1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Blue Screen of Death

Discussion in 'Malware and Virus Removal Archive' started by rkim, 2010/07/27.

Page 2 of 3
  1. 2010/07/29
    rkim

    rkim Inactive Thread Starter

    Joined:
    2010/07/09
    Messages:
    33
    Likes Received:
    0
    I tried to restart the computer multiple times but it would not get passed that screen.
     
    rkim,
    #21
  2. 2010/07/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    If you have Vista DVD...

    start with step 2

    If you don't have Vista DVD...

    1. Create Vista Recovery Disc.

    Option 1:
    http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm

    Option 2:
    Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
    Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

    2. Boot from created disk.
    At first screen click on Repair your computer:
    [​IMG]
    This will bring you to a new screen where the repair process will look for all Windows Vista installations on your computer. When done you will be presented with the System Recovery Options dialog box:
    [​IMG]
    After this, it will present you with a list of options including startup repair, system restore and command prompt:
    [​IMG]
    Select Command Prompt

    Type in:
    bootrec /FixMbr (<--- there is a "space" after "bootrec ")
    and then press Enter

    Once completed then type Exit, press Enter and restart computer.
     
    broni,
    #22


  3. to hide this advert.

  4. 2010/07/29
    rkim

    rkim Inactive Thread Starter

    Joined:
    2010/07/09
    Messages:
    33
    Likes Received:
    0
    Ok I performed all the steps, and it looks like we are back to safe mode w/networking. I tried restarting a few times to see if I could start normally but I still can't but I can at least get back on the internet.
     
    rkim,
    #23
  5. 2010/07/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Well done for now :)

    Please, rerun MBRCheck and post its log.
     
    broni,
    #24
  6. 2010/07/29
    rkim

    rkim Inactive Thread Starter

    Joined:
    2010/07/09
    Messages:
    33
    Likes Received:
    0
    MBRCheck, version 1.1.1

    (c) 2010, AD



    \\.\C: --> \\.\PhysicalDrive0

    \\.\D: --> \\.\PhysicalDrive0



    Size Device Name MBR Status

    --------------------------------------------

    149 GB \\.\PhysicalDrive0 Windows Vista MBR code detected





    Done! Press ENTER to exit...
     
    rkim,
    #25
  7. 2010/07/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Excellent :)

    Delete your Combofix file, download new one and post fresh log.
     
    broni,
    #26
  8. 2010/07/29
    rkim

    rkim Inactive Thread Starter

    Joined:
    2010/07/09
    Messages:
    33
    Likes Received:
    0
    ComboFix 10-07-29.01 - User 07/29/2010 22:23:52.1.2 - x86 NETWORK
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2037.1434 [GMT -7:00]
    Running from: c:\users\User\Desktop\ComboFix.exe
    AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
    SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
    .

    2010-07-30 05:32 . 2010-07-30 05:32 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-07-30 05:32 . 2010-07-30 05:32 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2010-07-30 05:32 . 2010-07-30 05:32 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-07-30 05:22 . 2010-07-30 05:23 -------- d-----w- C:\32788R22FWJFW
    2010-07-29 03:18 . 2010-07-30 05:33 -------- d-----w- c:\users\User\AppData\Local\temp
    2010-07-29 03:03 . 2010-07-29 16:50 -------- d-----w- c:\programdata\Symantec
    2010-07-09 19:15 . 2010-07-09 19:50 4713737214 ----a-w- C:\Backup.zip
    2010-07-09 02:23 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-07-09 02:23 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-07-09 02:23 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-07-09 02:23 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-07-09 02:23 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-07-09 02:23 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
    2010-07-09 02:23 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
    2010-07-09 02:22 . 2010-07-09 02:22 -------- d-----w- c:\programdata\Alwil Software
    2010-07-09 02:22 . 2010-07-09 02:22 -------- d-----w- c:\program files\Alwil Software
    2010-07-09 02:06 . 2010-07-30 05:33 767488 ----a-w- c:\windows\system32\drivers\muikt.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-09 18:54 . 2007-05-10 22:38 1356 ----a-w- c:\users\User\AppData\Local\d3d9caps.dat
    2010-07-09 02:31 . 2007-03-29 03:40 -------- d-----w- c:\program files\Common Files\AOL
    2010-07-09 02:30 . 2007-03-17 02:40 -------- d-----w- c:\programdata\AOL
    2010-06-27 18:48 . 2006-12-18 04:05 12 ----a-w- c:\windows\bthservsdp.dat
    2010-06-18 17:14 . 2010-06-12 05:11 -------- d-----w- c:\programdata\DivX
    2010-06-15 19:11 . 2006-12-18 04:57 -------- d-----w- c:\program files\HP Games
    2010-06-15 19:02 . 2006-12-18 05:02 -------- d-----w- c:\programdata\WildTangent
    2010-06-15 18:58 . 2006-12-18 04:26 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-06-15 18:58 . 2007-07-03 23:45 -------- d-----w- c:\program files\HOTALBUMMyBOX
    2010-06-14 01:42 . 2010-06-14 01:42 -------- d-----w- c:\program files\AviSynth 2.5
    2010-06-12 23:59 . 2009-09-20 23:31 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-06-12 08:12 . 2009-12-14 23:38 -------- d-----w- c:\programdata\Norton
    2010-06-12 07:00 . 2009-01-01 16:37 -------- d-----w- c:\users\User\AppData\Roaming\DivX
    2010-06-12 05:19 . 2010-06-12 05:19 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-06-12 05:17 . 2006-12-18 05:12 -------- d-----w- c:\program files\DivX
    2010-06-12 05:17 . 2010-06-12 05:17 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-06-12 05:17 . 2010-06-12 05:17 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
    2010-06-12 05:17 . 2010-06-12 05:17 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
    2010-06-12 05:17 . 2010-06-12 05:17 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
    2010-06-12 05:16 . 2010-06-12 05:16 84062 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
    2010-06-12 05:16 . 2007-08-05 20:11 -------- d-----w- c:\program files\Common Files\PX Storage Engine
    2010-06-12 05:16 . 2010-06-12 05:16 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
    2010-06-12 05:16 . 2010-06-12 05:16 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
    2010-06-12 05:16 . 2010-06-12 05:16 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
    2010-06-12 05:16 . 2010-06-12 05:16 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
    2010-06-12 05:16 . 2010-06-12 05:16 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
    2010-06-12 05:16 . 2010-06-12 05:16 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
    2010-06-12 05:16 . 2010-06-12 05:16 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
    2010-06-12 05:16 . 2010-06-12 05:16 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
    2010-06-12 05:15 . 2010-06-12 05:15 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
    2010-06-12 05:15 . 2010-06-12 05:15 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
    2010-06-12 05:15 . 2010-06-12 05:15 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
    2010-06-12 05:15 . 2010-06-12 05:15 -------- d-----w- c:\program files\Common Files\DivX Shared
    2010-06-12 05:15 . 2010-06-12 05:15 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
    2010-06-12 05:15 . 2010-06-12 05:15 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
    2010-06-12 05:11 . 2010-06-12 05:17 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
    2010-06-12 05:10 . 2010-06-12 05:17 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
    2010-06-09 10:35 . 2006-12-18 04:50 -------- d-----w- c:\programdata\Microsoft Help
    2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\6685\AdobeARM.exe
    2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\16562\AdobeARM.exe
    2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\6685\AdobeExtractFiles.dll
    2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\16562\AdobeExtractFiles.dll
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\6685\ReaderUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\6685\AcrobatUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\16562\ReaderUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\16562\AcrobatUpdater.exe
    2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
    2010-05-21 21:14 . 2009-10-03 07:27 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-05-07 19:55 . 2010-05-07 19:55 255472 ----a-w- c:\users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-01-11 1232896]
    "HPAdvisor "= "c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-22 1474560]
    "WindowsWelcomeCenter "= "oobefldr.dll" [2006-11-02 2159104]
    "ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
    "Skype "= "c:\program files\Skype\Phone\Skype.exe" [2007-03-12 25590312]
    "Google Update "= "c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-03-01 133104]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2007-04-17 1006264]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
    "ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 107112]
    "osCheck "= "c:\program files\Norton Internet Security\osCheck.exe" [2006-10-27 22696]
    "QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]
    "HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
    "QlbCtrl "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
    "HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-28 46704]
    "WAWifiMessage "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
    "hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "WPCUMI "= "c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
    "CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
    "SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
    "OpwareSE4 "= "c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
    "Symantec PIF AlertEng "= "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
    "DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv "= "grpconv -o" [X]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2008-6-13 1754456]
    HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-17 34520]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux "=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    R1 aswSP;aswSP; [x]
    R2 aswFsBlk;aswFsBlk; [x]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-04-05 106808]
    R3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-29 39048]
    R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-12-19 73472]
    R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-12-19 43904]
    S0 PzWDM;PzWDM;c:\windows\system32\Drivers\PzWDM.sys [2007-07-03 15172]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - COMHOST
    *Deregistered* - muikt

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-107199264-59685293-546543122-1000Core.job
    - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-01 22:50]

    2010-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-107199264-59685293-546543122-1000UA.job
    - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-01 22:50]

    2010-06-12 c:\windows\Tasks\HPCeeScheduleForUser.job
    - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-12-18 00:08]

    2010-06-19 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - User.job
    - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-08 07:48]

    2010-07-09 c:\windows\Tasks\User_Feed_Synchronization-{297E9270-95A0-4BF0-BB95-726FE08D846F}.job
    - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]

    2010-07-08 c:\windows\Tasks\User_Feed_Synchronization-{C4D2EA17-D19B-450E-AE3F-404E3BBD2D96}.job
    - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    LSP: c:\windows\system32\wpclsp.dll
    Handler: gameboxchrome - {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} -
    FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z77dif15.default\
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npJoostPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\User\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-RunOnce-<NO NAME> - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-29 22:33
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\muikt]

    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(836)
    c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
    .
    Completion time: 2010-07-29 22:35:14
    ComboFix-quarantined-files.txt 2010-07-30 05:35
    ComboFix2.txt 2010-07-29 03:18
    ComboFix3.txt 2010-07-29 02:11
    ComboFix4.txt 2010-07-29 01:14

    Pre-Run: 80,243,433,472 bytes free
    Post-Run: 80,244,760,576 bytes free

    - - End Of File - - 8FA186DBD2B62D2019F05CD2CCA7657E
     
    rkim,
    #27
  9. 2010/07/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
c:\windows\system32\drivers\muikt.sys


Folder::
c:\programdata\Symantec
c:\programdata\Norton
c:\program files\Common Files\Symantec Shared
c:\program files\Norton Internet Security


Driver::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "Symantec PIF AlertEng "=-
 "osCheck "=-
 "ccApp "=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
 "GrpConv "=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\muikt]

SecCenter::
{E10A9785-9598-4754-B552-92431C1C35F8}
{7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
{CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
    broni,
    #28
  10. 2010/07/29
    rkim

    rkim Inactive Thread Starter

    Joined:
    2010/07/09
    Messages:
    33
    Likes Received:
    0
    ComboFix 10-07-29.01 - Regina 07/29/2010 23:03:05.1.2 - x86 NETWORK
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2037.1441 [GMT -7:00]
    Running from: c:\users\Regina\Desktop\ComboFix.exe
    Command switches used :: c:\users\Regina\Desktop\CFScript.txt
    SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    * Created a new restore point

