Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

real slow rootkit and AV scans

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

real slow rootkit and AV scans

Unread postby Milk21 » October 21st, 2011, 1:09 pm

anyone help
comp is real sluggish and when i run tds kapersky anti rootkit which normally takes 10 secs it takes 12 mins! NAV also takes an age and for some reason scans 200,000 files

both logs below, thanks

--------------------
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.1.0
Run by Chris at 18:08:08 on 2011-10-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3060.1690 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.visagecomputers.co.uk/
uStart Page = hxxp://www.visagecomputers.co.uk/
uWindow Title = Visage Computers
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.1.1.3\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.1.1.3\ips\IPSBHO.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.1.1.3\coIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [GoTrusted] c:\program files\gotrusted.com\gotrusted secure tunnel v2.3.1.5\GoTrusted Secure Tunnel.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71} : DhcpNameServer = 192.168.0.203
TCP: Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F} : DhcpNameServer = 192.168.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\1i32whaz.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1301010.003\symds.sys [2011-10-21 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1301010.003\symefa.sys [2011-10-21 897656]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20111014.001\BHDrvx86.sys [2011-10-15 818808]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1301010.003\ccsetx86.sys [2011-10-21 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20111020.030\IDSvix86.sys [2011-10-20 368248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1301010.003\ironx86.sys [2011-10-21 149624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1301010.003\symtdiv.sys [2011-10-21 344184]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.1.1.3\ccsvchst.exe [2011-10-21 138760]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-10-21 105592]
R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [2008-3-18 20480]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [2010-11-19 43520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-21 16:15:01 -------- d-----w- c:\program files\CCleaner
2011-10-21 15:53:05 -------- d-----w- c:\users\chris\appdata\roaming\SUPERAntiSpyware.com
2011-10-21 15:52:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-21 15:52:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-21 14:49:52 -------- d-----w- c:\users\chris\appdata\local\GoTrusted.com
2011-10-21 14:39:51 -------- d-----w- c:\program files\GoTrusted.com
2011-10-21 13:36:01 -------- d-----w- c:\programdata\AVAST Software
2011-10-21 13:36:01 -------- d-----w- c:\program files\AVAST Software
2011-10-21 13:33:54 -------- d-----w- c:\users\chris\appdata\roaming\Malwarebytes
2011-10-21 13:33:47 -------- d-----w- c:\programdata\Malwarebytes
2011-10-21 13:33:43 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-21 13:33:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-21 13:10:54 -------- d-----w- c:\program files\FileHippo.com
2011-10-21 13:07:39 -------- d-----w- c:\users\chris\appdata\local\Adobe
2011-10-21 13:04:21 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-10-21 13:00:35 -------- d-----w- c:\program files\common files\xing shared
2011-10-21 12:55:10 -------- d-----w- c:\users\chris\appdata\local\Secunia PSI
2011-10-21 12:55:01 -------- d-----w- c:\program files\Secunia
2011-10-21 12:54:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-21 12:17:24 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-10-21 12:17:24 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-10-21 12:15:59 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-21 12:13:57 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-10-21 12:01:59 -------- d-----w- c:\programdata\Symantec
2011-10-21 12:01:56 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-10-21 12:01:56 -------- d-----w- c:\program files\Symantec
2011-10-21 12:01:56 -------- d-----w- c:\program files\common files\Symantec Shared
2011-10-21 12:00:59 -------- d-----w- c:\windows\system32\drivers\NIS
2011-10-21 12:00:57 -------- d-----w- c:\program files\Norton Internet Security
2011-10-21 12:00:56 -------- d-----w- c:\programdata\Norton
2011-10-21 12:00:47 -------- d-----w- c:\programdata\NortonInstaller
2011-10-21 12:00:47 -------- d-----w- c:\program files\NortonInstaller
.
==================== Find3M ====================
.
2011-10-21 13:12:55 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-21 13:00:13 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-10-21 13:00:13 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-08 23:38:11 132744 ----a-w- c:\windows\system32\drivers\nis\1301010.003\ccsetx86.sys
2011-08-03 02:22:10 566904 ----a-w- c:\windows\system32\drivers\nis\1301010.003\srtsp.sys
2011-08-03 02:22:10 31864 ----a-w- c:\windows\system32\drivers\nis\1301010.003\srtspx.sys
2011-07-29 16:01:34 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-07-29 16:01:33 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-07-29 16:00:14 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-07-29 03:20:02 897656 ----a-w- c:\windows\system32\drivers\nis\1301010.003\symefa.sys
2011-07-26 02:18:39 344184 ----a-w- c:\windows\system32\drivers\nis\1301010.003\symtdiv.sys
2011-07-26 02:18:39 314488 ----a-w- c:\windows\system32\drivers\nis\1301010.003\symnets.sys
2011-07-26 02:15:51 149624 ----a-w- c:\windows\system32\drivers\nis\1301010.003\ironx86.sys
2011-07-25 18:18:36 340088 ----a-r- c:\windows\system32\drivers\nis\1301010.003\symds.sys
.
============= FINISH: 18:08:24.01 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 04/02/2011 10:32:19
System Uptime: 21/10/2011 17:40:54 (1 hours ago)
.
Motherboard: Dell Inc. | | 0K216C
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 1998/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 260.452 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.888 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP16: 21/10/2011 12:58:25 - Windows Update
RP17: 21/10/2011 13:16:03 - Windows Update
RP18: 21/10/2011 13:43:02 - Windows Update
RP19: 21/10/2011 13:55:29 - Windows Update
RP20: 21/10/2011 14:04:24 - Windows Update
RP21: 21/10/2011 14:08:56 - Installed Adobe Reader X (10.1.0).
RP22: 21/10/2011 14:12:41 - Installed Java(TM) 7 Update 1
RP23: 21/10/2011 14:35:42 - avast! Free Antivirus Setup
RP24: 21/10/2011 15:36:59 - avast! Free Antivirus Setup
RP25: 21/10/2011 15:39:32 - Installed GoTrusted Secure Tunnel v2.3.1.5
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
CCleaner
EasyBCD 1.7
ffdshow [rev 2180] [2008-10-04]
GoTrusted Secure Tunnel v2.3.1.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 7 Update 1
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 7.0.1 (x86 en-GB)
Nero 7 Lite 7.10.1.2
Norton Internet Security
PowerDVD
RealPlayer
RealUpgrade 1.1
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
SUPERAntiSpyware
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Windows Live installer
Windows Live Messenger
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
21/10/2011 14:25:34, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
21/10/2011 14:09:30, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
21/10/2011 14:09:30, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
21/10/2011 14:09:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================
Milk21
Regular Member
 
Posts: 20
Joined: October 21st, 2011, 12:45 pm
Advertisement
Register to Remove

Re: real slow rootkit and AV scans

Unread postby Gary R » October 25th, 2011, 11:32 am

Sorry we're a bit late getting back to you, we're pretty much always busy and sometimes topics get overlooked.

