:40.0851 1492 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    12:02:41.0038 1492 usbccgp - ok
    12:02:41.0147 1492 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    12:02:41.0335 1492 usbehci - ok
    12:02:41.0491 1492 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    12:02:41.0663 1492 usbhub - ok
    12:02:41.0819 1492 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    12:02:42.0007 1492 usbprint - ok
    12:02:42.0194 1492 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    12:02:42.0429 1492 usbscan - ok
    12:02:42.0585 1492 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    12:02:42.0804 1492 USBSTOR - ok
    12:02:42.0944 1492 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    12:02:43.0132 1492 usbuhci - ok
    12:02:43.0272 1492 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    12:02:43.0460 1492 VgaSave - ok
    12:02:43.0601 1492 ViaIde - ok
    12:02:43.0741 1492 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    12:02:43.0913 1492 VolSnap - ok
    12:02:44.0038 1492 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    12:02:44.0226 1492 Wanarp - ok
    12:02:44.0366 1492 WDICA - ok
    12:02:44.0491 1492 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    12:02:44.0679 1492 wdmaud - ok
    12:02:44.0866 1492 WLNdis50 (bb2c5a7a555b387b85481b8bde5370d7) C:\WINDOWS\system32\DRIVERS\wlndis50.sys
    12:02:44.0897 1492 WLNdis50 ( UnsignedFile.Multi.Generic ) - warning
    12:02:44.0897 1492 WLNdis50 - detected UnsignedFile.Multi.Generic (1)
    12:02:45.0101 1492 WN111v2 (93ea7d94959bef66d0e4adbc8ce4e073) C:\WINDOWS\system32\DRIVERS\WN111v2.sys
    12:02:45.0226 1492 WN111v2 - ok
    12:02:45.0413 1492 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
    12:02:45.0429 1492 WSIMD ( UnsignedFile.Multi.Generic ) - warning
    12:02:45.0429 1492 WSIMD - detected UnsignedFile.Multi.Generic (1)
    12:02:45.0569 1492 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    12:02:45.0616 1492 WudfPf - ok
    12:02:45.0757 1492 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    12:02:45.0804 1492 WudfRd - ok
    12:02:45.0851 1492 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    12:02:45.0976 1492 \Device\Harddisk0\DR0 - ok
    12:02:45.0991 1492 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    12:02:46.0038 1492 \Device\Harddisk1\DR1 - ok
    12:02:46.0054 1492 Boot (0x1200) (f2495dd91a6b6f7a914da99ac2971e9e) \Device\Harddisk0\DR0\Partition0
    12:02:46.0054 1492 \Device\Harddisk0\DR0\Partition0 - ok
    12:02:46.0054 1492 Boot (0x1200) (fcd8a6f1dff0318c1748cf9f64153fdd) \Device\Harddisk1\DR1\Partition0
    12:02:46.0069 1492 \Device\Harddisk1\DR1\Partition0 - ok
    12:02:46.0069 1492 ============================================================
    12:02:46.0069 1492 Scan finished
    12:02:46.0069 1492 ============================================================
    12:02:46.0210 5248 Detected object count: 10
    12:02:46.0210 5248 Actual detected object count: 10
    12:04:56.0569 5248 C:\WINDOWS\system32\DRIVERS\AegisP.sys - copied to quarantine
    12:04:56.0569 5248 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    12:04:56.0741 5248 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS - copied to quarantine
    12:04:56.0741 5248 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    12:04:56.0944 5248 C:\WINDOWS\system32\drivers\CdaD10BA.SYS - copied to quarantine
    12:04:56.0944 5248 CdaD10BA ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    12:04:58.0944 5248 C:\WINDOWS\system32\DNINDIS5.SYS - copied to quarantine
    12:04:58.0944 5248 DNINDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    12:04:59.0147 5248 C:\WINDOWS\system32\Drivers\dsiarhwprog.sys - copied to quarantine
    12:04:59.0163 5248 dsiarhwprog ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    12:04:59.0319 5248 C:\WINDOWS\system32\drivers\fnetthjm.sys - copied to quarantine
    12:04:59.0319 5248 FNETTHJM ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    12:04:59.0554 5248 C:\WINDOWS\system32\DRIVERS\HPZius12.sys - copied to quarantine
    12:04:59.0554 5248 HPZius12 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    12:04:59.0804 5248 C:\WINDOWS\system32\DRIVERS\jswscimd.sys - copied to quarantine
    12:04:59.0819 5248 JSWSCIMD ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    12:05:00.0694 5248 C:\WINDOWS\system32\DRIVERS\wlndis50.sys - copied to quarantine
    12:05:00.0710 5248 WLNdis50 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    12:05:00.0929 5248 C:\WINDOWS\system32\DRIVERS\wsimd.sys - copied to quarantine
    12:05:00.0929 5248 WSIMD ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    12:06:05.0163 5616 Deinitialize success


    I have not had theat much time to check it but it does seem to be going faster


    Thank you very much for your help!