    FILE ::
    "c:\windows\system32\drivers\muikt.sys "
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Common Files\Symantec Shared
    c:\program files\Common Files\Symantec Shared\AntiVirus\AV.loc
    c:\program files\Common Files\Symantec Shared\AntiVirus\AVCMPCTL.DLL
    c:\program files\Common Files\Symantec Shared\AntiVirus\AVDEFMGR.DLL
    c:\program files\Common Files\Symantec Shared\AntiVirus\AVEXCLU.DLL
    c:\program files\Common Files\Symantec Shared\AntiVirus\AVIFC.DLL
    c:\program files\Common Files\Symantec Shared\AntiVirus\AVMAIL.DLL
    c:\program files\Common Files\Symantec Shared\AntiVirus\AVMODULE.DLL
    c:\program files\Common Files\Symantec Shared\AntiVirus\AVSCAN.DLL
    c:\program files\Common Files\Symantec Shared\AntiVirus\defexcl.dat
    c:\program files\Common Files\Symantec Shared\AppCore\AppMgr32.dll
    c:\program files\Common Files\Symantec Shared\AppCore\AppPlg32.dll
    c:\program files\Common Files\Symantec Shared\AppCore\AppReg32.dll
    c:\program files\Common Files\Symantec Shared\AppCore\AppSch32.dll
    c:\program files\Common Files\Symantec Shared\AppCore\AppSet32.dll
    c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    c:\program files\Common Files\Symantec Shared\AppCore\AppTrc32.dll
    c:\program files\Common Files\Symantec Shared\ccALEng.dll
    c:\program files\Common Files\Symantec Shared\ccAlert.dll
    c:\program files\Common Files\Symantec Shared\ccApp.exe
    c:\program files\Common Files\Symantec Shared\ccEmlPxy.dll
    c:\program files\Common Files\Symantec Shared\ccErrDsp.dll
    c:\program files\Common Files\Symantec Shared\ccEvtCli.dll
    c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
    c:\program files\Common Files\Symantec Shared\ccEvtPlg.dll
    c:\program files\Common Files\Symantec Shared\ccInst.dll
    c:\program files\Common Files\Symantec Shared\ccL60.dll
    c:\program files\Common Files\Symantec Shared\ccL60U.dll
    c:\program files\Common Files\Symantec Shared\ccLgView.exe
    c:\program files\Common Files\Symantec Shared\CCPD-LC\ez_log.htm
    c:\program files\Common Files\Symantec Shared\CCPD-LC\ez_log.html
    c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
    c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
    c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    c:\program files\Common Files\Symantec Shared\CCPD-LC\symlctnk.dll
    c:\program files\Common Files\Symantec Shared\ccProd.dll
    c:\program files\Common Files\Symantec Shared\ccProSub.dll
    c:\program files\Common Files\Symantec Shared\ccScanW.dll
    c:\program files\Common Files\Symantec Shared\ccSet.dll
    c:\program files\Common Files\Symantec Shared\ccSetEvt.dll
    c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\program files\Common Files\Symantec Shared\ccSetPlg.dll
    c:\program files\Common Files\Symantec Shared\ccSvc.dll
    c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\program files\Common Files\Symantec Shared\ccVrTrst.dll
    c:\program files\Common Files\Symantec Shared\ccWebWnd.dll
    c:\program files\Common Files\Symantec Shared\CF\cfEPack.dll
    c:\program files\Common Files\Symantec Shared\CF\cfLUCbk.dll
    c:\program files\Common Files\Symantec Shared\CF\cfV2Pack.dll
    c:\program files\Common Files\Symantec Shared\CF\Manifests\AVCFREG.DLL
    c:\program files\Common Files\Symantec Shared\CF\Manifests\cfReg.dll
    c:\program files\Common Files\Symantec Shared\CF\Manifests\cltCFReg.dll
    c:\program files\Common Files\Symantec Shared\CF\Manifests\FWCFREG.DLL
    c:\program files\Common Files\Symantec Shared\CF\Manifests\ISCFReg.dll
    c:\program files\Common Files\Symantec Shared\CF\Manifests\ISCOReg.dll
    c:\program files\Common Files\Symantec Shared\CF\Manifests\ISFWReg.dll
    c:\program files\Common Files\Symantec Shared\CF\Manifests\ISVAReg.dll
    c:\program files\Common Files\Symantec Shared\CF\Manifests\uiCFReg.dll
    c:\program files\Common Files\Symantec Shared\CF\Manifests\VACFReg.dll
    c:\program files\Common Files\Symantec Shared\CF\PEP2.dll
    c:\program files\Common Files\Symantec Shared\CF\PEP2S.dll
    c:\program files\Common Files\Symantec Shared\coArbtr.dll
    c:\program files\Common Files\Symantec Shared\COH\AHS.dll
    c:\program files\Common Files\Symantec Shared\COH\sesHlp.dll
    c:\program files\Common Files\Symantec Shared\coShared\Browser\1.0\BrCore.dll
    c:\program files\Common Files\Symantec Shared\coShared\Browser\1.0\BrRules.dll
    c:\program files\Common Files\Symantec Shared\coShared\Browser\1.0\coVisPrx.exe
    c:\program files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll
    c:\program files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    c:\program files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHORes.loc
    c:\program files\Common Files\Symantec Shared\coShared\Common\1.0\coFSPCtl.dll
    c:\program files\Common Files\Symantec Shared\coShared\Common\1.0\coFSPReg.dll
    c:\program files\Common Files\Symantec Shared\coShared\Common\1.0\PackMgr.dll
    c:\program files\Common Files\Symantec Shared\coShared\Common\1.0\Patch25d.dll
    c:\program files\Common Files\Symantec Shared\coShared\Common\1.0\Throttle.xml
    c:\program files\Common Files\Symantec Shared\coShared\Common\1.0\WALuCbk.dll
    c:\program files\Common Files\Symantec Shared\coShared\Common\1.0\WALUCbk.loc
    c:\program files\Common Files\Symantec Shared\coShared\WP\1.0\nppw.dll
    c:\program files\Common Files\Symantec Shared\coShared\WP\1.0\nppw.zip
    c:\program files\Common Files\Symantec Shared\coShared\WP\1.0\nppwBHO.dll
    c:\program files\Common Files\Symantec Shared\coShared\WP\1.0\nppwUI.dll
    c:\program files\Common Files\Symantec Shared\dec_abi.dll
    c:\program files\Common Files\Symantec Shared\DefUtDCD.dll
    c:\program files\Common Files\Symantec Shared\ecmldr32.DLL
    c:\program files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    c:\program files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT
    c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    c:\program files\Common Files\Symantec Shared\Firewall\FWAGENT.DLL
    c:\program files\Common Files\Symantec Shared\Firewall\FWALEIO.DLL
    c:\program files\Common Files\Symantec Shared\Firewall\FWCFG.EXE
    c:\program files\Common Files\Symantec Shared\Firewall\FWCMPCTL.DLL
    c:\program files\Common Files\Symantec Shared\Firewall\FWHELPER.DLL
    c:\program files\Common Files\Symantec Shared\Firewall\FWRULEIO.DLL
    c:\program files\Common Files\Symantec Shared\Firewall\FWRULMTN.DLL
    c:\program files\Common Files\Symantec Shared\Firewall\FWSETUP.DLL
    c:\program files\Common Files\Symantec Shared\Firewall\ICFMGR.DLL
    c:\program files\Common Files\Symantec Shared\Help\CCLGVIEW.CHM
    c:\program files\Common Files\Symantec Shared\Help\disable.chm
    c:\program files\Common Files\Symantec Shared\Help\disable.dll
    c:\program files\Common Files\Symantec Shared\Help\FAQ.chm
    c:\program files\Common Files\Symantec Shared\Help\faq.dll
    c:\program files\Common Files\Symantec Shared\Help\feat_sum.chm
    c:\program files\Common Files\Symantec Shared\Help\feat_sum.dll
    c:\program files\Common Files\Symantec Shared\Help\firewall.chm
    c:\program files\Common Files\Symantec Shared\Help\GUZ_004.chm
    c:\program files\Common Files\Symantec Shared\Help\I_AutoLU.chm
    c:\program files\Common Files\Symantec Shared\Help\IDS.chm
    c:\program files\Common Files\Symantec Shared\Help\IWP_FWcs.chm
    c:\program files\Common Files\Symantec Shared\Help\LU_006.chm
    c:\program files\Common Files\Symantec Shared\Help\LU_006.dll
    c:\program files\Common Files\Symantec Shared\Help\LU_PC.chm
    c:\program files\Common Files\Symantec Shared\Help\LU_PC.dll
    c:\program files\Common Files\Symantec Shared\Help\LU_sub.chm
    c:\program files\Common Files\Symantec Shared\Help\LU_Sub.dll
    c:\program files\Common Files\Symantec Shared\Help\LUALL.CHM
    c:\program files\Common Files\Symantec Shared\Help\Msg_Cntr.chm
    c:\program files\Common Files\Symantec Shared\Help\NAV_001.chm
    c:\program files\Common Files\Symantec Shared\Help\NAV_001.dll
    c:\program files\Common Files\Symantec Shared\Help\NAV_007.chm
    c:\program files\Common Files\Symantec Shared\Help\NAV_dis.chm
    c:\program files\Common Files\Symantec Shared\Help\NAV_feat.chm
    c:\program files\Common Files\Symantec Shared\Help\NAV_mon.chm
    c:\program files\Common Files\Symantec Shared\Help\NAV_opts.chm
    c:\program files\Common Files\Symantec Shared\Help\NAV_pvnt.chm
    c:\program files\Common Files\Symantec Shared\Help\NCO_feat.chm
    c:\program files\Common Files\Symantec Shared\Help\NCO_tool.chm
    c:\program files\Common Files\Symantec Shared\Help\NIS_007.chm
    c:\program files\Common Files\Symantec Shared\Help\NIS_dis.chm
    c:\program files\Common Files\Symantec Shared\Help\NIS_feat.chm
    c:\program files\Common Files\Symantec Shared\Help\NIS_mon.chm
    c:\program files\Common Files\Symantec Shared\Help\NIS_opts.chm
    c:\program files\Common Files\Symantec Shared\Help\NIS_task.chm
    c:\program files\Common Files\Symantec Shared\Help\NIS_unin.chm
    c:\program files\Common Files\Symantec Shared\Help\NPCacct.chm
    c:\program files\Common Files\Symantec Shared\Help\NPCacct.dll
    c:\program files\Common Files\Symantec Shared\Help\options.chm
    c:\program files\Common Files\Symantec Shared\Help\options.dll
    c:\program files\Common Files\Symantec Shared\Help\protect.chm
    c:\program files\Common Files\Symantec Shared\Help\Supt_CPD.chm
    c:\program files\Common Files\Symantec Shared\Help\Supt_CPD.dll
    c:\program files\Common Files\Symantec Shared\Help\SYM_cust.chm
    c:\program files\Common Files\Symantec Shared\Help\SYM_cust.dll
    c:\program files\Common Files\Symantec Shared\Help\SYM_FD.chm
    c:\program files\Common Files\Symantec Shared\Help\SYM_FD.dll
    c:\program files\Common Files\Symantec Shared\Help\SYM_IA.chm
    c:\program files\Common Files\Symantec Shared\Help\SYM_IA.dll
    c:\program files\Common Files\Symantec Shared\Help\SYM_mon.chm
    c:\program files\Common Files\Symantec Shared\Help\SYM_mon.dll
    c:\program files\Common Files\Symantec Shared\Help\SYM_resp.chm
    c:\program files\Common Files\Symantec Shared\Help\SYM_resp.dll
    c:\program files\Common Files\Symantec Shared\Help\SymHelp.chm
    c:\program files\Common Files\Symantec Shared\Help\symhelp.dll
    c:\program files\Common Files\Symantec Shared\Help\SYMstart.chm
    c:\program files\Common Files\Symantec Shared\Help\SYMstart.dll
    c:\program files\Common Files\Symantec Shared\Help\unin.chm
    c:\program files\Common Files\Symantec Shared\Help\unin.dll
    c:\program files\Common Files\Symantec Shared\Help\V_AutoLU.chm
    c:\program files\Common Files\Symantec Shared\Help\v_found.chm
    c:\program files\Common Files\Symantec Shared\IDS\DefUTDCD.dll
    c:\program files\Common Files\Symantec Shared\IDS\IDSAux.dll
    c:\program files\Common Files\Symantec Shared\IDS\IdsInst.exe
    c:\program files\Common Files\Symantec Shared\IDS\IPSPlug.dll
    c:\program files\Common Files\Symantec Shared\IDS\Patch25.dll
    c:\program files\Common Files\Symantec Shared\ISArbit.dll
    c:\program files\Common Files\Symantec Shared\MceAddIn\MceEULA.dll
    c:\program files\Common Files\Symantec Shared\MceAddIn\MceRes.dll
    c:\program files\Common Files\Symantec Shared\MceAddIn\SymAddIn.dat
    c:\program files\Common Files\Symantec Shared\MceAddIn\SymAddIn.xml
    c:\program files\Common Files\Symantec Shared\MceAddIn\SymAdLog.dll
    c:\program files\Common Files\Symantec Shared\MceAddIn\SymLogo.png
    c:\program files\Common Files\Symantec Shared\MceAddIn\SymMcCmd.dll
    c:\program files\Common Files\Symantec Shared\MSL\msl.dll
    c:\program files\Common Files\Symantec Shared\NCOItf.dll
    c:\program files\Common Files\Symantec Shared\NFWEVT.LOG
    c:\program files\Common Files\Symantec Shared\NPC\DataPvdr.dll
    c:\program files\Common Files\Symantec Shared\NPC\LoadOpts.exe
    c:\program files\Common Files\Symantec Shared\NPC\npcTRAY.dll
    c:\program files\Common Files\Symantec Shared\NPC\npcTRAY.LOC
    c:\program files\Common Files\Symantec Shared\NPC\npcWmiCl.dll
    c:\program files\Common Files\Symantec Shared\NPC\npcWmiDt.dll
    c:\program files\Common Files\Symantec Shared\NPC\npcWmiMn.dll
    c:\program files\Common Files\Symantec Shared\NPC\NSCEXT.DLL
    c:\program files\Common Files\Symantec Shared\NPC\NSCEXT.LOC
    c:\program files\Common Files\Symantec Shared\NPC\NSCHlpr2.dll
    c:\program files\Common Files\Symantec Shared\NPC\NSCPLUG2.dll
    c:\program files\Common Files\Symantec Shared\NPC\NSCWSCR2.DLL
    c:\program files\Common Files\Symantec Shared\NPC\NSCWSCR2.LOC
    c:\program files\Common Files\Symantec Shared\NPC\Options.dll
    c:\program files\Common Files\Symantec Shared\NPC\Options.loc
    c:\program files\Common Files\Symantec Shared\NPC\pcStatus.dll
    c:\program files\Common Files\Symantec Shared\NPC\pcStatus.loc
    c:\program files\Common Files\Symantec Shared\NPC\PEPEvnt.dll
    c:\program files\Common Files\Symantec Shared\NPC\uiBtPlg.dll
    c:\program files\Common Files\Symantec Shared\NPC\UICntnr.dll
    c:\program files\Common Files\Symantec Shared\NPC\UICntnr.loc
    c:\program files\Common Files\Symantec Shared\NPC\uiLicPlg.dll
    c:\program files\Common Files\Symantec Shared\NPC\uiStub.exe
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\ActComp.dll
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CfgWiz.exe
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CfgWiz.tlb
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\clt06PIN.dll
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltBTPgS.dll
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltBTPlg.dll
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltEndPt.dll
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CLTNetCN.dll
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltPIPlg.dll
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CLTSComp.dll
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUAC.exe
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CUWShr.Loc
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CUWUtils.dll
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\EULAComp.dll
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\ewoc.dll
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\ewoc.loc
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\LicPlug.dll
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\LicPlug.loc
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SSAutoRN.exe
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SubComp.dll
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SubStats.dll
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SubStats.loc
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCAbt.dll
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCAbt.loc
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SYMCUW.exe
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCUW.loc
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymHost.dll
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymHost.loc
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymLCUI.dll
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymLTCOM.dll
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymSubWz.dll
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymUIAx2.ocx
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymUIHlp.dll