If you still need help please post me a new set of DDS logs so that I've got the latest information to work from.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: real slow rootkit and AV scans

Unread postby Milk21 » October 25th, 2011, 4:06 pm

thanks, here are the logs

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.1.0
Run by Chris at 21:04:46 on 2011-10-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3060.1477 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.visagecomputers.co.uk/
uStart Page = hxxp://www.visagecomputers.co.uk/
uWindow Title = Visage Computers
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.1.1.3\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.1.1.3\ips\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.1.1.3\coIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [GoTrusted] c:\program files\gotrusted.com\gotrusted secure tunnel v2.3.1.5\GoTrusted Secure Tunnel.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71} : DhcpNameServer = 192.168.0.203
TCP: Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F} : DhcpNameServer = 192.168.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\1i32whaz.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1301010.003\symds.sys [2011-10-21 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1301010.003\symefa.sys [2011-10-21 897656]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20111014.001\BHDrvx86.sys [2011-10-15 818808]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1301010.003\ccsetx86.sys [2011-10-21 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20111022.030\IDSvix86.sys [2011-10-25 368248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1301010.003\ironx86.sys [2011-10-21 149624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1301010.003\symtdiv.sys [2011-10-21 344184]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.1.1.3\ccsvchst.exe [2011-10-21 138760]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-10-21 105592]
R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [2008-3-18 20480]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [2010-11-19 43520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-22 22:27:54 -------- d-----w- c:\program files\VideoLAN
2011-10-22 12:26:39 -------- d-----w- c:\users\chris\Tracing
2011-10-22 12:25:31 -------- d-----w- c:\program files\Microsoft
2011-10-22 12:25:12 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-10-22 12:24:11 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc3EEE.tmp
2011-10-22 12:23:40 -------- d-----w- c:\program files\common files\Windows Live
2011-10-22 04:49:13 87608 ----a-w- c:\users\chris\appdata\roaming\inst.exe
2011-10-22 04:49:13 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-10-22 04:49:13 47360 ----a-w- c:\users\chris\appdata\roaming\pcouffin.sys
2011-10-22 04:49:06 65602 ----a-w- c:\windows\system32\cook3260.dll
2011-10-22 04:49:06 217127 ----a-w- c:\windows\system32\drv43260.dll
2011-10-22 04:49:06 208935 ----a-w- c:\windows\system32\drv33260.dll
2011-10-22 04:49:06 176165 ----a-w- c:\windows\system32\drv23260.dll
2011-10-22 04:49:06 102439 ----a-w- c:\windows\system32\sipr3260.dll
2011-10-22 04:49:05 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2011-10-22 04:49:05 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2011-10-22 04:49:04 -------- d-----w- c:\program files\VSO
2011-10-22 00:54:12 -------- d-----w- c:\program files\PeerBlock
2011-10-22 00:53:20 -------- d-----w- c:\program files\uTorrent
2011-10-22 00:52:38 -------- d-----w- c:\users\chris\appdata\roaming\uTorrent
2011-10-22 00:52:38 -------- d-----w- c:\users\chris\appdata\local\uTorrent
2011-10-21 20:44:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-10-21 20:44:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-10-21 20:44:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-10-21 20:44:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-10-21 20:44:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-10-21 20:44:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-10-21 20:44:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-10-21 20:42:33 -------- d-----w- c:\users\chris\appdata\local\Apple
2011-10-21 18:52:12 -------- d-----w- c:\program files\ESET
2011-10-21 16:15:01 -------- d-----w- c:\program files\CCleaner
2011-10-21 15:53:05 -------- d-----w- c:\users\chris\appdata\roaming\SUPERAntiSpyware.com
2011-10-21 15:52:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-21 15:52:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-21 14:49:52 -------- d-----w- c:\users\chris\appdata\local\GoTrusted.com
2011-10-21 14:39:51 -------- d-----w- c:\program files\GoTrusted.com
2011-10-21 13:36:01 -------- d-----w- c:\programdata\AVAST Software
2011-10-21 13:36:01 -------- d-----w- c:\program files\AVAST Software
2011-10-21 13:33:54 -------- d-----w- c:\users\chris\appdata\roaming\Malwarebytes
2011-10-21 13:33:47 -------- d-----w- c:\programdata\Malwarebytes
2011-10-21 13:33:43 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-21 13:33:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-21 13:10:54 -------- d-----w- c:\program files\FileHippo.com
2011-10-21 13:07:39 -------- d-----w- c:\users\chris\appdata\local\Adobe
2011-10-21 13:04:21 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-10-21 13:00:35 -------- d-----w- c:\program files\common files\xing shared
2011-10-21 12:55:10 -------- d-----w- c:\users\chris\appdata\local\Secunia PSI
2011-10-21 12:55:01 -------- d-----w- c:\program files\Secunia
2011-10-21 12:54:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-21 12:17:24 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-10-21 12:17:24 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-10-21 12:15:59 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-21 12:13:57 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-10-21 12:01:59 -------- d-----w- c:\programdata\Symantec
2011-10-21 12:01:56 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-10-21 12:01:56 -------- d-----w- c:\program files\Symantec
2011-10-21 12:01:56 -------- d-----w- c:\program files\common files\Symantec Shared
2011-10-21 12:00:59 -------- d-----w- c:\windows\system32\drivers\NIS
2011-10-21 12:00:57 -------- d-----w- c:\program files\Norton Internet Security
2011-10-21 12:00:56 -------- d-----w- c:\programdata\Norton
2011-10-21 12:00:47 -------- d-----w- c:\programdata\NortonInstaller
2011-10-21 12:00:47 -------- d-----w- c:\program files\NortonInstaller
.
==================== Find3M ====================
.
2011-10-21 13:12:55 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-21 13:00:13 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-10-21 13:00:13 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-08 23:38:11 132744 ----a-w- c:\windows\system32\drivers\nis\1301010.003\ccsetx86.sys
2011-08-03 02:22:10 566904 ----a-w- c:\windows\system32\drivers\nis\1301010.003\srtsp.sys
2011-08-03 02:22:10 31864 ----a-w- c:\windows\system32\drivers\nis\1301010.003\srtspx.sys
2011-07-29 16:01:34 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-07-29 16:01:33 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-07-29 16:00:14 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-07-29 03:20:02 897656 ----a-w- c:\windows\system32\drivers\nis\1301010.003\symefa.sys
.
============= FINISH: 21:05:07.85 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 04/02/2011 10:32:19
System Uptime: 25/10/2011 14:30:36 (7 hours ago)
.
Motherboard: Dell Inc. | | 0K216C
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 2664/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 198.16 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.888 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP28: 23/10/2011 07:09:02 - Scheduled Checkpoint
RP29: 23/10/2011 20:08:31 - Installed Windows Media Player Firefox Plugin
RP30: 24/10/2011 20:01:09 - Scheduled Checkpoint
RP31: 25/10/2011 14:45:30 - Removed Skype™ 5.5
RP32: 25/10/2011 14:47:41 - Removed Skype Click to Call
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
µTorrent
CCleaner
ConvertXtoDVD 4.0.9.322
EasyBCD 1.7
ESET Online Scanner v3
ffdshow [rev 2180] [2008-10-04]
GoTrusted Secure Tunnel v2.3.1.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 7 Update 1
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 7.0.1 (x86 en-GB)
MSVCRT
Nero 7 Lite 7.10.1.2
Norton Internet Security
PeerBlock 1.1 (r518)
PowerDVD
QuickTime
RealPlayer
RealUpgrade 1.1
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
SUPERAntiSpyware
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VLC media player 1.1.11
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
25/10/2011 17:31:25, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
25/10/2011 17:30:55, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
24/10/2011 18:59:49, Error: EventLog [6008] - The previous system shutdown at 18:58:34 on 24/10/2011 was unexpected.
24/10/2011 17:58:39, Error: EventLog [6008] - The previous system shutdown at 17:56:57 on 24/10/2011 was unexpected.
24/10/2011 00:06:27, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.197.92.154 for the Network Card with network address 00FF16FF347F has been denied by the DHCP server 10.197.93.105 (The DHCP Server sent a DHCPNACK message).
22/10/2011 13:26:17, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
22/10/2011 13:26:17, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
22/10/2011 13:26:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
22/10/2011 04:47:23, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.197.94.174 for the Network Card with network address 00FF16FF347F has been denied by the DHCP server 10.197.92.37 (The DHCP Server sent a DHCPNACK message).
21/10/2011 14:25:34, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
.
==== End Of File ===========================
Milk21
Regular Member
 