  7. #7
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    It looks like combofix cleaned up alot of what was slowing you down. Lets do a couple other scans to make sure nothing is left.


    1.
    Please download Malwarebytes Anti-Malware and save it to your desktop.
    • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.

    Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

    • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
      For instructions with screenshots, please refer to this Guide.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

    • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
    • Click on the Scan button.
    • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.

    Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    2.
    I'd like us to scan your machine with ESET OnlineScan
    1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the
        icon on your desktop.
    4. Check "YES, I accept the Terms of Use."
    5. Click the Start button.
    6. Accept any security warnings from your browser.
    7. Under scan settings, check "Scan Archives" and "Remove found threats"
    8. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    10. When the scan completes, click List Threats
    11. Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    12. Click the Back button.
    13. Click the Finish button.



    Things to include in your next reply::
    MBAM log
    Eset log
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  8. #8
    Member
    Join Date
    Nov 2011
    Posts
    5
    Points
    0

    Default

    Thank you for those last round of cleaners
    it is hard to tell if my computer is much faster as Malwarebytes' Anti-Malware seems to be wanting to do something at start up. I just got an error message from Malwarebytes Anti-Malware (something about a task it was unable to do) this last start-up.

    So to let you know what I have done;

    I have followed instructions and ran both Malwarebytes Anti-Malware and ESET OnlineScan here are the results:

    Malwarebytes' Anti-Malware 1.51.2.1300
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 8280

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    11/30/2011 3:25:42 PM
    mbam-log-2011-11-30 (15-25-27).txt

    Scan type: Quick scan
    Objects scanned: 199951
    Time elapsed: 20 minute(s), 9 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\fias4051 (Malware.Trace) -> No action taken.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\greg david-craft\my documents\downloads\videocodecplugin.exe (Spyware.GamePlayLabs) -> No action taken.

    C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\28\286463dc-2933265f a variant of Java/Agent.A trojan deleted - quarantined
    C:\Documents and Settings\Greg David-Craft\My Documents\oi_setup.exe a variant of Win32/Adware.OpenInstall application cleaned by deleting - quarantined
    C:\Documents and Settings\Greg David-Craft\My Documents\Retrogamer.exe a variant of Win32/AdInstaller application cleaned by deleting - quarantined
    C:\Documents and Settings\Greg David-Craft\My Documents\CheatEngine61.exe multiple threats deleted - quarantined
    C:\Documents and Settings\Greg David-Craft\My Documents\DriverSweeper_3.1.0.exe Win32/OpenCandy application deleted - quarantined
    C:\Documents and Settings\Greg David-Craft\My Documents\Downloads\registrybooster.exe Win32/RegistryBooster application deleted - quarantined
    C:\Documents and Settings\Greg David-Craft\My Documents\Downloads\SoftonicDownloader_for_driver-sweeper.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
    C:\Documents and Settings\Greg David-Craft\My Documents\Downloads\SetupGamevance.exe a variant of Win32/Adware.Gamevance.AP application cleaned by deleting - quarantined
    C:\Documents and Settings\Greg David-Craft\My Documents\Terror on Transatlantic 222\oi_setup.exe a variant of Win32/Adware.OpenInstall application cleaned by deleting - quarantined
    C:\Documents and Settings\Greg David-Craft\My Documents\Terror on Transatlantic 222\Facemoods.exe probably a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
    C:\Program Files\Cheat Engine 6.1\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{3C7DE00A-0390-4D25-B6A0-AB0128858EFC}\RP1060\A0277393.exe a variant of Win32/HackTool.CheatEngine.AB application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\nnWyIRqr.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\nnWyIRqr.ini2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\PWyIPXyb.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\PWyIPXyb.ini2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

    After that I restarted the computer (it took a while) then I restarted again (it took a while again) and I got a message from Norton that Malwarebytes Anti-Malwarewas eating a bunch of memory.

  9. #9
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    Yes, it is deleting those files. Please run it again and post the log. Along with the Eset log.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  10. #10
    Member
    Join Date
    Nov 2011
    Posts
    5
    Points
    0

    Default

    Quote Originally Posted by fireman4it View Post
    Hello,

    Yes, it is deleting those files. Please run it again and post the log. Along with the Eset log.
    Sorry, I ran Eset and Malwarebytes' Anti-Malware but forgot to copy the log for Eset, the program said that it didn't find anything, however here is the Malwarebytes' Anti-Malware log

    Malwarebytes' Anti-Malware 1.51.2.1300
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 8297

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    12/3/2011 10:12:34 AM
    mbam-log-2011-12-03 (10-12-33).txt

    Scan type: Quick scan
    Objects scanned: 201520
    Time elapsed: 6 minute(s), 41 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

Page 1 of 2 12 LastLast