    c:\program files\Common Files\Symantec Shared\Options\CLTWrap2.dll
    c:\program files\Common Files\Symantec Shared\Options\VTCache.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertUi.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcGlobal.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcmhSvar.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcProd.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages\09\01\AlertEng.loc
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages\fallback.dat
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\lun.ico
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhDSA.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhSched.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhUpgr.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\pifCrawl.exe
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifPep06.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifPep07.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollMgr.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\readme.txt
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\SymHTML.dll
    c:\program files\Common Files\Symantec Shared\QBACKUP.DLL
    c:\program files\Common Files\Symantec Shared\rcAlert.dll
    c:\program files\Common Files\Symantec Shared\rcApp.dll
    c:\program files\Common Files\Symantec Shared\rcEmlPxy.dll
    c:\program files\Common Files\Symantec Shared\rcErrDsp.dll
    c:\program files\Common Files\Symantec Shared\rcLgView.dll
    c:\program files\Common Files\Symantec Shared\rcSvcHst.dll
    c:\program files\Common Files\Symantec Shared\SecurityHistory\MCMGR32.dll
    c:\program files\Common Files\Symantec Shared\SecurityHistory\MCRES.loc
    c:\program files\Common Files\Symantec Shared\SecurityHistory\MCUI32.exe
    c:\program files\Common Files\Symantec Shared\SEVINST.EXE
    c:\program files\Common Files\Symantec Shared\SHAxRes.loc
    c:\program files\Common Files\Symantec Shared\SMNLnch.exe
    c:\program files\Common Files\Symantec Shared\SNDSvc.dll
    c:\program files\Common Files\Symantec Shared\SNDunin.dll
    c:\program files\Common Files\Symantec Shared\SPBBC\2010-07-04-19ff.kc
    c:\program files\Common Files\Symantec Shared\SPBBC\bbRGen.dll
    c:\program files\Common Files\Symantec Shared\SPBBC\ccTrstPc.dll
    c:\program files\Common Files\Symantec Shared\SPBBC\init.kc
    c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.CAT
    c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.inf
    c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll
    c:\program files\Common Files\Symantec Shared\SPBBC\SPLVPlug.dll
    c:\program files\Common Files\Symantec Shared\SPBBC\SPLVPRes.dll
    c:\program files\Common Files\Symantec Shared\SPBBC\TPDef.dat
    c:\program files\Common Files\Symantec Shared\SPBBC\TProcPlg.dll
    c:\program files\Common Files\Symantec Shared\SPBBC\UpdMgr.exe
    c:\program files\Common Files\Symantec Shared\SPManifests\AlertEng.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\AlertEng.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\AlertEng.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\AppCore.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\AppCore.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\AppCore.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\AV.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\AV.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\AV.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\BHOFrame.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\BHOFrame.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\BHOFrame.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\ccCommon.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\ccCommon.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\ccCommon.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\ccOEH.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\ccOEH.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\ccOEH.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\CfgWiz.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\CfgWiz.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\CfgWiz.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\CfgWzRes.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\CfgWzRes.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\CfgWzRes.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\CFGWZTLB.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\CFGWZTLB.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\CfgWzTLB.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\cfLUCbk.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\cfLUCbk.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\cfLUCbk.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\CIDS.GRD
    c:\program files\Common Files\Symantec Shared\SPManifests\CIDS.SIG
    c:\program files\Common Files\Symantec Shared\SPManifests\CIDS.SPM
    c:\program files\Common Files\Symantec Shared\SPManifests\CLTNetCn.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\CLTNetCn.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\CLTNetCn.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\CLTWrap.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\CLTWrap.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\CLTWrap.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\COHCfg.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\COHCfg.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\COHCfg.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\comHost.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\comHost.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\comHost.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\dec_abi.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\dec_abi.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\dec_abi.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\DefAlert.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\DefAlert.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\DefAlert.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\DRMCOMMD.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\DRMCOMMD.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\DRMCOMMD.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\eraser.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\eraser.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\eraser.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\FWINST.GRD
    c:\program files\Common Files\Symantec Shared\SPManifests\FWINST.SIG
    c:\program files\Common Files\Symantec Shared\SPManifests\FWINST.SPM
    c:\program files\Common Files\Symantec Shared\SPManifests\fwPlugin.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\fwPlugin.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\fwPlugin.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\IDSDefs.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\IDSDefs.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\IDSDefs.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\ISArbit.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\ISArbit.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\ISArbit.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\ISCfgWiz.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\ISCfgWiz.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\ISCfgWiz.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\ISCUWReg.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\ISCUWReg.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\ISCUWReg.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\ISGlobal.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\ISGlobal.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\ISGlobal.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\ISLAlert.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\ISLAlert.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\ISLAlert.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\ISLUClbk.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\ISLUClbk.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\ISLUClbk.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\ISMCEAdd.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\ISMCEAdd.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\ISMCEAdd.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\ISNmObj.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\ISNmObj.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\ISNmObj.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\isPwd.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\isPwd.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\isPwd.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\isPwdSvc.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\isPwdSvc.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\isPwdSvc.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\isRes.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\isRes.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\isRes.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\ISSTE.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\ISSTE.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\ISSTE.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\ISUAC.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\ISUAC.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\ISUAC.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\MsgCntr.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\MsgCntr.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\MsgCntr.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\MSLight.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\MSLight.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\MSLight.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\NAV.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\NAV.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\NAV.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\NAV_Dirs.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\NAV_Dirs.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\NAV_Dirs.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\NAV_Krnl.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\NAV_Krnl.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\NAV_Krnl.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\NAVError.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\NAVError.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\NAVError.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\NAVEvent.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\NAVEvent.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\NAVEvent.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\navlucbk.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\navlucbk.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\navlucbk.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\NAVOpts.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\NAVOpts.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\NAVOpts.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\NAVParen.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\NAVParen.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\NAVParen.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\NAVPatch.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\NAVPatch.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\NAVPatch.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\NAVUI.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\NAVUI.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\NAVUI.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\Navw32.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\Navw32.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\Navw32.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\NISProd.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\NISProd.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\NISProd.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\npc2007.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\npc2007.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\npc2007.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\OEM.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\OEM.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\OEM.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\OpenCmd.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\OpenCmd.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\OpenCmd.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\osCheck.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\osCheck.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\osCheck.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\PEP2.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\PEP2.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\PEP2.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\PifCore.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\PifCore.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\PifCore.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\PtchInst.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\PtchInst.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\PtchInst.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\Scnrs.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\Scnrs.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\Scnrs.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\ShrdRent.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\ShrdRent.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\ShrdRent.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\SMNLnch.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\SMNLnch.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\SMNLnch.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\Snd.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\Snd.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\Snd.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\SPBBC.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\SPBBC.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\SPBBC.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\SPLVPlug.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\SPLVPlug.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\SPLVPlug.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\srt.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\srt.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\srt.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\SubInst.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\SubInst.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\SubInst.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\SyKnAppS.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\SyKnAppS.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\SyKnAppS.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\SymCAbt.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\SymCAbt.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\SymCAbt.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\symcleng.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\symcleng.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\symcleng.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\Symcuw.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\Symcuw.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\Symcuw.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.GRD