Posts: 20
Joined: October 21st, 2011, 12:45 pm

Re: real slow rootkit and AV scans

Unread postby Milk21 » October 25th, 2011, 4:08 pm

thanks here the latest logs as requestesd


thanks, here are the logs

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.1.0
Run by Chris at 21:04:46 on 2011-10-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3060.1477 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.visagecomputers.co.uk/
uStart Page = hxxp://www.visagecomputers.co.uk/
uWindow Title = Visage Computers
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.1.1.3\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.1.1.3\ips\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.1.1.3\coIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [GoTrusted] c:\program files\gotrusted.com\gotrusted secure tunnel v2.3.1.5\GoTrusted Secure Tunnel.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71} : DhcpNameServer = 192.168.0.203
TCP: Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F} : DhcpNameServer = 192.168.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\1i32whaz.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1301010.003\symds.sys [2011-10-21 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1301010.003\symefa.sys [2011-10-21 897656]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20111014.001\BHDrvx86.sys [2011-10-15 818808]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1301010.003\ccsetx86.sys [2011-10-21 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20111022.030\IDSvix86.sys [2011-10-25 368248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1301010.003\ironx86.sys [2011-10-21 149624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1301010.003\symtdiv.sys [2011-10-21 344184]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.1.1.3\ccsvchst.exe [2011-10-21 138760]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-10-21 105592]
R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [2008-3-18 20480]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [2010-11-19 43520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-22 22:27:54 -------- d-----w- c:\program files\VideoLAN
2011-10-22 12:26:39 -------- d-----w- c:\users\chris\Tracing
2011-10-22 12:25:31 -------- d-----w- c:\program files\Microsoft
2011-10-22 12:25:12 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-10-22 12:24:11 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc3EEE.tmp
2011-10-22 12:23:40 -------- d-----w- c:\program files\common files\Windows Live
2011-10-22 04:49:13 87608 ----a-w- c:\users\chris\appdata\roaming\inst.exe
2011-10-22 04:49:13 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-10-22 04:49:13 47360 ----a-w- c:\users\chris\appdata\roaming\pcouffin.sys
2011-10-22 04:49:06 65602 ----a-w- c:\windows\system32\cook3260.dll
2011-10-22 04:49:06 217127 ----a-w- c:\windows\system32\drv43260.dll
2011-10-22 04:49:06 208935 ----a-w- c:\windows\system32\drv33260.dll
2011-10-22 04:49:06 176165 ----a-w- c:\windows\system32\drv23260.dll
2011-10-22 04:49:06 102439 ----a-w- c:\windows\system32\sipr3260.dll
2011-10-22 04:49:05 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2011-10-22 04:49:05 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2011-10-22 04:49:04 -------- d-----w- c:\program files\VSO
2011-10-22 00:54:12 -------- d-----w- c:\program files\PeerBlock
2011-10-22 00:53:20 -------- d-----w- c:\program files\uTorrent
2011-10-22 00:52:38 -------- d-----w- c:\users\chris\appdata\roaming\uTorrent
2011-10-22 00:52:38 -------- d-----w- c:\users\chris\appdata\local\uTorrent
2011-10-21 20:44:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-10-21 20:44:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-10-21 20:44:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-10-21 20:44:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-10-21 20:44:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-10-21 20:44:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-10-21 20:44:22 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-10-21 20:42:33 -------- d-----w- c:\users\chris\appdata\local\Apple
2011-10-21 18:52:12 -------- d-----w- c:\program files\ESET
2011-10-21 16:15:01 -------- d-----w- c:\program files\CCleaner
2011-10-21 15:53:05 -------- d-----w- c:\users\chris\appdata\roaming\SUPERAntiSpyware.com
2011-10-21 15:52:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-21 15:52:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-21 14:49:52 -------- d-----w- c:\users\chris\appdata\local\GoTrusted.com
2011-10-21 14:39:51 -------- d-----w- c:\program files\GoTrusted.com
2011-10-21 13:36:01 -------- d-----w- c:\programdata\AVAST Software
2011-10-21 13:36:01 -------- d-----w- c:\program files\AVAST Software
2011-10-21 13:33:54 -------- d-----w- c:\users\chris\appdata\roaming\Malwarebytes
2011-10-21 13:33:47 -------- d-----w- c:\programdata\Malwarebytes
2011-10-21 13:33:43 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-21 13:33:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-21 13:10:54 -------- d-----w- c:\program files\FileHippo.com
2011-10-21 13:07:39 -------- d-----w- c:\users\chris\appdata\local\Adobe
2011-10-21 13:04:21 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-10-21 13:00:35 -------- d-----w- c:\program files\common files\xing shared
2011-10-21 12:55:10 -------- d-----w- c:\users\chris\appdata\local\Secunia PSI
2011-10-21 12:55:01 -------- d-----w- c:\program files\Secunia
2011-10-21 12:54:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-21 12:17:24 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-10-21 12:17:24 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-10-21 12:15:59 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-21 12:13:57 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-10-21 12:01:59 -------- d-----w- c:\programdata\Symantec
2011-10-21 12:01:56 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-10-21 12:01:56 -------- d-----w- c:\program files\Symantec
2011-10-21 12:01:56 -------- d-----w- c:\program files\common files\Symantec Shared
2011-10-21 12:00:59 -------- d-----w- c:\windows\system32\drivers\NIS
2011-10-21 12:00:57 -------- d-----w- c:\program files\Norton Internet Security
2011-10-21 12:00:56 -------- d-----w- c:\programdata\Norton
2011-10-21 12:00:47 -------- d-----w- c:\programdata\NortonInstaller
2011-10-21 12:00:47 -------- d-----w- c:\program files\NortonInstaller
.
==================== Find3M ====================
.
2011-10-21 13:12:55 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-21 13:00:13 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-10-21 13:00:13 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-08 23:38:11 132744 ----a-w- c:\windows\system32\drivers\nis\1301010.003\ccsetx86.sys
2011-08-03 02:22:10 566904 ----a-w- c:\windows\system32\drivers\nis\1301010.003\srtsp.sys
2011-08-03 02:22:10 31864 ----a-w- c:\windows\system32\drivers\nis\1301010.003\srtspx.sys
2011-07-29 16:01:34 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-07-29 16:01:33 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-07-29 16:00:14 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-07-29 03:20:02 897656 ----a-w- c:\windows\system32\drivers\nis\1301010.003\symefa.sys
.
============= FINISH: 21:05:07.85 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 04/02/2011 10:32:19
System Uptime: 25/10/2011 14:30:36 (7 hours ago)
.
Motherboard: Dell Inc. | | 0K216C
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 2664/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 198.16 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.888 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP28: 23/10/2011 07:09:02 - Scheduled Checkpoint
RP29: 23/10/2011 20:08:31 - Installed Windows Media Player Firefox Plugin
RP30: 24/10/2011 20:01:09 - Scheduled Checkpoint
RP31: 25/10/2011 14:45:30 - Removed Skype™ 5.5
RP32: 25/10/2011 14:47:41 - Removed Skype Click to Call
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
µTorrent
CCleaner
ConvertXtoDVD 4.0.9.322
EasyBCD 1.7
ESET Online Scanner v3
ffdshow [rev 2180] [2008-10-04]
GoTrusted Secure Tunnel v2.3.1.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 7 Update 1
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 7.0.1 (x86 en-GB)
MSVCRT
Nero 7 Lite 7.10.1.2
Norton Internet Security
PeerBlock 1.1 (r518)
PowerDVD
QuickTime
RealPlayer
RealUpgrade 1.1
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
SUPERAntiSpyware
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VLC media player 1.1.11
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
25/10/2011 17:31:25, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
25/10/2011 17:30:55, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
24/10/2011 18:59:49, Error: EventLog [6008] - The previous system shutdown at 18:58:34 on 24/10/2011 was unexpected.
24/10/2011 17:58:39, Error: EventLog [6008] - The previous system shutdown at 17:56:57 on 24/10/2011 was unexpected.
24/10/2011 00:06:27, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.197.92.154 for the Network Card with network address 00FF16FF347F has been denied by the DHCP server 10.197.93.105 (The DHCP Server sent a DHCPNACK message).
22/10/2011 13:26:17, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
22/10/2011 13:26:17, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
22/10/2011 13:26:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
22/10/2011 04:47:23, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.197.94.174 for the Network Card with network address 00FF16FF347F has been denied by the DHCP server 10.197.92.37 (The DHCP Server sent a DHCPNACK message).
21/10/2011 14:25:34, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
.
==== End Of File ===========================
Milk21
Regular Member
 