    c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SIG
    c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SPM
    c:\program files\Common Files\Symantec Shared\SPManifests\SymHtml.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\SymHtml.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\SymHtml.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\SYMLCUI.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\SYMLCUI.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\SYMLCUI.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\symsetup.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\symsetup.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\symsetup.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\SymSHAx.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\SymSHAx.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\SymSHAx.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\SymTheme.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\SymTheme.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\SymTheme.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\Toolbar.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\Toolbar.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\Toolbar.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\VA.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\VA.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\VA.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\VTCache.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\VTCache.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\VTCache.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\WebProt.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\WebProt.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\Webprot.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\WPWALU.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\WPWALU.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\WPWALU.spm
    c:\program files\Common Files\Symantec Shared\SRTSP\SavRT32.dll
    c:\program files\Common Files\Symantec Shared\SRTSP\Srtsp32.dll
    c:\program files\Common Files\Symantec Shared\SRTSP\srtUnin.dll
    c:\program files\Common Files\Symantec Shared\SubmissionEngine\SUBCONN.dll
    c:\program files\Common Files\Symantec Shared\SubmissionEngine\subeng.dll
    c:\program files\Common Files\Symantec Shared\SubmissionEngine\SUBRES.loc
    c:\program files\Common Files\Symantec Shared\SubmissionEngine\SUBUPDT.exe
    c:\program files\Common Files\Symantec Shared\SymHTML\1.0\SymHTML.dll
    c:\program files\Common Files\Symantec Shared\SymHTML\shtmbase.dll
    c:\program files\Common Files\Symantec Shared\SymNeti.dll
    c:\program files\Common Files\Symantec Shared\SymRedir.dll
    c:\program files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe
    c:\program files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.loc
    c:\program files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\ccL60U.dll
    c:\program files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\msvcp71.dll
    c:\program files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\msvcr71.dll
    c:\program files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\Setup\Setup\APP\isRes.dll
    c:\program files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\Support\Reporter\Reporter.exe
    c:\program files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\Support\Reporter\Reporter.loc
    c:\program files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\SymHTML.dll
    c:\program files\Common Files\Symantec Shared\SymSHAx.dll
    c:\program files\Common Files\Symantec Shared\SymTheme\sthmbase.dll
    c:\program files\Common Files\Symantec Shared\VAScanner\comHost.exe
    c:\program files\Common Files\Symantec Shared\VAScanner\HLM.bin
    c:\program files\Common Files\Symantec Shared\VAScanner\HNT.bin
    c:\program files\Common Files\Symantec Shared\VAScanner\SAM.dll
    c:\program files\Common Files\Symantec Shared\VAScanner\VACmpCtl.dll
    c:\program files\Common Files\Symantec Shared\VAScanner\VACtrl.dll
    c:\program files\Common Files\Symantec Shared\VAScanner\VACtrlRs.dll
    c:\program files\Common Files\Symantec Shared\VAScanner\VAEngn.dll
    c:\program files\Common Files\Symantec Shared\VAScanner\VAEngnPS.dll
    c:\program files\Common Files\Symantec Shared\VAScanner\VAMngr.dll
    c:\program files\Common Files\Symantec Shared\VAScanner\VAMngrPS.dll
    c:\program files\Common Files\Symantec Shared\VAScanner\VAScanPS.dll
    c:\program files\Norton Internet Security
    c:\program files\Norton Internet Security\AlertRes.dll
    c:\program files\Norton Internet Security\Ales.bin
    c:\program files\Norton Internet Security\Branding.ini
    c:\program files\Norton Internet Security\cfgwiz.dat
    c:\program files\Norton Internet Security\CfgWzRes.dll
    c:\program files\Norton Internet Security\CLTVault.dll
    c:\program files\Norton Internet Security\comms.txt
    c:\program files\Norton Internet Security\DefRules.xml
    c:\program files\Norton Internet Security\fwAlert.dll
    c:\program files\Norton Internet Security\fwAlRes.dll
    c:\program files\Norton Internet Security\fwEvent.dll
    c:\program files\Norton Internet Security\fwMCPlug.dll
    c:\program files\Norton Internet Security\fwPlugin.dll
    c:\program files\Norton Internet Security\IDSDefs\CATALOG.DAT
    c:\program files\Norton Internet Security\IDSDefs\IDS9xx86.dll
    c:\program files\Norton Internet Security\IDSDefs\IDSVia64.cat
    c:\program files\Norton Internet Security\IDSDefs\IDSVia64.INF
    c:\program files\Norton Internet Security\IDSDefs\IDSviA64.sys
    c:\program files\Norton Internet Security\IDSDefs\IDSVix86.cat
    c:\program files\Norton Internet Security\IDSDefs\IDSVix86.INF
    c:\program files\Norton Internet Security\IDSDefs\IDSvix86.sys
    c:\program files\Norton Internet Security\IDSDefs\IDSxpx86.dll
    c:\program files\Norton Internet Security\IDSDefs\Metadata.dat
    c:\program files\Norton Internet Security\IDSDefs\sigs.dat
    c:\program files\Norton Internet Security\IDSDefs\SymIDSCo.sys
    c:\program files\Norton Internet Security\IDSDefs\SymIDSCo.vxd
    c:\program files\Norton Internet Security\IDSDefs\SymIDSI.dll
    c:\program files\Norton Internet Security\IDSDefs\v.grd
    c:\program files\Norton Internet Security\IDSDefs\v.sig
    c:\program files\Norton Internet Security\IDSDefs\VIRSCAN1.DAT
    c:\program files\Norton Internet Security\IDSDefs\zdone.dat
    c:\program files\Norton Internet Security\IDSUI.dll
    c:\program files\Norton Internet Security\IMCfg.dll
    c:\program files\Norton Internet Security\isAbout.dll
    c:\program files\Norton Internet Security\isBTPlg.dll
    c:\program files\Norton Internet Security\ISBTPlgS.dll
    c:\program files\Norton Internet Security\ISDataCl.dll
    c:\program files\Norton Internet Security\ISDataSv.dll
    c:\program files\Norton Internet Security\isError.dll
    c:\program files\Norton Internet Security\isError.loc
    c:\program files\Norton Internet Security\ISLAlert.dll
    c:\program files\Norton Internet Security\ISPrdCtl.dll
    c:\program files\Norton Internet Security\isPwd.dll
    c:\program files\Norton Internet Security\isPwdSvc.exe
    c:\program files\Norton Internet Security\isRes.dll
    c:\program files\Norton Internet Security\isStatus.dll
    c:\program files\Norton Internet Security\isStatus.loc
    c:\program files\Norton Internet Security\ISSvc.dll
    c:\program files\Norton Internet Security\isUAC.exe
    c:\program files\Norton Internet Security\MCPlgRes.dll
    c:\program files\Norton Internet Security\NisCfgWz.dll
    c:\program files\Norton Internet Security\NISLUCBK.DLL
    c:\program files\Norton Internet Security\NisLVPlg.dll
    c:\program files\Norton Internet Security\NISOpRes.dll
    c:\program files\Norton Internet Security\nisoptui.dll
    c:\program files\Norton Internet Security\nisoptui.exe
    c:\program files\Norton Internet Security\NISProd.dll
    c:\program files\Norton Internet Security\nisres.dll
    c:\program files\Norton Internet Security\NisTray.dll
    c:\program files\Norton Internet Security\NISTrRes.dll
    c:\program files\Norton Internet Security\NISVER.dat
    c:\program files\Norton Internet Security\Norton AntiVirus\AVApp.log
    c:\program files\Norton Internet Security\Norton AntiVirus\AVError.log
    c:\program files\Norton Internet Security\Norton AntiVirus\AVPAPP32.dll
    c:\program files\Norton Internet Security\Norton AntiVirus\AVPAPP32.loc
    c:\program files\Norton Internet Security\Norton AntiVirus\AVPSVC32.dll
    c:\program files\Norton Internet Security\Norton AntiVirus\AVPSVC32.loc
    c:\program files\Norton Internet Security\Norton AntiVirus\avScanUI.dll
    c:\program files\Norton Internet Security\Norton AntiVirus\avScanUI.loc
    c:\program files\Norton Internet Security\Norton AntiVirus\avScnTsk.dll
    c:\program files\Norton Internet Security\Norton AntiVirus\avScnTsk.loc
    c:\program files\Norton Internet Security\Norton AntiVirus\AVSubmit.dll
    c:\program files\Norton Internet Security\Norton AntiVirus\AVSubmit.loc
    c:\program files\Norton Internet Security\Norton AntiVirus\AVVirus.log
    c:\program files\Norton Internet Security\Norton AntiVirus\CfgWiz.dat
    c:\program files\Norton Internet Security\Norton AntiVirus\CfgWzRes.dll
    c:\program files\Norton Internet Security\Norton AntiVirus\DefAlert.dll
    c:\program files\Norton Internet Security\Norton AntiVirus\DefAlert.loc
    c:\program files\Norton Internet Security\Norton AntiVirus\end_user.txt
    c:\program files\Norton Internet Security\Norton AntiVirus\NAVCfgWz.dll
    c:\program files\Norton Internet Security\Norton AntiVirus\NAVError.dll
    c:\program files\Norton Internet Security\Norton AntiVirus\NavError.loc
    c:\program files\Norton Internet Security\Norton AntiVirus\NAVEvent.dll
    c:\program files\Norton Internet Security\Norton AntiVirus\NAVLogV.dll
    c:\program files\Norton Internet Security\Norton AntiVirus\NAVLogV.loc
    c:\program files\Norton Internet Security\Norton AntiVirus\NAVLUCBK.dll
    c:\program files\Norton Internet Security\Norton AntiVirus\NAVLUCbk.loc
    c:\program files\Norton Internet Security\Norton AntiVirus\navopts.dat
    c:\program files\Norton Internet Security\Norton AntiVirus\navopts.def
    c:\program files\Norton Internet Security\Norton AntiVirus\NAVOpts.dll
    c:\program files\Norton Internet Security\Norton AntiVirus\NavOpts.loc
    c:\program files\Norton Internet Security\Norton AntiVirus\navprod.dll
    c:\program files\Norton Internet Security\Norton AntiVirus\NavProd.loc
    c:\program files\Norton Internet Security\Norton AntiVirus\NavShcom.exe
    c:\program files\Norton Internet Security\Norton AntiVirus\NavShcPS.dll
    c:\program files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    c:\program files\Norton Internet Security\Norton AntiVirus\NAVShExt.loc
    c:\program files\Norton Internet Security\Norton AntiVirus\NAVStub.exe
    c:\program files\Norton Internet Security\Norton AntiVirus\NavStub.loc
    c:\program files\Norton Internet Security\Norton AntiVirus\NAVTskWz.dll
    c:\program files\Norton Internet Security\Norton AntiVirus\NAVTskWz.loc
    c:\program files\Norton Internet Security\Norton AntiVirus\NAVUIHTM.dll
    c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe
    c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.loc
    c:\program files\Norton Internet Security\Norton AntiVirus\Navwnt.exe
    c:\program files\Norton Internet Security\Norton AntiVirus\OEHeur.dll
    c:\program files\Norton Internet Security\Norton AntiVirus\OfficeAV.dll
    c:\program files\Norton Internet Security\Norton AntiVirus\patch25d.dll
    c:\program files\Norton Internet Security\Norton AntiVirus\PtchInst.dll
    c:\program files\Norton Internet Security\Norton AntiVirus\rcOffcAV.dll
    c:\program files\Norton Internet Security\Norton AntiVirus\README.TXT
    c:\program files\Norton Internet Security\Norton AntiVirus\scancfg.dat
    c:\program files\Norton Internet Security\Norton AntiVirus\VERSION.DAT
    c:\program files\Norton Internet Security\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\ActComp.Loc
    c:\program files\Norton Internet Security\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CfgWiz.loc
    c:\program files\Norton Internet Security\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CLTSComp.loc
    c:\program files\Norton Internet Security\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CUWShr.Loc
    c:\program files\Norton Internet Security\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CUWUtils.Loc
    c:\program files\Norton Internet Security\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\EULAComp.Loc
    c:\program files\Norton Internet Security\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\ewoc.loc
    c:\program files\Norton Internet Security\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\LicPlug.loc
    c:\program files\Norton Internet Security\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\ProdKey.htm
    c:\program files\Norton Internet Security\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SubComp.Loc
    c:\program files\Norton Internet Security\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SubStats.loc
    c:\program files\Norton Internet Security\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCUW.loc
    c:\program files\Norton Internet Security\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymSubWz.loc
    c:\program files\Norton Internet Security\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymUIRes.loc
    c:\program files\Norton Internet Security\osCheck.exe
    c:\program files\Norton Internet Security\PgmCtl.dll
    c:\program files\Norton Internet Security\PtchInst.dll
    c:\program files\Norton Internet Security\readme.txt
    c:\program files\Norton Internet Security\RuleUI.dll
    c:\program files\Norton Internet Security\SetEvtHp.dll
    c:\program files\Norton Internet Security\SNLog.dll
    c:\program files\Norton Internet Security\SNRes.dll
    c:\program files\Norton Internet Security\VAUI.dll
    c:\program files\Norton Internet Security\VAUIOpt.dll
    c:\program files\Norton Internet Security\VAUIRes.dll
    c:\programdata\Norton
    c:\programdata\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI
    c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\isolate.ini
    c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\Module9000.txt
    c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\Norton\Connections\connections.dat
    c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\Norton\itbLUReg\{65190544-26C3-43a4-A78A-694964901607}.dat
    c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\Norton\itbLUReg\{6E3396BD-C6A6-4f0f-9254-267F9058FEC4}.dat
    c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\Norton\itbLUReg\{71B3DD3A-BC1F-40cc-A74F-C0C30DFCE7D5}.dat
    c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\Norton\itbLUReg\{D4F4CC32-7A41-4684-AE57-41E59E9B4503}.dat
    c:\programdata\Norton\{NIS_NUC_prod_1.19_17.6.0.32}-1.log
    c:\programdata\Norton\NUA.exe
    c:\programdata\Norton\symdata.xml
    c:\programdata\Norton\telemetry.txt
    c:\programdata\Norton\URLS-{NIS_NUC_prod_1.19_17.6.0.32}-1.txt
    c:\programdata\Symantec
    c:\programdata\Symantec\Common Client\settings.bak
    c:\programdata\Symantec\Common Client\settings.dat
    c:\windows\system32\drivers\muikt.sys . . . . failed to delete