Posts: 20
Joined: October 21st, 2011, 12:45 pm

Re: real slow rootkit and AV scans

Unread postby Gary R » October 25th, 2011, 5:27 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Help with spyware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Milk21

I'm Gary R, I'll be glad to help you with your computer problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
Important As I said earlier removing Malware is a potentially hazardous thing to do, so to increase our chances of recovery in the event of something unexpected happening, I'd like you to make a backup of your Registry before we start to clean your computer.
  • Download ERUNT to your desktop
  • Alternate Download
  • Double-click on erunt_setup.exe to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Let me know.
    • Do not follow any further instructions until I tell you to.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Nothing of any real concern showing in your DDS logs, there's a few things need attention, but we'll deal with them once we've run some more scans.

First

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

Download GMER to your Desktop. (It will have a randomly generated name, for example .... wjkl3ecz.exe)

  • Disconnect from the Internet, and close all running programmes.
  • There is a small chance this programme may crash your computer, so save any work you have open.
  • Double click on the randomly named GMER file (eg .... wjkl3ecz.exe) to launch GMER.
  • Let the gmer.sys driver load if asked.
  • If it gives you a warning at programme start about rootkit activity and asks if you want to run a scan ..... click OK.
  • If no warning:
    • Click Rootkit tab.
    • Ensure that All the boxes to the right of the program are checked except Show All.
    • Click Scan.
  • Do not use your computer while the scan is running.
  • Once scan is finished click Copy.
    • Click Start > Run then type Notepad.exe then click OK.
    • This will open a Notepad file.
    • Hit Ctrl+V to paste log into it.
    • Save the log to your Desktop.
  • Reconnect to internet and post the log please.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • GMER log
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: real slow rootkit and AV scans

Unread postby Milk21 » October 25th, 2011, 6:00 pm

OTL logfile created on: 25/10/2011 22:32:06 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 43.35% Memory free
6.20 Gb Paging File | 4.48 Gb Available in Paging File | 72.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 198.16 Gb Free Space | 68.73% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.89 Gb Free Space | 39.81% Space Free | Partition Type: NTFS

Computer Name: DELL-530 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/25 22:28:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2011/10/21 14:00:14 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/10/17 18:18:23 | 004,615,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/10/14 07:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/14 07:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/10/14 07:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/09/29 08:09:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/08/10 21:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ccsvchst.exe
PRC - [2011/07/14 13:21:10 | 000,108,032 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/25 14:31:33 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/10/25 14:31:32 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/10/21 16:53:23 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/10/21 16:53:23 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/10/21 13:54:11 | 008,522,400 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/29 08:09:46 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/07/14 13:21:22 | 001,712,128 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libvorbis_plugin.dll
MOD - [2011/07/14 13:21:22 | 001,137,664 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libxml_plugin.dll
MOD - [2011/07/14 13:21:22 | 001,108,992 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libtaglib_plugin.dll
MOD - [2011/07/14 13:21:22 | 000,368,640 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libtheora_plugin.dll
MOD - [2011/07/14 13:21:22 | 000,123,392 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libts_plugin.dll
MOD - [2011/07/14 13:21:22 | 000,078,848 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libzip_plugin.dll
MOD - [2011/07/14 13:21:22 | 000,052,736 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libty_plugin.dll
MOD - [2011/07/14 13:21:22 | 000,046,592 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libwaveout_plugin.dll
MOD - [2011/07/14 13:21:22 | 000,044,544 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libvobsub_plugin.dll
MOD - [2011/07/14 13:21:22 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libwav_plugin.dll
MOD - [2011/07/14 13:21:22 | 000,036,352 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libvoc_plugin.dll
MOD - [2011/07/14 13:21:22 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libtta_plugin.dll
MOD - [2011/07/14 13:21:22 | 000,031,744 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libxa_plugin.dll
MOD - [2011/07/14 13:21:20 | 011,496,448 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libqt4_plugin.dll
MOD - [2011/07/14 13:21:20 | 002,169,856 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libskins2_plugin.dll
MOD - [2011/07/14 13:21:20 | 001,013,248 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libschroedinger_plugin.dll
MOD - [2011/07/14 13:21:20 | 000,130,048 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libspeex_plugin.dll
MOD - [2011/07/14 13:21:20 | 000,080,896 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libsap_plugin.dll
MOD - [2011/07/14 13:21:20 | 000,052,224 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libreal_plugin.dll
MOD - [2011/07/14 13:21:20 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libsmf_plugin.dll
MOD - [2011/07/14 13:21:20 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\librawvid_plugin.dll
MOD - [2011/07/14 13:21:20 | 000,034,304 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll
MOD - [2011/07/14 13:21:20 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\librawdv_plugin.dll
MOD - [2011/07/14 13:21:20 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll
MOD - [2011/07/14 13:21:18 | 001,231,872 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmkv_plugin.dll
MOD - [2011/07/14 13:21:18 | 000,441,856 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmod_plugin.dll
MOD - [2011/07/14 13:21:18 | 000,237,568 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libpng_plugin.dll
MOD - [2011/07/14 13:21:18 | 000,194,048 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmp4_plugin.dll
MOD - [2011/07/14 13:21:18 | 000,108,032 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libplaylist_plugin.dll
MOD - [2011/07/14 13:21:18 | 000,093,184 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmpc_plugin.dll
MOD - [2011/07/14 13:21:18 | 000,089,600 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libogg_plugin.dll
MOD - [2011/07/14 13:21:18 | 000,051,200 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libps_plugin.dll
MOD - [2011/07/14 13:21:18 | 000,040,960 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libnuv_plugin.dll
MOD - [2011/07/14 13:21:18 | 000,037,888 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll
MOD - [2011/07/14 13:21:18 | 000,035,840 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libpva_plugin.dll
MOD - [2011/07/14 13:21:18 | 000,035,840 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libnsv_plugin.dll
MOD - [2011/07/14 13:21:18 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libnsc_plugin.dll
MOD - [2011/07/14 13:21:18 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmpgv_plugin.dll
MOD - [2011/07/14 13:21:16 | 001,776,128 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblibass_plugin.dll
MOD - [2011/07/14 13:21:16 | 001,085,440 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblive555_plugin.dll
MOD - [2011/07/14 13:21:16 | 000,379,904 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libgme_plugin.dll
MOD - [2011/07/14 13:21:16 | 000,338,432 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblua_plugin.dll
MOD - [2011/07/14 13:21:16 | 000,046,592 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libhotkeys_plugin.dll
MOD - [2011/07/14 13:21:16 | 000,035,840 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblpcm_plugin.dll
MOD - [2011/07/14 13:21:16 | 000,035,328 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmjpeg_plugin.dll
MOD - [2011/07/14 13:21:16 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll
MOD - [2011/07/14 13:21:16 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll
MOD - [2011/07/14 13:21:14 | 000,309,760 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfaad_plugin.dll
MOD - [2011/07/14 13:21:14 | 000,265,216 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libflac_plugin.dll
MOD - [2011/07/14 13:21:14 | 000,258,048 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfluidsynth_plugin.dll
MOD - [2011/07/14 13:21:14 | 000,231,424 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdvdnav_plugin.dll
MOD - [2011/07/14 13:21:14 | 000,210,944 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdshow_plugin.dll
MOD - [2011/07/14 13:21:14 | 000,067,072 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdirectx_plugin.dll
MOD - [2011/07/14 13:21:14 | 000,041,984 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libflacsys_plugin.dll
MOD - [2011/07/14 13:21:14 | 000,041,472 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libes_plugin.dll
MOD - [2011/07/14 13:21:14 | 000,039,424 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfilesystem_plugin.dll
MOD - [2011/07/14 13:21:14 | 000,039,424 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdts_plugin.dll
MOD - [2011/07/14 13:21:14 | 000,037,376 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfake_plugin.dll
MOD - [2011/07/14 13:21:14 | 000,031,744 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdemux_cdg_plugin.dll
MOD - [2011/07/14 13:21:14 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfolder_plugin.dll
MOD - [2011/07/14 13:21:12 | 008,248,320 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libavcodec_plugin.dll
MOD - [2011/07/14 13:21:12 | 000,088,064 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libavi_plugin.dll
MOD - [2011/07/14 13:21:12 | 000,072,192 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libasf_plugin.dll
MOD - [2011/07/14 13:21:12 | 000,046,592 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaout_directx_plugin.dll
MOD - [2011/07/14 13:21:12 | 000,045,568 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaraw_plugin.dll
MOD - [2011/07/14 13:21:12 | 000,034,304 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libcdg_plugin.dll
MOD - [2011/07/14 13:21:12 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaiff_plugin.dll
MOD - [2011/07/14 13:21:12 | 000,033,280 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaes3_plugin.dll
MOD - [2011/07/14 13:21:12 | 000,032,256 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libau_plugin.dll
MOD - [2011/07/14 13:21:10 | 002,263,552 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\libvlccore.dll
MOD - [2011/07/14 13:21:10 | 000,108,032 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
MOD - [2011/07/14 13:21:10 | 000,101,376 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\libvlc.dll
MOD - [2011/07/14 13:21:10 | 000,090,112 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll
MOD - [2011/07/14 13:21:10 | 000,036,352 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liba52_plugin.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 07:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/10 21:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe -- (NIS)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/10/21 13:29:49 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20111025.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/21 13:29:49 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/10/21 13:29:49 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/21 13:29:49 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20111025.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/10/21 13:01:56 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/10/20 13:26:36 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111022.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011/10/15 00:10:08 | 000,818,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111014.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/08/09 00:38:11 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1301010.003\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/08/03 03:22:10 | 000,566,904 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1301010.003\SRTSP.SYS -- (SRTSP)
DRV - [2011/08/03 03:22:10 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1301010.003\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/07/29 04:20:02 | 000,897,656 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1301010.003\SYMEFA.SYS -- (SymEFA)
DRV - [2011/07/26 03:18:39 | 000,344,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1301010.003\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/07/26 03:15:51 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1301010.003\Ironx86.SYS -- (SymIRON)
DRV - [2011/07/25 19:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1301010.003\SYMDS.SYS -- (SymDS)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/09/13 17:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/12/10 21:48:26 | 000,043,520 | ---- | M] (--) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MOSUMAC.SYS -- (MOSUMAC)
DRV - [2008/03/18 16:23:06 | 000,020,480 | ---- | M] (GoTrusted) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gttap1.sys -- (gttap1)
DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.visagecomputers.co.uk/
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.visagecomputers.co.uk/
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2011/10/22 04:49:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2011/10/25 14:34:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/21 14:00:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/21 21:44:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/23 20:08:48 | 000,000,000 | ---D | M]

[2011/10/21 13:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2011/10/24 14:36:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\1i32whaz.default\extensions
[2011/10/21 16:39:49 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\1i32whaz.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011/10/25 14:47:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/21 14:13:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
[2011/10/25 14:34:07 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN
[2011/10/22 04:49:44 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN
[2011/10/21 14:00:32 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1I32WHAZ.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1I32WHAZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/10/21 13:31:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/29 08:09:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/29 02:30:22 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 02:30:22 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/29 02:30:22 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/29 02:30:22 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.1.1.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.1.1.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.1.1.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001..\Run: [GoTrusted] C:\Program Files\GoTrusted.com\GoTrusted Secure Tunnel v2.3.1.5\GoTrusted Secure Tunnel.exe (GoTrusted.com)
O4 - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71}: DhcpNameServer = 192.168.0.203
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{35b5c24d-304a-11e0-ab51-001ec982baaf}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/25 22:28:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/10/25 14:47:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/25 00:21:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Skype
[2011/10/25 00:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/10/23 00:01:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\vlc
[2011/10/22 23:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/10/22 23:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/10/22 13:26:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\Tracing
[2011/10/22 13:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/10/22 13:25:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/10/22 13:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2011/10/22 13:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/10/22 05:50:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\ConvertXToDVD
[2011/10/22 05:49:13 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys
[2011/10/22 05:49:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Vso
[2011/10/22 05:49:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\PcSetup
[2011/10/22 05:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2011/10/22 05:49:06 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv43260.dll
[2011/10/22 05:49:06 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv33260.dll
[2011/10/22 05:49:06 | 000,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv23260.dll
[2011/10/22 05:49:06 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\sipr3260.dll
[2011/10/22 05:49:06 | 000,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\cook3260.dll
[2011/10/22 05:49:05 | 001,184,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc1dmod.dll
[2011/10/22 05:49:05 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2011/10/22 05:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\VSO
[2011/10/22 01:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
[2011/10/22 01:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2011/10/22 01:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/10/22 01:52:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2011/10/22 01:52:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\uTorrent
[2011/10/21 21:44:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Apple Computer
[2011/10/21 21:43:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/21 21:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/21 21:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/10/21 21:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/10/21 21:42:33 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apple
[2011/10/21 21:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/10/21 21:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/10/21 19:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/21 17:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/10/21 17:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/21 16:53:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\SUPERAntiSpyware.com
[2011/10/21 16:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/10/21 16:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/10/21 16:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/10/21 16:44:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\WinRAR
[2011/10/21 16:32:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\My Received Files
[2011/10/21 15:49:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\GoTrusted.com
[2011/10/21 15:39:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoTrusted
[2011/10/21 15:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\GoTrusted.com
[2011/10/21 14:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/10/21 14:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/10/21 14:33:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2011/10/21 14:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/21 14:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/21 14:33:43 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/21 14:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/21 14:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/21 14:13:42 | 000,344,184 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301010.003\symtdiv.sys
[2011/10/21 14:13:41 | 000,897,656 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301010.003\symefa.sys
[2011/10/21 14:13:41 | 000,566,904 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301010.003\srtsp.sys
[2011/10/21 14:13:41 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301010.003\symds.sys
[2011/10/21 14:13:41 | 000,314,488 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301010.003\symnets.sys
[2011/10/21 14:13:41 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301010.003\ironx86.sys
[2011/10/21 14:13:41 | 000,132,744 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301010.003\ccsetx86.sys
[2011/10/21 14:13:41 | 000,031,864 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301010.003\srtspx.sys
[2011/10/21 14:13:17 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/10/21 14:13:17 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/10/21 14:13:17 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/10/21 14:13:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1301010.003
[2011/10/21 14:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2011/10/21 14:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/10/21 14:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/10/21 14:07:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Adobe
[2011/10/21 14:04:21 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/10/21 14:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/10/21 14:00:29 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011/10/21 14:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/10/21 14:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\real
[2011/10/21 13:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2011/10/21 13:59:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Real
[2011/10/21 13:55:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Secunia PSI
[2011/10/21 13:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/10/21 13:54:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/10/21 13:54:11 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/21 13:52:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Mozilla
[2011/10/21 13:52:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Mozilla
[2011/10/21 13:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/10/21 13:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/10/21 13:46:12 | 000,544,656 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2011/10/21 13:46:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/21 13:46:05 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/10/21 13:46:05 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/10/21 13:46:05 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/10/21 13:46:05 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/10/21 13:46:05 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/10/21 13:46:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/21 13:46:05 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/10/21 13:46:04 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/10/21 13:46:03 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/10/21 13:46:03 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/10/21 13:46:03 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/10/21 13:46:03 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/10/21 13:46:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/21 13:46:03 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/10/21 13:46:03 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/10/21 13:46:03 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/10/21 13:46:03 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/10/21 13:46:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/21 13:46:02 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/10/21 13:46:02 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/21 13:46:02 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/10/21 13:46:02 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/10/21 13:46:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/10/21 13:46:02 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/10/21 13:46:02 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/10/21 13:46:02 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/10/21 13:46:02 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/10/21 13:46:01 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/10/21 13:46:01 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/10/21 13:46:01 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/10/21 13:46:01 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/10/21 13:46:01 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/10/21 13:46:01 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/10/21 13:46:01 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/10/21 13:46:01 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/10/21 13:46:01 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/10/21 13:17:24 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/10/21 13:17:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/10/21 13:17:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/10/21 13:16:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/10/21 13:16:21 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/10/21 13:16:21 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/10/21 13:16:21 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/10/21 13:16:21 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/10/21 13:16:21 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/10/21 13:16:20 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/10/21 13:16:20 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/10/21 13:16:20 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/10/21 13:16:20 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/10/21 13:16:20 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/10/21 13:16:18 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/10/21 13:16:18 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/10/21 13:16:18 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/10/21 13:16:18 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/10/21 13:16:18 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/10/21 13:15:59 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/10/21 13:15:59 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/21 13:15:59 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/21 13:15:59 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/21 13:15:59 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/21 13:15:57 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/10/21 13:15:57 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/10/21 13:15:56 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/10/21 13:15:56 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/10/21 13:15:56 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/10/21 13:15:56 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/10/21 13:15:56 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/10/21 13:15:56 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/10/21 13:15:54 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/10/21 13:15:54 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/10/21 13:15:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/10/21 13:15:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/10/21 13:15:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/10/21 13:15:47 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/10/21 13:15:47 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/10/21 13:15:46 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/21 13:15:45 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/10/21 13:15:42 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/10/21 13:15:42 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/10/21 13:15:26 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/10/21 13:15:24 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/10/21 13:15:24 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/10/21 13:15:05 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/10/21 13:15:05 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/10/21 13:15:05 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/10/21 13:15:05 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/10/21 13:15:05 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/10/21 13:15:05 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/10/21 13:15:05 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/10/21 13:15:05 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/10/21 13:15:05 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/10/21 13:15:05 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/10/21 13:15:05 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/10/21 13:13:54 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/10/21 13:13:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/10/21 13:13:06 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/10/21 13:13:06 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/10/21 13:13:06 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/10/21 13:13:06 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/10/21 13:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011/10/21 13:01:56 | 000,127,096 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/10/21 13:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/10/21 13:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/10/21 13:00:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2011/10/21 13:00:57 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011/10/21 13:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/10/21 13:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/10/21 13:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/10/21 13:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/10/21 12:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