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
     
    rkim,
    #29
  11. 2010/07/29
    rkim

    rkim Inactive Thread Starter

    Joined:
    2010/07/09
    Messages:
    33
    Likes Received:
    0
    -------\Legacy_comHost
    -------\Legacy_eeCtrl
    -------\Legacy_EraserUtilRebootDrv
    -------\Legacy_muikt
    -------\Legacy_SPBBCDrv
    -------\Legacy_comHost
    -------\Legacy_eeCtrl
    -------\Legacy_EraserUtilRebootDrv
    -------\Legacy_SPBBCDrv
    -------\Service_CLTNetCnService
    -------\Service_comHost
    -------\Service_eeCtrl
    -------\Service_EraserUtilRebootDrv
    -------\Service_ISPwdSvc
    -------\Service_LiveUpdate Notice Ex
    -------\Service_LiveUpdate Notice Service
    -------\Service_muikt
    -------\Service_SPBBCDrv
    -------\Service_SymAppCore
    -------\Service_CLTNetCnService
    -------\Service_comHost
    -------\Service_eeCtrl
    -------\Service_EraserUtilRebootDrv
    -------\Service_ISPwdSvc
    -------\Service_LiveUpdate Notice Ex
    -------\Service_LiveUpdate Notice Service
    -------\Service_SPBBCDrv
    -------\Service_SymAppCore


    ((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
    .

    2010-07-30 06:13 . 2010-07-30 06:17 -------- d-----w- c:\users\Regina\AppData\Local\temp
    2010-07-30 06:13 . 2010-07-30 06:13 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-07-30 06:13 . 2010-07-30 06:13 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2010-07-30 06:13 . 2010-07-30 06:13 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-07-30 06:01 . 2010-07-30 06:02 -------- d-----w- C:\32788R22FWJFW
    2010-07-09 19:15 . 2010-07-09 19:50 4713737214 ----a-w- C:\Backup.zip
    2010-07-09 02:23 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-07-09 02:23 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-07-09 02:23 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-07-09 02:23 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-07-09 02:23 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-07-09 02:23 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
    2010-07-09 02:23 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
    2010-07-09 02:22 . 2010-07-09 02:22 -------- d-----w- c:\programdata\Alwil Software
    2010-07-09 02:22 . 2010-07-09 02:22 -------- d-----w- c:\program files\Alwil Software
    2010-07-09 02:06 . 2010-07-30 06:17 0 ----a-w- c:\windows\system32\drivers\muikt.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-30 06:00 . 2007-05-10 22:38 1356 ----a-w- c:\users\Regina\AppData\Local\d3d9caps.dat
    2010-07-09 02:31 . 2007-03-29 03:40 -------- d-----w- c:\program files\Common Files\AOL
    2010-07-09 02:30 . 2007-03-17 02:40 -------- d-----w- c:\programdata\AOL
    2010-07-09 02:23 . 2010-06-07 13:51 -------- d-----w- c:\users\Regina\AppData\Roaming\BitTorrent
    2010-06-27 18:48 . 2006-12-18 04:05 12 ----a-w- c:\windows\bthservsdp.dat
    2010-06-18 17:14 . 2010-06-12 05:11 -------- d-----w- c:\programdata\DivX
    2010-06-18 07:32 . 2009-05-19 18:36 -------- d-----w- c:\users\Regina\AppData\Roaming\LimeWire
    2010-06-15 19:11 . 2006-12-18 04:57 -------- d-----w- c:\program files\HP Games
    2010-06-15 19:02 . 2006-12-18 05:02 -------- d-----w- c:\programdata\WildTangent
    2010-06-15 18:58 . 2006-12-18 04:26 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-06-15 18:58 . 2007-07-03 23:45 -------- d-----w- c:\program files\HOTALBUMMyBOX
    2010-06-14 01:42 . 2010-06-14 01:42 -------- d-----w- c:\program files\AviSynth 2.5
    2010-06-12 23:59 . 2009-09-20 23:31 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-06-12 07:00 . 2009-01-01 16:37 -------- d-----w- c:\users\Regina\AppData\Roaming\DivX
    2010-06-12 05:19 . 2010-06-12 05:19 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-06-12 05:17 . 2006-12-18 05:12 -------- d-----w- c:\program files\DivX
    2010-06-12 05:17 . 2010-06-12 05:17 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-06-12 05:17 . 2010-06-12 05:17 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
    2010-06-12 05:17 . 2010-06-12 05:17 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
    2010-06-12 05:17 . 2010-06-12 05:17 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
    2010-06-12 05:16 . 2010-06-12 05:16 84062 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
    2010-06-12 05:16 . 2007-08-05 20:11 -------- d-----w- c:\program files\Common Files\PX Storage Engine
    2010-06-12 05:16 . 2010-06-12 05:16 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
    2010-06-12 05:16 . 2010-06-12 05:16 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
    2010-06-12 05:16 . 2010-06-12 05:16 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
    2010-06-12 05:16 . 2010-06-12 05:16 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
    2010-06-12 05:16 . 2010-06-12 05:16 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
    2010-06-12 05:16 . 2010-06-12 05:16 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
    2010-06-12 05:16 . 2010-06-12 05:16 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
    2010-06-12 05:16 . 2010-06-12 05:16 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
    2010-06-12 05:15 . 2010-06-12 05:15 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
    2010-06-12 05:15 . 2010-06-12 05:15 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
    2010-06-12 05:15 . 2010-06-12 05:15 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
    2010-06-12 05:15 . 2010-06-12 05:15 -------- d-----w- c:\program files\Common Files\DivX Shared
    2010-06-12 05:15 . 2010-06-12 05:15 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
    2010-06-12 05:15 . 2010-06-12 05:15 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
    2010-06-12 05:11 . 2010-06-12 05:17 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
    2010-06-12 05:10 . 2010-06-12 05:17 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
    2010-06-09 10:35 . 2006-12-18 04:50 -------- d-----w- c:\programdata\Microsoft Help
    2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\6685\AdobeARM.exe
    2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\16562\AdobeARM.exe
    2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\6685\AdobeExtractFiles.dll
    2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\16562\AdobeExtractFiles.dll
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\6685\ReaderUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\6685\AcrobatUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\16562\ReaderUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\16562\AcrobatUpdater.exe
    2010-06-07 13:51 . 2010-06-07 13:51 -------- d-----w- c:\program files\BitTorrent
    2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
    2010-05-21 21:14 . 2009-10-03 07:27 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-05-07 19:55 . 2010-05-07 19:55 255472 ----a-w- c:\users\Regina\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-01-11 1232896]
    "HPAdvisor "= "c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-22 1474560]
    "WindowsWelcomeCenter "= "oobefldr.dll" [2006-11-02 2159104]
    "ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
    "Skype "= "c:\program files\Skype\Phone\Skype.exe" [2007-03-12 25590312]
    "Google Update "= "c:\users\Regina\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-03-01 133104]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2007-04-17 1006264]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
    "QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]
    "HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
    "QlbCtrl "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
    "HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-28 46704]
    "WAWifiMessage "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
    "hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "WPCUMI "= "c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
    "CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
    "SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
    "OpwareSE4 "= "c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
    "DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2008-6-13 1754456]
    HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-17 34520]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux "=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    R1 aswSP;aswSP; [x]
    R2 aswFsBlk;aswFsBlk; [x]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    R3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-29 39048]
    R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-12-19 73472]
    R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-12-19 43904]
    S0 PzWDM;PzWDM;c:\windows\system32\Drivers\PzWDM.sys [2007-07-03 15172]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - CFCATCHME
    *Deregistered* - CFcatchme
    *Deregistered* - muikt

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-107199264-59685293-546543122-1000Core.job
    - c:\users\Regina\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-01 22:50]

    2010-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-107199264-59685293-546543122-1000UA.job
    - c:\users\Regina\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-01 22:50]

    2010-07-30 c:\windows\Tasks\HPCeeScheduleForRegina.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2006-12-18 00:08]

    2010-07-09 c:\windows\Tasks\User_Feed_Synchronization-{297E9270-95A0-4BF0-BB95-726FE08D846F}.job
    - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]

    2010-07-08 c:\windows\Tasks\User_Feed_Synchronization-{C4D2EA17-D19B-450E-AE3F-404E3BBD2D96}.job
    - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    LSP: c:\windows\system32\wpclsp.dll
    Handler: gameboxchrome - {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} -
    FF - ProfilePath - c:\users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\z77dif15.default\
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npJoostPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\Regina\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\users\Regina\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-RunOnce-<NO NAME> - (no file)
    AddRemove-SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B} - c:\program files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe



    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\muikt]

    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(540)
    c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\helppane.exe
    .
    **************************************************************************
    .
    Completion time: 2010-07-29 23:24:15 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-07-30 06:24
    ComboFix2.txt 2010-07-30 05:35
    ComboFix3.txt 2010-07-29 03:18
    ComboFix4.txt 2010-07-29 02:11
    ComboFix5.txt 2010-07-30 06:02

    Pre-Run: 80,286,621,696 bytes free
    Post-Run: 80,221,958,144 bytes free

    - - End Of File - - 3F75C80606DEF16C7F955FBCE5F3D71C
     
    rkim,
    #30
  12. 2010/07/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK. We have some very stubborn piece of malware here:
    ==================================================================

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
    broni,
    #31
  13. 2010/07/30
    rkim

    rkim Inactive Thread Starter

    Joined:
    2010/07/09
    Messages:
    33
    Likes Received:
    0
    Yea I have noticed the same thing.




    OTL logfile created on: 7/30/2010 1:00:31 AM - Run
    OTLPE by OldTimer - Version 3.1.40.0 Folder = X:\Programs\OTLPE
    Windows Vista (TM) Home Premium (Version = 6.0.6000) - Type = System
    Internet Explorer (Version = 7.0.6000.17037)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 142.49 Gb Total Space | 74.82 Gb Free Space | 52.51% Space Free | Partition Type: NTFS
    Drive D: | 6.56 Gb Total Space | 0.67 Gb Free Space | 10.28% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO
    Current User Name: SYSTEM
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
    SRV - File not found [Auto] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
    SRV - File not found [Auto] -- C:\Nexon\MapleStory\npkcmsvc.exe -- (npkcmsvc)
    SRV - File not found [Auto] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - File not found [Auto] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2007/04/17 18:32:18 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/03/25 18:52:46 | 000,077,944 | ---- | M] (Autodesk) [On_Demand] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
    SRV - [2007/01/05 17:04:10 | 002,918,008 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
    SRV - [2007/01/05 17:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
    SRV - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () [Auto] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
    SRV - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () [Auto] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
    SRV - [2006/06/26 13:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\Drivers\RimUsb.sys -- (RimUsb)
    DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | Auto] -- C:\Nexon\MapleStory\npkcrypt.sys -- (npkcrypt)
    DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070622.041\NAVEX15.SYS -- (NAVEX15)
    DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070622.041\NAVENG.SYS -- (NAVENG)
    DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2010/07/30 02:45:58 | 000,767,488 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\muikt.sys -- (muikt)
    DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/06/28 16:32:56 | 000,050,256 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2007/07/03 19:48:00 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot] -- C:\Windows\System32\drivers\PzWDM.sys -- (PzWDM)
    DRV - [2006/12/19 02:31:46 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
    DRV - [2006/12/19 02:31:46 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
    DRV - [2006/12/18 00:41:41 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2006/11/19 07:32:16 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
    DRV - [2006/11/16 05:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2006/11/16 00:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/11/15 22:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2006/11/15 01:24:00 | 000,179,256 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2006/11/09 05:02:30 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
    DRV - [2006/11/06 06:29:14 | 001,473,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2006/11/06 06:29:14 | 001,473,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
    DRV - [2006/11/04 03:23:02 | 000,275,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2006/11/04 03:23:00 | 000,024,184 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2006/11/04 03:22:56 | 000,245,880 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
    DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 03:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
    DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2006/11/02 03:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
    DRV - [2006/10/24 22:40:22 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2006/10/24 22:40:22 | 000,144,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
    DRV - [2006/10/24 22:40:22 | 000,038,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
    DRV - [2006/10/24 22:40:22 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2006/10/24 22:40:22 | 000,011,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
    DRV - [2006/10/18 07:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2006/10/18 07:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
    DRV - [2006/10/18 07:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2006/08/04 13:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2006/06/28 13:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
    DRV - [2006/06/28 13:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
    DRV - [2002/11/29 00:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IcdUsb2.sys -- (ICDUSB2) Sony IC Recorder (P)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
    IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
    IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========


    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/02 17:52:08 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/12 01:17:29 | 000,000,000 | ---D | M]

    [2009/01/08 15:58:34 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Mozilla\Extensions
    [2009/01/08 15:58:34 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\a29tth6l.default\extensions
    [2010/07/30 02:30:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2007/08/05 16:12:00 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2007/06/27 06:45:16 | 000,061,440 | ---- | M] (Joost Technologies B.V. ) -- C:\Program Files\Mozilla Firefox\plugins\npJoostPlugin.dll
    [2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

    O1 HOSTS File: ([2010/07/30 02:17:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll File not found
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
    O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll File not found
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
    O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
    O4 - HKU\Guest_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\User_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [] File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
    O18 - Protocol\Handler\gameboxchrome {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - C:\Program Files\GameBox\gamebox_toolbar.dll File not found
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\HPWave.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\HPWave.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/12/18 01:12:22 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/07/30 02:24:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/07/30 02:24:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp
    [2010/07/30 02:24:17 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Local\temp
    [2010/07/30 02:17:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/07/30 02:01:41 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2010/07/28 21:04:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/07/28 21:04:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/07/28 21:04:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/07/28 21:04:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/07/28 21:04:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/07/28 20:55:50 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/07/08 22:23:43 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2010/07/08 22:23:43 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2010/07/08 22:23:41 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2010/07/08 22:23:39 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2010/07/08 22:23:35 | 000,050,256 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2010/07/08 22:23:04 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
    [2010/07/08 22:23:01 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2010/07/08 22:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/07/05 02:24:54 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New Folder

    ========== Files - Modified Within 30 Days ==========

    [2010/07/30 02:46:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/07/30 02:45:58 | 000,767,488 | ---- | M] () -- C:\Windows\System32\drivers\muikt.sys
    [2010/07/30 02:33:02 | 000,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010/07/30 02:33:02 | 000,617,662 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/07/30 02:33:02 | 000,103,440 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/07/30 02:27:59 | 171,800,653 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/07/30 02:17:33 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
    [2010/07/30 02:17:28 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/07/30 02:00:38 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUser.job
    [2010/07/30 02:00:10 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
    [2010/07/30 01:44:20 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/07/30 01:44:18 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/07/30 01:20:48 | 003,746,882 | R--- | M] () -- C:\Users\User\Desktop\ComboFix.exe
    [2010/07/12 01:04:14 | 000,415,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/07/09 15:50:56 | 418,769,917 | ---- | M] () -- C:\Backup.zip
    [2010/07/08 22:23:35 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2010/07/08 22:20:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{297E9270-95A0-4BF0-BB95-726FE08D846F}.job
    [2010/07/08 21:28:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-107199264-59685293-546543122-1000UA.job
    [2010/07/08 16:28:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-107199264-59685293-546543122-1000Core.job
    [2010/07/08 01:23:30 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C4D2EA17-D19B-450E-AE3F-404E3BBD2D96}.job
    [2010/07/05 11:53:45 | 000,071,168 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/07/04 11:57:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/07/01 09:42:36 | 000,142,362 | ---- | M] () -- C:\Users\User\Desktop\Deitric Hall - Resume.pdf

    ========== Files Created - No Company Name ==========

    [2010/07/30 01:20:22 | 003,746,882 | R--- | C] () -- C:\Users\User\Desktop\ComboFix.exe
    [2010/07/28 21:04:07 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/07/28 21:04:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/07/28 21:04:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/07/28 21:04:07 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/07/28 21:04:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/07/09 15:15:38 | 418,769,917 | ---- | C] () -- C:\Backup.zip
    [2010/07/08 22:06:22 | 000,767,488 | ---- | C] () -- C:\Windows\System32\drivers\muikt.sys
    [2010/07/01 09:42:36 | 000,142,362 | ---- | C] () -- C:\Users\User\Desktop\Deitric Hall - Resume.pdf
    [2009/08/03 19:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/05/20 17:54:11 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\rx_image.Cache
    [2009/04/02 15:55:46 | 000,004,096 | -H-- | C] () -- C:\Users\User\AppData\Local\keyfile3.drm
    [2009/01/08 15:53:09 | 000,000,000 | ---- | C] () -- C:\Users\Guest\AppData\Local\QSwitch.txt
    [2009/01/08 15:53:09 | 000,000,000 | ---- | C] () -- C:\Users\Guest\AppData\Local\DSwitch.txt
    [2009/01/08 15:53:09 | 000,000,000 | ---- | C] () -- C:\Users\Guest\AppData\Local\AtStart.txt
    [2008/10/17 14:55:29 | 000,122,880 | ---- | C] () -- C:\Windows\System32\trc.dll
    [2008/10/17 14:55:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dsp_trc.dll
    [2008/09/15 20:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2008/09/15 20:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
    [2007/05/10 18:38:18 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
    [2007/04/19 00:14:11 | 000,071,168 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/03/27 00:51:06 | 000,000,029 | ---- | C] () -- C:\Windows\atid.ini
    [2007/03/25 19:57:09 | 000,000,038 | ---- | C] () -- C:\Windows\progman.ini
    [2007/03/17 00:55:04 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2007/03/16 01:37:16 | 000,000,342 | ---- | C] () -- C:\Users\User\AppData\Roaming\wklnhst.dat
    [2007/03/14 23:38:08 | 000,000,419 | ---- | C] () -- C:\Windows\MAXLINK.INI
    [2007/03/14 02:37:23 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\QSwitch.txt
    [2007/03/14 02:37:23 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\DSwitch.txt
    [2007/03/14 02:37:23 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\AtStart.txt
    [2006/11/29 03:32:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2006/11/06 07:02:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
    [2006/11/06 05:05:40 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2006/11/06 05:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
    [2006/11/06 05:00:56 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
    [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/09/19 03:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2006/09/19 03:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
    [2006/03/09 19:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2005/05/08 00:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

    ========== LOP Check ==========

    [2009/01/08 15:53:17 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Research In Motion
    [2007/03/28 23:41:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\acccore
    [2007/03/25 18:50:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Autodesk
    [2010/04/23 01:44:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canon
    [2007/03/27 00:49:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MSNInstaller
    [2007/03/14 02:58:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\muvee Technologies
    [2008/09/26 03:05:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nexon
    [2007/05/05 22:24:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PlayFirst
    [2007/03/14 23:38:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ScanSoft
    [2007/03/16 01:37:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Template
    [2009/09/21 01:02:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Windows Live Writer
    [2010/06/27 14:48:31 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/07/08 22:20:00 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{297E9270-95A0-4BF0-BB95-726FE08D846F}.job
    [2010/07/08 01:23:30 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C4D2EA17-D19B-450E-AE3F-404E3BBD2D96}.job

    ========== Purity Check ==========


    < End of report >
     
    rkim,
    #32
  14. 2010/07/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Do this on the computer you are posting from:
    Copy the text in the codebox below:


    Code:
    :OTL
DRV - [2010/07/30 02:45:58 | 000,767,488 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\muikt.sys -- (muikt)
[2010/07/30 02:45:58 | 000,767,488 | ---- | M] () -- C:\Windows\System32\drivers\muikt.sys
SRV - File not found [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - File not found [Auto] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - File not found [Auto] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/05 17:04:10 | 002,918,008 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/01/05 17:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070622.041\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070622.041\NAVENG.SYS -- (NAVENG)
DRV - [2006/12/18 00:41:41 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/11/04 03:23:02 | 000,275,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2006/11/04 03:23:00 | 000,024,184 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2006/11/04 03:22:56 | 000,245,880 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2006/10/24 22:40:22 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/10/24 22:40:22 | 000,144,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2006/10/24 22:40:22 | 000,038,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2006/10/24 22:40:22 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/10/24 22:40:22 | 000,011,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll File not found
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll File not found


:Services

:Reg

:Files
C:\Windows\System32\drivers\muikt.sys


:Commands
[purity]
[emptytemp]
    Open Notepad and paste it.
    Save the document as Fix.txt on to a USB flash drive


    On the infected computer the following...

    Run OTLPE

    • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
      • (The content of Fix.txt should appear in the box)
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log produced (you'll need to transfer it with USB stick)
    • Attempt to reboot normally into windows.
     
    broni,
    #33
  15. 2010/07/30
    rkim

    rkim Inactive Thread Starter

    Joined:
    2010/07/09
    Messages:
    33
    Likes Received:
    0
    Ok, the computer started normally!!
     
    Last edited: 2010/07/30
    rkim,
    #34
  16. 2010/07/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Wonderful :)

    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 3. Delete your Combofix file, download new one and post fresh log.
     
    broni,
    #35
  17. 2010/07/30
    rkim

    rkim Inactive Thread Starter

    Joined:
    2010/07/09
    Messages:
    33
    Likes Received:
    0
    Step 1:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4370

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18928

    7/30/2010 10:47:55 AM
    mbam-log-2010-07-30 (10-47-55).txt

    Scan type: Quick scan
    Objects scanned: 144456
    Time elapsed: 10 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\EWABQAF7KL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Zugo (Adware.Zugo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    rkim,
    #36
  18. 2010/07/30
    rkim

    rkim Inactive Thread Starter

    Joined:
    2010/07/09
    Messages:
    33
    Likes Received:
    0
    Step 2:

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-07-30 11:37:46
    Windows 6.0.6002 Service Pack 2
    Running: 4uetgziq.exe; Driver: C:\Users\User\AppData\Local\Temp\awryqpod.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x9047DB9C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x9047D9C0]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x9047DAFA]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE ntkrnlpa.exe!ZwLoadDriver 8217DDF0 7 Bytes JMP 9047DAFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 821E928F 5 Bytes JMP 904795B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntkrnlpa.exe!ObInsertObject 82242038 5 Bytes JMP 9047AF6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntkrnlpa.exe!NtCreateSection 822438C3 7 Bytes JMP 9047D9C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 822A3892 7 Bytes JMP 9047DBA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    init C:\Windows\system32\Drivers\PzWDM.sys entry point in "init" section [0x827F930E]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2400] kernel32.dll!FindResourceA 77EF2653 5 Bytes JMP 00427F80 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
    .text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2400] kernel32.dll!FindResourceW 77F17FA1 5 Bytes JMP 00427FC0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
    .text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2400] USER32.dll!LoadStringA 76436243 5 Bytes JMP 00428250 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
    .text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2400] USER32.dll!CreateDialogParamW 764372A2 5 Bytes JMP 00428070 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
    .text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2400] USER32.dll!LoadMenuW 76441412 5 Bytes JMP 00428140 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
    .text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2400] USER32.dll!LoadStringW 76449CCB 5 Bytes JMP 004281A0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
    .text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2400] USER32.dll!CreateDialogParamA 764517AA 5 Bytes JMP 00428000 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
    .text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[2400] USER32.dll!LoadMenuA 76477C77 5 Bytes JMP 004280E0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtCreateFile + 6 77DB43DA 4 Bytes [28, 00, 06, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtCreateFile + B 77DB43DF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtMapViewOfSection + 6 77DB4B2A 1 Byte [28]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtMapViewOfSection + 6 77DB4B2A 4 Bytes [28, 03, 06, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtMapViewOfSection + B 77DB4B2F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenFile + 6 77DB4BBA 4 Bytes [68, 00, 06, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenFile + B 77DB4BBF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenProcess + 6 77DB4C3A 4 Bytes [A8, 01, 06, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenProcess + B 77DB4C3F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenProcessToken + B 77DB4C4F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenProcessTokenEx + 6 77DB4C5A 4 Bytes [A8, 02, 06, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenProcessTokenEx + B 77DB4C5F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenThread + 6 77DB4CAA 4 Bytes [68, 01, 06, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenThread + B 77DB4CAF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenThreadToken + 6 77DB4CBA 4 Bytes [68, 02, 06, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenThreadToken + B 77DB4CBF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenThreadTokenEx + B 77DB4CCF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtQueryAttributesFile + 6 77DB4D5A 4 Bytes [A8, 00, 06, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtQueryAttributesFile + B 77DB4D5F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtQueryFullAttributesFile + B 77DB4E0F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtSetInformationFile + 6 77DB52EA 4 Bytes [28, 01, 06, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtSetInformationFile + B 77DB52EF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtSetInformationThread + 6 77DB533A 4 Bytes [28, 02, 06, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtSetInformationThread + B 77DB533F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtUnmapViewOfSection + 6 77DB55DA 1 Byte [68]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtUnmapViewOfSection + 6 77DB55DA 4 Bytes [68, 03, 06, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtUnmapViewOfSection + B 77DB55DF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtCreateFile + 6 77DB43DA 4 Bytes [28, 00, 06, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtCreateFile + B 77DB43DF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtMapViewOfSection + 6 77DB4B2A 1 Byte [28]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtMapViewOfSection + 6 77DB4B2A 4 Bytes [28, 03, 06, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtMapViewOfSection + B 77DB4B2F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenFile + 6 77DB4BBA 4 Bytes [68, 00, 06, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenFile + B 77DB4BBF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenProcess + 6 77DB4C3A 4 Bytes [A8, 01, 06, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenProcess + B 77DB4C3F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenProcessToken + B 77DB4C4F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenProcessTokenEx + 6 77DB4C5A 4 Bytes [A8, 02, 06, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenProcessTokenEx + B 77DB4C5F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenThread + 6 77DB4CAA 4 Bytes [68, 01, 06, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenThread + B 77DB4CAF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenThreadToken + 6 77DB4CBA 4 Bytes [68, 02, 06, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenThreadToken + B 77DB4CBF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtOpenThreadTokenEx + B 77DB4CCF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtQueryAttributesFile + 6 77DB4D5A 4 Bytes [A8, 00, 06, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtQueryAttributesFile + B 77DB4D5F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtQueryFullAttributesFile + B 77DB4E0F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtSetInformationFile + 6 77DB52EA 4 Bytes [28, 01, 06, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtSetInformationFile + B 77DB52EF 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtSetInformationThread + 6 77DB533A 4 Bytes [28, 02, 06, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtSetInformationThread + B 77DB533F 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtUnmapViewOfSection + 6 77DB55DA 1 Byte [68]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtUnmapViewOfSection + 6 77DB55DA 4 Bytes [68, 03, 06, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3108] ntdll.dll!NtUnmapViewOfSection + B 77DB55DF 1 Byte [E2]

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\system32\services.exe[604] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 008E0002
    IAT C:\Windows\system32\services.exe[604] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 008E0000
    IAT C:\Windows\Explorer.EXE[932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74CD7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74D2A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74CDBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74CCF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74CD75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74CCE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74D08395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74CDDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74CCFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74CCFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74CC71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74D5CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74CFC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74CCD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74CC6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74CC687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74CD2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641c78965
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001641c78965 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001641c78965 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001641c78965 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----
     
    rkim,
    #37
  19. 2010/07/30
    rkim

    rkim Inactive Thread Starter

    Joined:
    2010/07/09
    Messages:
    33
    Likes Received:
    0
    ComboFix 10-07-30.01 - User 07/30/2010 11:44:37.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.965 [GMT -7:00]
    Running from: c:\users\User\Desktop\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
    .

    2010-07-30 18:54 . 2010-07-30 18:54 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-07-30 18:54 . 2010-07-30 18:54 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2010-07-30 18:54 . 2010-07-30 18:54 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-07-30 17:35 . 2010-07-30 17:35 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
    2010-07-30 17:35 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-30 17:35 . 2010-07-30 17:35 -------- d-----w- c:\programdata\Malwarebytes
    2010-07-30 17:35 . 2010-07-30 17:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-30 17:35 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-30 17:15 . 2010-07-30 17:15 -------- d-----w- c:\windows\system32\ca-ES
    2010-07-30 17:15 . 2010-07-30 17:15 -------- d-----w- c:\windows\system32\eu-ES
    2010-07-30 17:15 . 2010-07-30 17:15 -------- d-----w- c:\windows\system32\vi-VN
    2010-07-30 16:57 . 2010-07-30 16:57 -------- d-----w- c:\windows\system32\EventProviders
    2010-07-30 16:54 . 2010-07-30 17:29 -------- d-----w- c:\users\User\AppData\Local\QuickPlay
    2010-07-30 08:55 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
    2010-07-30 08:55 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
    2010-07-30 08:55 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
    2010-07-30 08:55 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
    2010-07-30 08:55 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
    2010-07-30 08:55 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
    2010-07-30 08:55 . 2009-04-11 06:28 1480704 ----a-w- c:\windows\system32\mssrch.dll
    2010-07-30 08:53 . 2009-04-11 06:28 56320 ----a-w- c:\windows\system32\xmlfilter.dll
    2010-07-30 08:52 . 2009-04-11 06:28 723968 ----a-w- c:\windows\system32\powercpl.dll
    2010-07-30 08:51 . 2009-04-11 06:28 47104 ----a-w- c:\windows\system32\wbem\WmiPerfInst.dll
    2010-07-30 08:50 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
    2010-07-30 08:50 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
    2010-07-30 08:50 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
    2010-07-30 08:50 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
    2010-07-30 08:49 . 2010-07-30 08:49 -------- d-----w- c:\program files\iPod
    2010-07-30 08:48 . 2010-07-30 08:51 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-07-30 08:48 . 2010-07-30 08:51 -------- d-----w- c:\program files\iTunes
    2010-07-30 08:41 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-07-30 08:41 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2010-07-30 08:41 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
    2010-07-30 08:41 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-07-30 08:41 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2010-07-30 08:39 . 2010-07-30 08:40 -------- d-----w- c:\program files\QuickTime
    2010-07-30 08:33 . 2010-07-30 08:33 -------- d-----w- c:\program files\Bonjour
    2010-07-30 08:25 . 2010-07-30 08:25 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
    2010-07-30 08:21 . 2010-07-30 08:21 -------- d-----w- c:\windows\system32\Lang
    2010-07-30 08:21 . 2010-07-30 10:26 -------- d-----w- C:\Intel
    2010-07-30 08:20 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
    2010-07-30 08:19 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-07-30 08:19 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-07-30 08:19 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-07-30 08:19 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
    2010-07-30 08:19 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-07-30 08:19 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
    2010-07-30 08:19 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-07-30 08:18 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
    2010-07-30 08:03 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-07-30 08:03 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-07-30 08:03 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-07-30 08:03 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-07-30 08:03 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-07-30 08:02 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
    2010-07-30 08:02 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
    2010-07-30 07:31 . 2010-07-30 07:31 -------- d-----w- C:\PerfLogs
    2010-07-30 06:52 . 2010-07-30 06:52 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-07-30 06:52 . 2010-07-30 06:52 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
    2010-07-30 06:51 . 2010-07-30 06:51 84054 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
    2010-07-30 06:51 . 2010-07-30 06:51 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
    2010-07-30 06:50 . 2010-07-30 06:50 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
    2010-07-30 06:43 . 2010-07-30 06:43 -------- d-----w- C:\_OTL
    2010-07-30 06:25 . 2010-07-30 06:28 -------- d-----w- c:\users\User\AppData\Roaming\HpUpdate
    2010-07-30 06:25 . 2010-07-30 06:25 -------- d-----w- c:\windows\Hewlett-Packard
    2010-07-30 06:24 . 2010-07-30 18:54 -------- d-----w- c:\users\User\AppData\Local\temp
    2010-07-09 19:15 . 2010-07-09 19:50 4713737214 ----a-w- C:\Backup.zip
    2010-07-09 02:22 . 2010-07-09 02:22 -------- d-----w- c:\programdata\Alwil Software
    2010-07-09 02:22 . 2010-07-09 02:22 -------- d-----w- c:\program files\Alwil Software

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-30 17:20 . 2006-12-18 04:05 12 ----a-w- c:\windows\bthservsdp.dat
    2010-07-30 17:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
    2010-07-30 17:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-07-30 17:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
    2010-07-30 17:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
    2010-07-30 17:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
    2010-07-30 17:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
    2010-07-30 17:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
    2010-07-30 17:15 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2010-07-30 17:13 . 2010-07-30 17:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2010-07-30 17:12 . 2010-07-30 17:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2010-07-30 08:50 . 2006-12-18 04:26 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-07-30 08:32 . 2010-07-30 08:32 5930 ----a-w- c:\program files\Fix.txt
    2010-07-30 08:19 . 2006-12-18 04:22 -------- d-----w- c:\program files\Hewlett-Packard
    2010-07-30 08:10 . 2006-12-18 05:21 -------- d-----w- c:\programdata\Hewlett-Packard
    2010-07-30 07:13 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
    2010-07-30 07:13 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
    2010-07-30 07:01 . 2007-03-17 03:08 -------- d-----w- c:\users\User\AppData\Roaming\Skype
    2010-07-30 06:53 . 2010-06-12 05:19 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-07-30 06:52 . 2007-08-05 20:11 -------- d-----w- c:\program files\Google
    2010-07-30 06:52 . 2010-06-12 05:11 -------- d-----w- c:\programdata\DivX
    2010-07-30 06:52 . 2006-12-18 05:12 -------- d-----w- c:\program files\DivX
    2010-07-30 06:51 . 2007-08-05 20:11 -------- d-----w- c:\program files\Common Files\PX Storage Engine
    2010-07-30 06:50 . 2010-06-12 05:17 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
    2010-07-30 06:50 . 2010-06-12 05:17 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
    2010-07-30 06:35 . 2006-12-18 04:50 -------- d-----w- c:\programdata\Microsoft Help
    2010-07-30 06:25 . 2006-12-18 04:55 -------- d-----w- c:\program files\HP
    2010-07-30 06:00 . 2007-05-10 22:38 1356 ----a-w- c:\users\User\AppData\Local\d3d9caps.dat
    2010-07-30 05:02 . 2010-07-30 05:08 73404 ----a-w- c:\program files\OTL.Txt
    2010-07-09 02:31 . 2007-03-29 03:40 -------- d-----w- c:\program files\Common Files\AOL
    2010-07-09 02:30 . 2007-03-17 02:40 -------- d-----w- c:\programdata\AOL
    2010-06-15 19:11 . 2006-12-18 04:57 -------- d-----w- c:\program files\HP Games
    2010-06-15 19:02 . 2006-12-18 05:02 -------- d-----w- c:\programdata\WildTangent
    2010-06-15 18:58 . 2007-07-03 23:45 -------- d-----w- c:\program files\HOTALBUMMyBOX
    2010-06-14 01:42 . 2010-06-14 01:42 -------- d-----w- c:\program files\AviSynth 2.5
    2010-06-12 23:59 . 2009-09-20 23:31 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-06-12 07:00 . 2009-01-01 16:37 -------- d-----w- c:\users\User\AppData\Roaming\DivX
    2010-06-12 05:17 . 2010-06-12 05:17 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
    2010-06-12 05:17 . 2010-06-12 05:17 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
    2010-06-12 05:16 . 2010-06-12 05:16 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
    2010-06-12 05:16 . 2010-06-12 05:16 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
    2010-06-12 05:16 . 2010-06-12 05:16 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
    2010-06-12 05:16 . 2010-06-12 05:16 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
    2010-06-12 05:16 . 2010-06-12 05:16 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
    2010-06-12 05:16 . 2010-06-12 05:16 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
    2010-06-12 05:16 . 2010-06-12 05:16 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
    2010-06-12 05:15 . 2010-06-12 05:15 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
    2010-06-12 05:15 . 2010-06-12 05:15 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
    2010-06-12 05:15 . 2010-06-12 05:15 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
    2010-06-12 05:15 . 2010-06-12 05:15 -------- d-----w- c:\program files\Common Files\DivX Shared
    2010-06-12 05:15 . 2010-06-12 05:15 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
    2010-06-12 05:15 . 2010-06-12 05:15 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
    2010-06-11 23:51 . 2010-06-11 23:51 3055600 ----a-w- c:\users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    2010-06-11 23:36 . 2010-06-11 23:36 275952 ----a-w- c:\users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\6685\AdobeARM.exe
    2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\16562\AdobeARM.exe
    2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\14439\AdobeARM.exe
    2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\6685\AdobeExtractFiles.dll
    2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\16562\AdobeExtractFiles.dll
    2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\14439\AdobeExtractFiles.dll
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\6685\ReaderUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\6685\AcrobatUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\16562\ReaderUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\16562\AcrobatUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\14439\ReaderUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\14439\AcrobatUpdater.exe
    2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
    2010-05-26 22:24 . 2010-04-26 02:05 18488 ----a-w- c:\windows\Help\OEM\scripts\HPHC_BUY_BATTERY.exe
    2010-05-21 21:14 . 2009-10-03 07:27 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-05-18 23:35 . 2010-05-18 23:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-05-04 05:59 . 2010-07-30 08:35 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-04 05:55 . 2010-07-30 08:35 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-05-04 05:55 . 2010-07-30 08:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-05-04 04:31 . 2010-07-30 08:35 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "HPAdvisor "= "c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-22 1474560]
    "WindowsWelcomeCenter "= "oobefldr.dll" [2009-04-11 2153472]
    "ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Google Update "= "c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-03-01 133104]
    "WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
    "QlbCtrl "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
    "HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "WPCUMI "= "c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
    "CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
    "SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
    "OpwareSE4 "= "c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
    "HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
    "avast5 "= "c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
    "hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2007-02-27 131072]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2007-02-27 151552]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2007-02-27 126976]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2008-6-13 1754456]
    HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-17 34520]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2 "=hex(b):4c,85,f6,3a,0c,30,cb,01

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 135664]
    R3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-29 39048]
    S0 PzWDM;PzWDM;c:\windows\system32\Drivers\PzWDM.sys [2007-07-03 15172]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-12-19 73472]
    S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-12-19 43904]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - AWRYQPOD
    *Deregistered* - awryqpod

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 06:51]

    2010-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 06:51]

    2010-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-107199264-59685293-546543122-1000Core.job
    - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-01 22:50]

    2010-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-107199264-59685293-546543122-1000UA.job
    - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-01 22:50]

    2010-07-30 c:\windows\Tasks\HPCeeScheduleForUser.job
    - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-12-18 00:08]

    2010-07-30 c:\windows\Tasks\User_Feed_Synchronization-{297E9270-95A0-4BF0-BB95-726FE08D846F}.job
    - c:\windows\system32\msfeedssync.exe [2010-07-30 04:30]

    2010-07-30 c:\windows\Tasks\User_Feed_Synchronization-{C4D2EA17-D19B-450E-AE3F-404E3BBD2D96}.job
    - c:\windows\system32\msfeedssync.exe [2010-07-30 04:30]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    LSP: c:\windows\system32\wpclsp.dll
    Handler: gameboxchrome - {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} -
    FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z77dif15.default\
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npJoostPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\User\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-30 11:54
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(1528)
    c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
    c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
    .
    Completion time: 2010-07-30 11:58:39
    ComboFix-quarantined-files.txt 2010-07-30 18:58
    ComboFix2.txt 2010-07-30 06:24
    ComboFix3.txt 2010-07-30 05:35
    ComboFix4.txt 2010-07-29 03:18
    ComboFix5.txt 2010-07-30 18:43

    Pre-Run: 74,820,370,432 bytes free
    Post-Run: 75,034,140,672 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4
    - - End Of File - - B5886A14784782026CC18C9A5619F28A
     
    rkim,
    #38
  20. 2010/07/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Perfect :)

    How is your computer doing at the moment?

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Click OK (Vista users - press Enter).
    Restart computer.

    =======================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #39
  21. 2010/07/30
    rkim

    rkim Inactive Thread Starter

    Joined:
    2010/07/09
    Messages:
    33
    Likes Received:
    0
    its running well but it seems like it should boot a little faster.
     
    rkim,
    #40
Page 2 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...