========== Files - Modified Within 30 Days ==========

[2011/10/25 22:30:53 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/25 22:30:53 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/25 22:29:42 | 000,302,592 | ---- | M] () -- C:\Users\Chris\Desktop\svxr0kv0.exe
[2011/10/25 22:28:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/10/25 22:01:37 | 000,015,872 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/25 14:30:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/25 14:30:51 | 3209,875,456 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/25 01:37:09 | 000,004,782 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1301010.003\VT20111023.024
[2011/10/24 22:20:35 | 000,435,450 | ---- | M] () -- C:\Users\Chris\AppData\Local\census.cache
[2011/10/24 22:20:32 | 000,168,329 | ---- | M] () -- C:\Users\Chris\AppData\Local\ars.cache
[2011/10/24 17:06:56 | 000,001,041 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
[2011/10/23 22:33:51 | 000,000,036 | ---- | M] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache
[2011/10/22 23:28:19 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/10/22 18:23:41 | 000,000,938 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/22 13:26:02 | 000,000,759 | ---- | M] () -- C:\Users\Chris\Documents\My Sharing Folders.lnk
[2011/10/22 11:12:54 | 026,150,480 | ---- | M] () -- C:\Users\Chris\Documents\w2.pdf
[2011/10/22 05:49:31 | 001,703,671 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1301010.003\Cat.DB
[2011/10/22 05:49:13 | 000,087,608 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\inst.exe
[2011/10/22 05:49:13 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys
[2011/10/22 05:49:13 | 000,007,887 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat
[2011/10/22 05:49:13 | 000,001,144 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf
[2011/10/22 05:49:11 | 000,001,017 | ---- | M] () -- C:\Users\Chris\Desktop\ConvertXtoDVD 4.lnk
[2011/10/22 05:49:11 | 000,001,009 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2011/10/22 01:54:13 | 000,001,728 | ---- | M] () -- C:\Users\Chris\Desktop\PeerBlock.lnk
[2011/10/22 01:53:20 | 000,000,776 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/10/22 01:53:20 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/10/21 21:43:48 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/21 17:15:02 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/21 16:52:47 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/21 15:27:11 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/21 15:27:11 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/21 14:36:54 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/10/21 14:33:49 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/21 14:19:46 | 000,002,204 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/10/21 14:12:55 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2011/10/21 14:12:55 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/10/21 14:12:55 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/10/21 14:12:55 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/10/21 14:11:49 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/21 14:09:59 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/21 14:01:00 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/10/21 14:00:29 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011/10/21 14:00:18 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011/10/21 14:00:18 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011/10/21 14:00:15 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/10/21 13:55:02 | 000,000,899 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/10/21 13:52:12 | 000,000,870 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/21 13:52:11 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/21 13:50:15 | 000,000,943 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/21 13:46:15 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/10/21 13:46:15 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/10/21 13:46:05 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/21 13:46:05 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/10/21 13:46:05 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/10/21 13:46:05 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/10/21 13:46:05 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/10/21 13:46:05 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/10/21 13:46:05 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/21 13:46:05 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/10/21 13:46:04 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/10/21 13:46:03 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/10/21 13:46:03 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/10/21 13:46:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/10/21 13:46:03 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/10/21 13:46:03 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/21 13:46:03 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/10/21 13:46:03 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/10/21 13:46:03 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/10/21 13:46:03 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/10/21 13:46:03 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/10/21 13:46:02 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/21 13:46:02 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/10/21 13:46:02 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/21 13:46:02 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/10/21 13:46:02 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/10/21 13:46:02 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/10/21 13:46:02 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/10/21 13:46:02 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/10/21 13:46:02 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/10/21 13:46:02 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/10/21 13:46:01 | 001,798,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/10/21 13:46:01 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/10/21 13:46:01 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/10/21 13:46:01 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/10/21 13:46:01 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/10/21 13:46:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/10/21 13:46:01 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/10/21 13:46:01 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/10/21 13:46:01 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/10/21 13:40:58 | 000,245,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/21 13:01:56 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/10/21 13:01:56 | 000,007,510 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/10/21 13:01:56 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF

========== Files Created - No Company Name ==========

[2011/10/25 22:29:11 | 000,302,592 | ---- | C] () -- C:\Users\Chris\Desktop\svxr0kv0.exe
[2011/10/25 01:37:16 | 000,004,782 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\VT20111023.024
[2011/10/23 23:58:08 | 000,435,450 | ---- | C] () -- C:\Users\Chris\AppData\Local\census.cache
[2011/10/23 23:57:42 | 000,168,329 | ---- | C] () -- C:\Users\Chris\AppData\Local\ars.cache
[2011/10/23 22:33:51 | 000,000,036 | ---- | C] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache
[2011/10/22 23:28:18 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/10/22 18:23:41 | 000,000,938 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/22 13:26:02 | 000,000,759 | ---- | C] () -- C:\Users\Chris\Documents\My Sharing Folders.lnk
[2011/10/22 11:12:53 | 026,150,480 | ---- | C] () -- C:\Users\Chris\Documents\w2.pdf
[2011/10/22 05:50:27 | 000,001,041 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
[2011/10/22 05:49:13 | 000,087,608 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\inst.exe
[2011/10/22 05:49:13 | 000,007,887 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat
[2011/10/22 05:49:13 | 000,001,144 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf
[2011/10/22 05:49:11 | 000,001,009 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2011/10/22 05:49:10 | 000,001,017 | ---- | C] () -- C:\Users\Chris\Desktop\ConvertXtoDVD 4.lnk
[2011/10/22 04:42:48 | 000,015,872 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/22 01:54:13 | 000,001,728 | ---- | C] () -- C:\Users\Chris\Desktop\PeerBlock.lnk
[2011/10/22 01:53:20 | 000,000,776 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/10/22 01:53:20 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/10/21 21:43:47 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/21 21:42:31 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/10/21 17:15:02 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/21 16:52:47 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/21 14:33:49 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/21 14:18:46 | 001,703,671 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\Cat.DB
[2011/10/21 14:13:41 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\symnetv.cat
[2011/10/21 14:13:41 | 000,007,510 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\ccsetx86.cat
[2011/10/21 14:13:41 | 000,007,498 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\symefa.cat
[2011/10/21 14:13:41 | 000,007,496 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\srtspx.cat
[2011/10/21 14:13:41 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\symds.cat
[2011/10/21 14:13:41 | 000,007,492 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\srtsp.cat
[2011/10/21 14:13:41 | 000,007,492 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\iron.cat
[2011/10/21 14:13:41 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\symnet.cat
[2011/10/21 14:13:41 | 000,003,433 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\symefa.inf
[2011/10/21 14:13:41 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\symds.inf
[2011/10/21 14:13:41 | 000,001,468 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\symnetv.inf
[2011/10/21 14:13:41 | 000,001,440 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\symnet.inf
[2011/10/21 14:13:41 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\srtspx.inf
[2011/10/21 14:13:41 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\srtsp.inf
[2011/10/21 14:13:41 | 000,000,828 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\ccsetx86.inf
[2011/10/21 14:13:41 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\iron.inf
[2011/10/21 14:13:09 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\isolate.ini
[2011/10/21 14:09:57 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/21 14:09:57 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/21 14:01:00 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/10/21 13:55:02 | 000,000,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/10/21 13:55:02 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011/10/21 13:54:37 | 3209,875,456 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/21 13:52:11 | 000,000,870 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/21 13:52:10 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/21 13:52:10 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/21 13:46:03 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/10/21 13:16:18 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/10/21 13:16:18 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/10/21 13:16:18 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/10/21 13:01:56 | 000,007,510 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/10/21 13:01:56 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/10/21 13:01:40 | 000,002,204 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/02/04 14:50:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/02/04 14:50:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/04 14:19:09 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1472.dll
[2011/02/04 13:24:09 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2008/10/23 13:54:22 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/10/23 13:20:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/23 13:05:52 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,245,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/02/04 14:38:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AVG10
[2011/10/25 16:42:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2011/10/24 17:06:57 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vso
[2011/10/25 14:30:13 | 000,015,756 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
Milk21
Regular Member
 
Posts: 20
Joined: October 21st, 2011, 12:45 pm

Re: real slow rootkit and AV scans

Unread postby Milk21 » October 25th, 2011, 6:01 pm

OTL Extras logfile created on: 25/10/2011 22:32:06 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 43.35% Memory free
6.20 Gb Paging File | 4.48 Gb Available in Paging File | 72.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 198.16 Gb Free Space | 68.73% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.89 Gb Free Space | 39.81% Space Free | Partition Type: NTFS

Computer Name: DELL-530 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7754C6AB-E088-42B8-BA9B-63C1EA3853E8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D1837306-E88A-4E9B-9458-F58EAD162081}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{058203EF-E2FA-4769-9804-DF92E237C632}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{1D579CD2-7CD8-4966-BB19-1DDC5FBFF0FC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6F2BB904-B011-49BA-9FCC-D9B076A725D6}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{BF817AA3-45F2-4927-96F4-E8A7AB283934}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{C04C434B-3DC7-450E-8599-2486C2B211FF}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D3CA3F08-5689-46F5-AACE-C81F4249FA31}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E00B87B6-1B74-441A-B6C4-529AD3385CBF}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCCDF430-FFC5-41E8-82EB-FB7959EBC450}" = GoTrusted Secure Tunnel v2.3.1.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CCleaner" = CCleaner
"EasyBCD" = EasyBCD 1.7
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2180] [2008-10-04]
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 7.0.1 (x86 en-GB)" = Mozilla Firefox 7.0.1 (x86 en-GB)
"Nero7Lite_is1" = Nero 7 Lite 7.10.1.2
"NIS" = Norton Internet Security
"RealPlayer 12.0" = RealPlayer
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/10/2011 09:21:46 | Computer Name = DELL-530 | Source = Windows Search Service | ID = 3013
Description =

Error - 21/10/2011 09:21:47 | Computer Name = DELL-530 | Source = Windows Search Service | ID = 3013
Description =

Error - 21/10/2011 09:21:47 | Computer Name = DELL-530 | Source = Windows Search Service | ID = 3013
Description =

Error - 21/10/2011 09:21:47 | Computer Name = DELL-530 | Source = Windows Search Service | ID = 3013
Description =

Error - 21/10/2011 09:21:47 | Computer Name = DELL-530 | Source = Windows Search Service | ID = 3013
Description =

Error - 21/10/2011 10:20:27 | Computer Name = DELL-530 | Source = WinMgmt | ID = 10
Description =

Error - 21/10/2011 12:27:04 | Computer Name = DELL-530 | Source = WinMgmt | ID = 10
Description =

Error - 21/10/2011 12:42:56 | Computer Name = DELL-530 | Source = WinMgmt | ID = 10
Description =

Error - 21/10/2011 23:48:12 | Computer Name = DELL-530 | Source = WinMgmt | ID = 10
Description =

Error - 22/10/2011 13:28:21 | Computer Name = DELL-530 | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 04/02/2011 08:34:24 | Computer Name = DELL-530 | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 04/02/2011 08:34:24 | Computer Name = DELL-530 | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 04/02/2011 08:34:24 | Computer Name = DELL-530 | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 04/02/2011 08:34:24 | Computer Name = DELL-530 | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 04/02/2011 08:34:24 | Computer Name = DELL-530 | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 04/02/2011 08:46:26 | Computer Name = DELL-530 | Source = HTTP | ID = 15016
Description =

Error - 04/02/2011 09:05:30 | Computer Name = DELL-530 | Source = HTTP | ID = 15016
Description =

Error - 04/02/2011 09:26:06 | Computer Name = DELL-530 | Source = HTTP | ID = 15016
Description =

Error - 04/02/2011 09:40:17 | Computer Name = DELL-530 | Source = HTTP | ID = 15016
Description =

Error - 04/02/2011 12:43:50 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7001
Description =


< End of report >
Milk21
Regular Member
 
Posts: 20
Joined: October 21st, 2011, 12:45 pm

Re: real slow rootkit and AV scans

Unread postby Milk21 » October 25th, 2011, 6:03 pm

MER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-25 22:53:37
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320613AS rev.DE11
Running: svxr0kv0.exe; Driver: C:\Users\Chris\AppData\Local\Temp\kfriapod.sys


---- System - GMER 1.0.15 ----

SSDT 86B9CEE0 ZwAlertResumeThread
SSDT 86850548 ZwAlertThread
SSDT 867F24D0 ZwAllocateVirtualMemory
SSDT 862C3330 ZwAlpcConnectPort
SSDT 86E57970 ZwAssignProcessToJobObject
SSDT 86DE0E80 ZwCreateMutant
SSDT 86850058 ZwCreateSymbolicLinkObject
SSDT 86EA0310 ZwCreateThread
SSDT 86E57A50 ZwDebugActiveProcess
SSDT 867F2628 ZwDuplicateObject
SSDT 86874E58 ZwFreeVirtualMemory
SSDT 86E571A8 ZwImpersonateAnonymousToken
SSDT 86A19350 ZwImpersonateThread
SSDT 866FB2F0 ZwLoadDriver
SSDT 86874D78 ZwMapViewOfSection
SSDT 867F23B0 ZwOpenEvent
SSDT 86EA0058 ZwOpenProcess
SSDT 86DAF328 ZwOpenProcessToken
SSDT 867F2210 ZwOpenSection
SSDT 867F26F8 ZwOpenThread
SSDT 86850248 ZwProtectVirtualMemory
SSDT 86EA0C50 ZwResumeThread
SSDT 86EA0F90 ZwSetContextThread
SSDT 86874C20 ZwSetInformationProcess
SSDT 867F20C8 ZwSetSystemInformation
SSDT 867F22F0 ZwSuspendProcess
SSDT 86EA0E10 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8FBCA640]
SSDT 86EA0ED0 ZwTerminateThread
SSDT 86EA0020 ZwUnmapViewOfSection
SSDT 86874F28 ZwWriteVirtualMemory
SSDT 86850148 ZwCreateThreadEx

INT 0x01 \??\C:\Users\Chris\AppData\Local\Temp\mbr.sys 8539EC42

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 81AB68A0 8 Bytes [E0, CE, B9, 86, 48, 05, 85, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 81AB68B4 1 Byte [D0]
.text ntkrnlpa.exe!KeSetEvent + 131 81AB68B4 4 Bytes [D0, 24, 7F, 86]
.text ntkrnlpa.exe!KeSetEvent + 13D 81AB68C0 4 Bytes [30, 33, 2C, 86] {XOR [EBX], DH; SUB AL, 0x86}
.text ntkrnlpa.exe!KeSetEvent + 191 81AB6914 4 Bytes [70, 79, E5, 86] {JO 0x7b; IN EAX, 0x86}
.text ...
? C:\Users\Chris\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\real\realplayer\Update\realsched.exe[488] kernel32.dll!SetUnhandledExceptionFilter 7697A8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1088] USER32.dll!SetWindowLongA 7675E7CD 4 Bytes JMP 634AE349 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1088] USER32.dll!SetWindowLongW 767613B4 4 Bytes JMP 634AE2DB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1088] USER32.dll!GetWindowInfo 7676428E 5 Bytes JMP 632689A7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1088] USER32.dll!TrackPopupMenu 767714F3 4 Bytes JMP 63268F65 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4772] ntdll.dll!LdrLoadDll 771393A8 5 Bytes JMP 630EFAE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4772] ntdll.dll!NtMapViewOfSection 77174974 5 Bytes JMP 00CE003A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4772] kernel32.dll!ReadProcessMemory + 3E 76951CB3 7 Bytes JMP 00CE00F7
.text C:\Program Files\Mozilla Firefox\firefox.exe[4772] kernel32.dll!WriteProcessMemory + 106 76951DBE 7 Bytes JMP 00CE0319
.text C:\Program Files\Mozilla Firefox\firefox.exe[4772] kernel32.dll!CreateIoCompletionPort + 52 76979DA6 7 Bytes JMP 00CE03CF
.text C:\Program Files\Mozilla Firefox\firefox.exe[4772] kernel32.dll!VirtualAllocEx + 54 7699AF70 7 Bytes JMP 00CE0263
.text C:\Program Files\Mozilla Firefox\firefox.exe[4772] kernel32.dll!GetProcessHandleCount + 35 769E5D4F 7 Bytes JMP 00CE01AD

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----
Milk21
Regular Member
 
Posts: 20
Joined: October 21st, 2011, 12:45 pm

Re: real slow rootkit and AV scans

Unread postby Milk21 » October 25th, 2011, 6:32 pm

Eset didnt find anything
Milk21
Regular Member
 
Posts: 20
Joined: October 21st, 2011, 12:45 pm

Re: real slow rootkit and AV scans

Unread postby Gary R » October 26th, 2011, 4:44 am

No signs of Malware on your computer, however there are a few things need attending to.

First

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

uTorrent
Java(TM) 6 Update 29


Use of P2P programs is one of the surest ways to pick up an infection that I know.

You have two versions of Java on your computer, you need to remove one of them. Since version 7 update 1 is the most recent, I recommend you remove version 6 update 29.

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O33 - MountPoints2\{35b5c24d-304a-11e0-ab51-001ec982baaf}\Shell\AutoRun\command - "" = F:\setupSNK.exe

:Files
C:\Program Files\uTorrent
C:\Users\Chris\AppData\Roaming\uTorrent
C:\Users\Chris\AppData\Local\uTorrent
C:\Users\Public\Desktop\µTorrent.lnk
C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Let me know how your computer is running now
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: real slow rootkit and AV scans

Unread postby Milk21 » October 26th, 2011, 5:54 pm

My computer is running really slow, even slower, page keeps not responding
Milk21
Regular Member
 
Posts: 20
Joined: October 21st, 2011, 12:45 pm

Re: real slow rootkit and AV scans

Unread postby Gary R » October 26th, 2011, 6:08 pm

Are you able to post me the OTL fix log please ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: real slow rootkit and AV scans

Unread postby Milk21 » October 27th, 2011, 6:19 pm

will do so later when back home from wk
Milk21
Regular Member
 
Posts: 20
Joined: October 21st, 2011, 12:45 pm

Re: real slow rootkit and AV scans

Unread postby Milk21 » October 29th, 2011, 11:49 am

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35b5c24d-304a-11e0-ab51-001ec982baaf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35b5c24d-304a-11e0-ab51-001ec982baaf}\ not found.
File F:\setupSNK.exe not found.
========== FILES ==========
File\Folder C:\Program Files\uTorrent not found.
C:\Users\Chris\AppData\Roaming\uTorrent\ie folder moved successfully.
C:\Users\Chris\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Chris\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Chris\AppData\Roaming\uTorrent folder moved successfully.
File\Folder C:\Users\Chris\AppData\Local\uTorrent not found.
File\Folder C:\Users\Public\Desktop\µTorrent.lnk not found.
File\Folder C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chris
->Temp folder emptied: 83650255 bytes
->Temporary Internet Files folder emptied: 5650101 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 81089614 bytes
->Flash cache emptied: 9141 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9656 bytes
RecycleBin emptied: 7917761331 bytes

Total Files Cleaned = 7,713.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 10292011_164538

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Milk21
Regular Member
 
Posts: 20
Joined: October 21st, 2011, 12:45 pm

Re: real slow rootkit and AV scans

Unread postby Gary R » October 30th, 2011, 2:56 am

OTL has only removed the items we scripted, which should not have caused any deterioration of your computer.

I believe you may have remnants of an old AVG install on your computer. Norton is notorious for conflicting with other AV programs and any AVG orphans will cause problems.

Please go to .... http://download.avg.com/filedir/util/su ... 1_1322.exe .... and download and run the uninstall tool for AVG, when finished re-boot your computer.


Let me know if there is any improvement to how your computer runs.



Next

Please run a new OTL scan for me please ....

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 35 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware