Jump to content

enzod

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Myrti, The information from Norton is confusing because once the scan has finshed and detected the problem which cannot be fixed, there is no reference in the history. In fact in Norton History there are no details in either 'Resolved Security Risks', 'Scan Results', 'Unresolved Security Risks' or 'Quarantine'. Does this mean Norton has been compromised in some way? Previously 'Backdoor.Tidserv.l!inf' was listed at: c:\recycler\s-l-5-21-4051791904-2798153970-1156491738-1007\dc41.sys I cannot find any reference to this myself. Please find Combofix log below: ----------------------------------------------------------------------------------------------------------------------------------------------- ComboFix 10-04-29.01 - Mr Dileto 02/05/2010 11:17:00.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1023.478 [GMT 1:00] Running from: c:\documents and settings\Mr Dileto\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Mr Dileto\Desktop\CFScript.txt AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((( Files Created from 2010-04-02 to 2010-05-02 ))))))))))))))))))))))))))))))) . 2010-05-02 07:37 . 2010-02-01 19:20 165240 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll 2010-05-01 22:50 . 2010-04-02 17:51 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100501.018\NAVENG.SYS 2010-05-01 22:50 . 2010-04-02 17:51 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100501.018\EECTRL.SYS 2010-05-01 22:50 . 2010-04-02 17:51 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100501.018\CCERASER.DLL 2010-05-01 22:50 . 2010-04-02 17:51 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100501.018\ECMSVR32.DLL 2010-05-01 22:50 . 2010-04-02 17:51 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100501.018\NAVENG32.DLL 2010-05-01 22:50 . 2010-04-02 17:51 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100501.018\NAVEX32A.DLL 2010-05-01 22:50 . 2010-04-02 17:51 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100501.018\NAVEX15.SYS 2010-05-01 22:50 . 2010-04-02 17:51 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100501.018\ERASER.SYS 2010-05-01 21:21 . 2010-05-01 21:21 755096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe 2010-05-01 11:47 . 2010-05-01 12:51 -------- d-----w- c:\windows\maxdriver 2010-04-30 15:20 . 2010-02-26 16:26 220024 ---ha-w- c:\windows\sigcheck.exe 2010-04-30 15:05 . 2010-05-01 11:47 1230 ---ha-w- c:\windows\look.bat 2010-04-30 08:24 . 2010-04-30 08:24 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-04-27 18:36 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSvix86.sys 2010-04-27 18:36 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSXpx86.sys 2010-04-27 18:36 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\Scxpx86.dll 2010-04-27 18:36 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSxpx86.dll 2010-04-27 18:36 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSviA64.sys 2010-04-26 21:02 . 2010-02-12 17:41 558448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll 2010-04-25 20:38 . 2010-04-25 20:38 47096 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-24 18:21 . 2010-04-24 18:21 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe 2010-04-24 18:17 . 2010-04-24 18:17 -------- d-----w- c:\program files\Common Files\Java 2010-04-24 18:16 . 2010-04-24 18:16 411368 ---ha-w- c:\windows\system32\deployJava1.dll 2010-04-24 18:16 . 2010-04-24 18:16 -------- d-----w- c:\program files\Java 2010-04-24 18:08 . 2010-04-24 18:08 -------- d-----w- c:\windows\Sun 2010-04-24 18:08 . 2010-04-24 18:08 61440 ----a-w- c:\documents and settings\Mr Dileto\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7d0d3492-n\decora-sse.dll 2010-04-24 18:08 . 2010-04-24 18:08 503808 ----a-w- c:\documents and settings\Mr Dileto\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a262f0f-n\msvcp71.dll 2010-04-24 18:08 . 2010-04-24 18:08 499712 ----a-w- c:\documents and settings\Mr Dileto\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a262f0f-n\jmc.dll 2010-04-24 18:08 . 2010-04-24 18:08 348160 ----a-w- c:\documents and settings\Mr Dileto\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a262f0f-n\msvcr71.dll 2010-04-24 18:08 . 2010-04-24 18:08 12800 ----a-w- c:\documents and settings\Mr Dileto\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7d0d3492-n\decora-d3d.dll 2010-04-24 18:05 . 2010-04-24 18:05 -------- d-----w- c:\program files\Common Files\Adobe 2010-04-24 05:58 . 2010-04-24 05:58 -------- d-----w- c:\program files\Tiscali Browser 2010-04-24 05:21 . 2010-04-24 05:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sony Ericsson 2010-04-23 22:55 . 2010-04-23 22:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec 2010-04-23 22:53 . 2010-04-23 22:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2010-04-23 21:54 . 2010-04-23 21:54 -------- d-----w- c:\documents and settings\Mr Dileto\DoctorWeb 2010-04-23 19:37 . 2010-04-23 19:15 15880 ---ha-w- c:\windows\system32\lsdelete.exe 2010-04-23 19:16 . 2010-02-04 15:53 64288 ---ha-w- c:\windows\system32\drivers\Lbd.sys 2010-04-23 19:13 . 2010-04-23 19:13 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-04-23 19:13 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe 2010-04-23 19:12 . 2010-04-23 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-04-23 19:12 . 2010-04-23 19:13 -------- d-----w- c:\program files\Lavasoft 2010-04-23 15:31 . 2010-04-23 15:31 -------- d-----w- c:\program files\ESET 2010-04-23 15:10 . 2010-04-23 15:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-04-15 19:23 . 2010-04-15 19:23 0 ---ha-w- c:\windows\nsreg.dat 2010-04-15 19:23 . 2010-04-15 19:23 -------- d-----w- c:\documents and settings\Mr Dileto\Local Settings\Application Data\Mozilla 2010-04-15 00:14 . 2010-04-15 00:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-04-15 00:13 . 2010-04-15 00:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-04-14 22:42 . 2010-04-14 22:43 -------- d-----w- c:\windows\7E7D778E121D4BBDBA29FAA81B9FBD8C.TMP 2010-04-14 21:02 . 2010-04-14 21:02 -------- d-----w- c:\documents and settings\Mr Dileto\Local Settings\Application Data\avG 2010-04-14 21:02 . 2010-04-14 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avG 2010-04-12 18:29 . 2010-04-12 18:29 552 ---ha-w- c:\windows\system32\d3d8caps.dat 2010-04-11 20:18 . 2010-04-11 20:18 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-04-07 22:09 . 2010-04-07 22:09 -------- d-----w- c:\documents and settings\Mr Dileto\Application Data\Safer Networking 2010-04-07 22:09 . 2010-04-07 22:11 -------- d-----w- c:\program files\Safer Networking 2010-04-06 21:57 . 2010-04-06 21:57 -------- d-----w- c:\documents and settings\Mr Dileto\Application Data\Malwarebytes 2010-04-06 21:57 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-06 21:57 . 2010-04-06 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-06 21:57 . 2010-05-01 07:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-06 21:57 . 2010-03-29 14:24 20824 ---ha-w- c:\windows\system32\drivers\mbam.sys 2010-04-06 20:11 . 2010-04-19 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-04-06 20:11 . 2010-04-19 20:15 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-04-06 19:15 . 2010-04-06 21:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-04-06 19:15 . 2010-04-15 21:18 664 ---ha-w- c:\windows\system32\d3d9caps.dat 2010-04-06 19:15 . 2010-04-06 19:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-02 07:41 . 2010-04-25 22:37 601320 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2010-05-01 21:22 . 2010-04-23 19:15 566432 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll 2010-05-01 21:22 . 2010-04-23 19:15 893952 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe 2010-05-01 21:22 . 2010-04-23 19:15 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe 2010-05-01 21:22 . 2010-04-23 19:15 211600 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll 2010-05-01 21:22 . 2010-04-23 19:15 397480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll 2010-05-01 21:22 . 2010-04-23 19:15 574632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll 2010-05-01 18:57 . 2008-11-06 23:10 -------- d-----w- c:\documents and settings\Mr Dileto\Application Data\Symantec 2010-04-28 21:54 . 2008-11-06 20:53 69476 ---ha-w- c:\windows\hpoins05.dat 2010-04-25 22:42 . 2008-11-06 19:34 47096 ----a-w- c:\documents and settings\Mr Dileto\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-25 21:34 . 2008-11-06 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2010-04-25 21:34 . 2008-11-06 23:05 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-04-25 08:09 . 2008-11-11 12:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-04-24 06:58 . 2009-12-19 12:18 -------- d-----w- c:\program files\QuickTime 2010-04-24 06:56 . 2005-11-24 16:10 -------- d-----w- c:\program files\Common Files\Real 2010-04-24 06:52 . 2008-12-21 17:15 -------- d-----w- c:\program files\DivX 2010-04-23 22:49 . 2008-10-29 11:47 61056 ---ha-w- c:\windows\system32\drivers\ohci1394.sys 2010-04-23 19:40 . 2004-08-03 22:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys 2010-04-23 19:15 . 2010-04-23 19:15 95024 ---ha-w- c:\windows\system32\drivers\SBREDrv.sys 2010-04-23 19:15 . 2010-04-23 19:15 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys 2010-04-23 19:15 . 2010-04-23 19:15 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll 2010-04-23 19:15 . 2010-04-23 19:15 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll 2010-04-23 19:15 . 2010-04-23 19:15 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll 2010-04-23 19:15 . 2010-04-23 19:15 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll 2010-04-23 12:34 . 2009-05-06 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-04-23 12:33 . 2008-11-12 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip 2010-04-23 12:32 . 2008-12-10 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Tesco Photobook Creator 2010-04-19 19:42 . 2009-08-16 16:08 -------- d-----w- c:\program files\Nokia 2010-03-10 06:15 . 2005-09-09 22:38 420352 ---ha-w- c:\windows\system32\vbscript.dll 2010-03-04 19:07 . 2009-04-03 19:43 -------- d-----w- c:\program files\DigiGuide TV Guide 2010-02-25 06:24 . 2005-09-09 22:38 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 12:31 . 2005-09-09 22:38 454016 ---ha-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 13:17 . 2004-08-03 23:18 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 12:39 . 2004-08-03 22:59 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:47 . 2005-09-09 22:38 100864 ---ha-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:01 . 2005-09-09 22:38 226880 ---ha-w- c:\windows\system32\drivers\tcpip6.sys . ((((((((((((((((((((((((((((( SnapShot@2010-04-30_08.16.51 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-02 07:38 . 2010-05-02 07:38 16384 c:\windows\Temp\Perflib_Perfdata_1f4.dat - 2008-07-14 11:09 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe + 2008-07-14 11:09 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe + 2005-11-24 15:47 . 2010-05-01 21:22 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2005-11-24 15:47 . 2010-04-23 19:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2005-11-24 15:47 . 2010-05-01 21:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2005-11-24 15:47 . 2010-04-23 19:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2010-04-11 20:18 . 2010-04-23 19:49 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat + 2010-04-11 20:18 . 2010-05-01 21:22 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat + 2010-05-01 21:20 . 2010-05-01 21:22 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2005-11-24 15:47 . 2010-04-23 19:49 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2010-04-06 21:57 . 2010-04-29 14:39 38224 c:\windows\maxdriver\mbamswissarmy.sys + 2004-08-03 22:58 . 2004-08-03 22:58 24576 c:\windows\maxdriver\kbdclass.sys + 2005-09-09 22:38 . 2004-08-04 12:00 29056 c:\windows\maxdriver\ip6fw.sys + 2004-08-03 22:59 . 2010-04-23 19:40 95360 c:\windows\maxdriver\atapi.sys + 2005-09-09 22:38 . 2004-08-04 12:00 14336 c:\windows\maxdriver\asyncmac.sys + 2005-11-24 16:19 . 2004-08-03 23:07 42368 c:\windows\maxdriver\AGP440.SYS + 2001-08-17 13:57 . 2004-08-04 12:00 11648 c:\windows\maxdriver\acpiec.sys + 2009-12-21 19:09 . 2009-12-21 19:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll + 2009-12-22 00:57 . 2009-12-22 00:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe + 2009-12-21 19:02 . 2009-12-21 19:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll + 2009-12-21 22:21 . 2009-12-21 22:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe + 2009-12-21 22:37 . 2009-12-21 22:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe + 2009-12-21 17:39 . 2009-12-21 17:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe + 2009-12-21 17:27 . 2009-12-21 17:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll + 2009-12-21 17:27 . 2009-12-21 17:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll + 2005-09-09 22:38 . 2004-08-04 12:00 2944 c:\windows\maxdriver\null.sys + 2005-09-09 22:38 . 2004-08-04 12:00 4224 c:\windows\maxdriver\beep.sys + 2005-09-09 22:38 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll - 2005-09-09 22:38 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll + 2005-11-24 15:42 . 2010-05-02 07:37 227343 c:\windows\system32\inetsrv\MetaBase.bin - 2005-09-09 22:38 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll + 2005-09-09 22:38 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll + 2005-09-09 22:38 . 2008-06-20 10:45 360320 c:\windows\maxdriver\tcpip.sys + 2009-03-17 23:18 . 2009-08-20 17:27 124976 c:\windows\maxdriver\SYMEVENT.SYS + 2005-09-09 22:38 . 2007-02-09 11:10 574464 c:\windows\maxdriver\ntfs.sys + 2005-09-09 22:38 . 2004-08-04 12:00 182912 c:\windows\maxdriver\ndis.sys + 2008-10-29 11:53 . 2006-02-15 00:22 142464 c:\windows\maxdriver\aec.sys + 2009-12-21 17:35 . 2009-12-21 17:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll + 2009-12-21 19:05 . 2009-12-21 19:05 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlrShim.exe + 2009-12-21 17:34 . 2009-12-21 17:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll + 2009-11-09 18:18 . 2009-11-09 18:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll + 2009-12-21 19:02 . 2009-12-21 19:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe + 2009-12-21 17:43 . 2009-12-21 17:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll + 2009-12-22 00:57 . 2009-12-22 00:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe + 2009-12-21 17:15 . 2009-12-21 17:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll + 2009-12-21 18:32 . 2009-12-21 18:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe + 2009-12-21 18:15 . 2009-12-21 18:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe + 2010-05-01 09:53 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll + 2010-05-01 09:53 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe + 2010-05-01 09:53 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll + 2009-12-21 17:29 . 2009-12-21 17:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll + 2009-10-27 19:34 . 2009-10-27 19:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll + 2009-12-21 22:31 . 2009-12-21 22:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll + 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\521507.msp + 2009-12-21 22:21 . 2009-12-21 22:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848] "Ptipbmf"="ptipbmf.dll" [2003-06-20 118784] "nwiz"="nwiz.exe" [2008-05-03 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Bonjour Service"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "{1290A33C-85F5-4164-A1BE-7DD299D4986A}"="c:\program files\CyberLink\PowerBackup\PBKScheduler.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Alcmtr"=ALCMTR.EXE "BJCFD"=c:\program files\BroadJump\Client Foundation\CFD.exe "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart "NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles "PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" "SkyTel"=SkyTel.EXE "snp2uvc"=c:\windows\vsnp2uvc.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23/04/2010 20:16 64288] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SymEFA.sys [28/01/2010 10:11 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029\BHDrvx86.sys [28/01/2010 10:11 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.029\cchpx86.sys [28/01/2010 10:10 482432] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSXpx86.sys [27/04/2010 19:36 329592] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [06/04/2010 22:57 304464] R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [28/01/2010 10:10 117640] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/08/2009 09:00 102448] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/04/2010 22:57 20824] S3 BGRaSvc;BGRaSvc; [x] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [26/12/2009 20:51 18560] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 16:52 1285864] S3 MODBDA2;KWorld MOD3000 TV receiver;c:\windows\system32\drivers\modbda2.sys [12/11/2008 20:24 22272] S3 MODLOAD2;DVB-T USB2.0 adapter firmware loader;c:\windows\system32\drivers\modload2.sys [12/11/2008 20:23 18304] S3 MODRC;KWorld Infrared Receiver;c:\windows\system32\drivers\modrc.sys [12/11/2008 20:24 8960] S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [25/11/2005 00:33 85888] S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [25/11/2005 00:33 51840] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.virginmedia.com/ mLocal Page = about:blank mStart Page = about:blank mWindow Title = IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Mr Dileto\Application Data\Mozilla\Firefox\Profiles\8fhp6hib.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.virginmedia.com/ FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3956) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-05-02 11:27:26 ComboFix-quarantined-files.txt 2010-05-02 10:27 ComboFix2.txt 2010-04-30 08:19 Pre-Run: 368,626,925,568 bytes free Post-Run: 368,583,901,184 bytes free - - End Of File - - 0F00DB15737FACFE13BF0191E30A2CA1
  2. Hi Myrti, I have followed you insructions again and yes many '1 file copied' apperaed at least 15 times. The log is below but it seems the same again: ------------------------------------------------------------------------------------------------------------------------------------------ Run from C:\Documents and Settings\Mr Dileto\Desktop\maxlook.exe on 01/05/2010 at 12:56:32.62 --------- maxlook unsigned files --------- No matching files were found. --------- system32\drivers unsigned files --------- c:\windows\system32\drivers\cdr4_xp.sys: Verified: Unsigned File date: 22:48 28/08/2006 Publisher: Sonic Solutions Description: CDR4 CD and DVD Place Holder Driver (see PxHelp) Product: Drag-to-Disc Version: 8.0.0.212 File version: 8.0.0.212 c:\windows\system32\drivers\cdralw2k.sys: Verified: Unsigned File date: 22:48 28/08/2006 Publisher: Sonic Solutions Description: CDRAL Place Holder Driver (see PxHelp) Product: Drag-to-Disc Version: 8.0.0.212 File version: 8.0.0.212 c:\windows\system32\drivers\modbda2.sys: Verified: Unsigned File date: 08:27 03/05/2005 Publisher: DiBcom SA Description: DVB-T USB2.0 adapter BDA driver Product: MOD3000 MB DVB-T USB2.0 adapter BDA driver Version: 2.0.0.12 File version: 2.0.0.12 c:\windows\system32\drivers\modload2.sys: Verified: Unsigned File date: 08:52 02/05/2005 Publisher: DiBcom S.A Description: DVB-T USB2.0 adapter firmware loader Product: DVB-T USB2.0 adapter Version: 2.0.0.12 File version: 2.0.0.12 c:\windows\system32\drivers\modrc.sys: Verified: Unsigned File date: 11:13 08/06/2005 Publisher: DiBcom S.A. Description: HID Remote Control minidriver Product: MODxxxx DVB-T USB2.0 Remote Control minidriver Version: 1, 0, 2, 0 File version: 1, 0, 2, 0 c:\windows\system32\drivers\ohci1394.sys: Verified: Unsigned File date: 23:49 23/04/2010 Publisher: n/a Description: n/a Product: n/a Version: n/a File version: n/a c:\windows\system32\drivers\pxhelp20.sys: Verified: Unsigned File date: 17:57 02/11/2006 Publisher: Sonic Solutions Description: Px Engine Device Driver for Windows 2000/XP Product: PxHelp20 Version: n/a File version: 3.00.43J c:\windows\system32\drivers\sonypvs1.sys: Verified: Unsigned File date: 14:46 30/10/2006 Publisher: Sony Corporation Description: Sony Digital Imaging Product: Version: 1, 1, 1, 14 File version: 1, 1, 1, 14 Rogue configuration file = C:\WINDOWS\system32\config\default.sav Rogue configuration file = C:\WINDOWS\system32\config\software.sav Rogue configuration file = C:\WINDOWS\system32\config\system.sav
  3. Dear Myrti, As requested please find below the Max Look log file: ----------------------------------------------------------------------------------------------------------------------------------------------- Run from C:\Documents and Settings\Mr Dileto\Desktop\maxlook.exe on 30/04/2010 at 16:20:05.90 --------- maxlook unsigned files --------- No matching files were found. --------- system32\drivers unsigned files --------- c:\windows\system32\drivers\cdr4_xp.sys: Verified: Unsigned File date: 22:48 28/08/2006 Publisher: Sonic Solutions Description: CDR4 CD and DVD Place Holder Driver (see PxHelp) Product: Drag-to-Disc Version: 8.0.0.212 File version: 8.0.0.212 c:\windows\system32\drivers\cdralw2k.sys: Verified: Unsigned File date: 22:48 28/08/2006 Publisher: Sonic Solutions Description: CDRAL Place Holder Driver (see PxHelp) Product: Drag-to-Disc Version: 8.0.0.212 File version: 8.0.0.212 c:\windows\system32\drivers\modbda2.sys: Verified: Unsigned File date: 08:27 03/05/2005 Publisher: DiBcom SA Description: DVB-T USB2.0 adapter BDA driver Product: MOD3000 MB DVB-T USB2.0 adapter BDA driver Version: 2.0.0.12 File version: 2.0.0.12 c:\windows\system32\drivers\modload2.sys: Verified: Unsigned File date: 08:52 02/05/2005 Publisher: DiBcom S.A Description: DVB-T USB2.0 adapter firmware loader Product: DVB-T USB2.0 adapter Version: 2.0.0.12 File version: 2.0.0.12 c:\windows\system32\drivers\modrc.sys: Verified: Unsigned File date: 11:13 08/06/2005 Publisher: DiBcom S.A. Description: HID Remote Control minidriver Product: MODxxxx DVB-T USB2.0 Remote Control minidriver Version: 1, 0, 2, 0 File version: 1, 0, 2, 0 c:\windows\system32\drivers\ohci1394.sys: Verified: Unsigned File date: 23:49 23/04/2010 Publisher: n/a Description: n/a Product: n/a Version: n/a File version: n/a c:\windows\system32\drivers\pxhelp20.sys: Verified: Unsigned File date: 17:57 02/11/2006 Publisher: Sonic Solutions Description: Px Engine Device Driver for Windows 2000/XP Product: PxHelp20 Version: n/a File version: 3.00.43J c:\windows\system32\drivers\sonypvs1.sys: Verified: Unsigned File date: 14:46 30/10/2006 Publisher: Sony Corporation Description: Sony Digital Imaging Product: Version: 1, 1, 1, 14 File version: 1, 1, 1, 14 Rogue configuration file = C:\WINDOWS\system32\config\default.sav Rogue configuration file = C:\WINDOWS\system32\config\software.sav Rogue configuration file = C:\WINDOWS\system32\config\system.sav
  4. Hi Myrti, Please find the ComboFix log below: --------------------------------------------------------------------------------------------------------------------------------------------- ComboFix 10-04-29.01 - Mr Dileto 30/04/2010 9:09.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1023.430 [GMT 1:00] Running from: c:\documents and settings\Mr Dileto\Desktop\ComboFix.exe AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-3280019663-960141844-3905040108-500 c:\windows\system32\Cache c:\windows\system32\images c:\windows\system32\images\3models.gif c:\windows\system32\images\but3_off.gif c:\windows\system32\images\but3_on.gif c:\windows\system32\images\main_bot.gif c:\windows\system32\images\main_mid.gif c:\windows\system32\images\main_top.gif c:\windows\system32\images\model1.gif c:\windows\system32\images\panel_bot.gif c:\windows\system32\images\panel_top.gif c:\windows\system32\images\pc.gif c:\windows\system32\images\pcw_award_cover.gif c:\windows\system32\images\pcwcover.gif c:\windows\system32\images\Thumbs.db c:\windows\system32\images\topoff.gif c:\windows\system32\images\topon.gif c:\windows\system32\images\webscreen.gif c:\windows\system32\Thumbs.db . ((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-30 ))))))))))))))))))))))))))))))) . 2010-04-30 06:50 . 2010-04-02 17:51 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100429.021\NAVENG.SYS 2010-04-30 06:50 . 2010-04-02 17:51 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100429.021\EECTRL.SYS 2010-04-30 06:50 . 2010-04-02 17:51 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100429.021\CCERASER.DLL 2010-04-30 06:50 . 2010-04-02 17:51 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100429.021\ECMSVR32.DLL 2010-04-30 06:50 . 2010-04-02 17:51 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100429.021\NAVENG32.DLL 2010-04-30 06:50 . 2010-04-02 17:51 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100429.021\NAVEX32A.DLL 2010-04-30 06:50 . 2010-04-02 17:51 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100429.021\NAVEX15.SYS 2010-04-30 06:50 . 2010-04-02 17:51 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100429.021\ERASER.SYS 2010-04-30 06:40 . 2010-02-01 19:20 165240 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll 2010-04-27 18:36 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSvix86.sys 2010-04-27 18:36 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSXpx86.sys 2010-04-27 18:36 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\Scxpx86.dll 2010-04-27 18:36 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSxpx86.dll 2010-04-27 18:36 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSviA64.sys 2010-04-26 21:02 . 2010-02-12 17:41 558448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll 2010-04-25 20:38 . 2010-04-25 20:38 47096 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-24 18:21 . 2010-04-24 18:21 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe 2010-04-24 18:17 . 2010-04-24 18:17 -------- d-----w- c:\program files\Common Files\Java 2010-04-24 18:16 . 2010-04-24 18:16 411368 ---ha-w- c:\windows\system32\deployJava1.dll 2010-04-24 18:16 . 2010-04-24 18:16 -------- d-----w- c:\program files\Java 2010-04-24 18:08 . 2010-04-24 18:08 -------- d-----w- c:\windows\Sun 2010-04-24 18:08 . 2010-04-24 18:08 61440 ----a-w- c:\documents and settings\Mr Dileto\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7d0d3492-n\decora-sse.dll 2010-04-24 18:08 . 2010-04-24 18:08 503808 ----a-w- c:\documents and settings\Mr Dileto\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a262f0f-n\msvcp71.dll 2010-04-24 18:08 . 2010-04-24 18:08 499712 ----a-w- c:\documents and settings\Mr Dileto\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a262f0f-n\jmc.dll 2010-04-24 18:08 . 2010-04-24 18:08 348160 ----a-w- c:\documents and settings\Mr Dileto\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a262f0f-n\msvcr71.dll 2010-04-24 18:08 . 2010-04-24 18:08 12800 ----a-w- c:\documents and settings\Mr Dileto\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7d0d3492-n\decora-d3d.dll 2010-04-24 18:05 . 2010-04-24 18:05 -------- d-----w- c:\program files\Common Files\Adobe 2010-04-24 05:58 . 2010-04-24 05:58 -------- d-----w- c:\program files\Tiscali Browser 2010-04-24 05:21 . 2010-04-24 05:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sony Ericsson 2010-04-23 22:55 . 2010-04-23 22:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec 2010-04-23 22:53 . 2010-04-23 22:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2010-04-23 21:54 . 2010-04-23 21:54 -------- d-----w- c:\documents and settings\Mr Dileto\DoctorWeb 2010-04-23 19:37 . 2010-04-23 19:15 15880 ---ha-w- c:\windows\system32\lsdelete.exe 2010-04-23 19:16 . 2010-02-04 15:53 64288 ---ha-w- c:\windows\system32\drivers\Lbd.sys 2010-04-23 19:13 . 2010-04-23 19:13 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-04-23 19:13 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe 2010-04-23 19:12 . 2010-04-23 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-04-23 19:12 . 2010-04-23 19:13 -------- d-----w- c:\program files\Lavasoft 2010-04-23 15:31 . 2010-04-23 15:31 -------- d-----w- c:\program files\ESET 2010-04-23 15:10 . 2010-04-23 15:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-04-15 19:23 . 2010-04-15 19:23 0 ----a-w- c:\windows\nsreg.dat 2010-04-15 19:23 . 2010-04-15 19:23 -------- d-----w- c:\documents and settings\Mr Dileto\Local Settings\Application Data\Mozilla 2010-04-15 00:14 . 2010-04-15 00:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-04-15 00:13 . 2010-04-15 00:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-04-14 22:42 . 2010-04-14 22:43 -------- d-----w- c:\windows\7E7D778E121D4BBDBA29FAA81B9FBD8C.TMP 2010-04-14 21:02 . 2010-04-14 21:02 -------- d-----w- c:\documents and settings\Mr Dileto\Local Settings\Application Data\avG 2010-04-14 21:02 . 2010-04-14 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avG 2010-04-12 18:29 . 2010-04-12 18:29 552 ---ha-w- c:\windows\system32\d3d8caps.dat 2010-04-11 20:18 . 2010-04-11 20:18 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-04-07 22:09 . 2010-04-07 22:09 -------- d-----w- c:\documents and settings\Mr Dileto\Application Data\Safer Networking 2010-04-07 22:09 . 2010-04-07 22:11 -------- d-----w- c:\program files\Safer Networking 2010-04-06 21:57 . 2010-04-06 21:57 -------- d-----w- c:\documents and settings\Mr Dileto\Application Data\Malwarebytes 2010-04-06 21:57 . 2010-03-29 14:24 38224 ---ha-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-06 21:57 . 2010-04-06 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-06 21:57 . 2010-04-06 21:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-06 21:57 . 2010-03-29 14:24 20824 ---ha-w- c:\windows\system32\drivers\mbam.sys 2010-04-06 20:11 . 2010-04-19 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-04-06 20:11 . 2010-04-19 20:15 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-04-06 19:15 . 2010-04-06 21:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-04-06 19:15 . 2010-04-15 21:18 664 ---ha-w- c:\windows\system32\d3d9caps.dat 2010-04-06 19:15 . 2010-04-06 19:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-30 06:44 . 2010-04-25 22:37 601320 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2010-04-28 21:54 . 2008-11-06 20:53 69476 ----a-w- c:\windows\hpoins05.dat 2010-04-25 22:42 . 2008-11-06 19:34 47096 ----a-w- c:\documents and settings\Mr Dileto\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-25 21:34 . 2008-11-06 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2010-04-25 21:34 . 2008-11-06 23:05 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-04-25 08:09 . 2008-11-11 12:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-04-24 06:58 . 2009-12-19 12:18 -------- d-----w- c:\program files\QuickTime 2010-04-24 06:56 . 2005-11-24 16:10 -------- d-----w- c:\program files\Common Files\Real 2010-04-24 06:52 . 2008-12-21 17:15 -------- d-----w- c:\program files\DivX 2010-04-23 22:49 . 2008-10-29 11:47 61056 ---ha-w- c:\windows\system32\drivers\ohci1394.sys 2010-04-23 19:40 . 2004-08-03 22:59 95360 ---ha-w- c:\windows\system32\drivers\atapi.sys 2010-04-23 12:34 . 2009-05-06 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-04-23 12:33 . 2008-11-12 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip 2010-04-23 12:32 . 2008-12-10 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Tesco Photobook Creator 2010-04-19 19:42 . 2009-08-16 16:08 -------- d-----w- c:\program files\Nokia 2010-03-10 06:15 . 2005-09-09 22:38 420352 ---ha-w- c:\windows\system32\vbscript.dll 2010-03-04 19:07 . 2009-04-03 19:43 -------- d-----w- c:\program files\DigiGuide TV Guide 2010-02-25 06:24 . 2005-09-09 22:38 916480 ---ha-w- c:\windows\system32\wininet.dll 2010-02-24 12:31 . 2005-09-09 22:38 454016 ---ha-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 13:17 . 2004-08-03 23:18 2137088 ---ha-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 12:39 . 2004-08-03 22:59 2016768 ---ha-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:47 . 2005-09-09 22:38 100864 ---ha-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:01 . 2005-09-09 22:38 226880 ---ha-w- c:\windows\system32\drivers\tcpip6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848] "Ptipbmf"="ptipbmf.dll" [2003-06-20 118784] "nwiz"="nwiz.exe" [2008-05-03 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Bonjour Service"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "{1290A33C-85F5-4164-A1BE-7DD299D4986A}"="c:\program files\CyberLink\PowerBackup\PBKScheduler.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Alcmtr"=ALCMTR.EXE "BJCFD"=c:\program files\BroadJump\Client Foundation\CFD.exe "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart "NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles "PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" "SkyTel"=SkyTel.EXE "snp2uvc"=c:\windows\vsnp2uvc.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23/04/2010 20:16 64288] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SymEFA.sys [28/01/2010 10:11 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029\BHDrvx86.sys [28/01/2010 10:11 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.029\cchpx86.sys [28/01/2010 10:10 482432] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSXpx86.sys [27/04/2010 19:36 329592] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [06/04/2010 22:57 303952] R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [28/01/2010 10:10 117640] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/08/2009 09:00 102448] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/04/2010 22:57 20824] S3 BGRaSvc;BGRaSvc; [x] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [26/12/2009 20:51 18560] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 16:52 1265264] S3 MODBDA2;KWorld MOD3000 TV receiver;c:\windows\system32\drivers\modbda2.sys [12/11/2008 20:24 22272] S3 MODLOAD2;DVB-T USB2.0 adapter firmware loader;c:\windows\system32\drivers\modload2.sys [12/11/2008 20:23 18304] S3 MODRC;KWorld Infrared Receiver;c:\windows\system32\drivers\modrc.sys [12/11/2008 20:24 8960] S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [25/11/2005 00:33 85888] S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [25/11/2005 00:33 51840] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.virginmedia.com/ mLocal Page = about:blank mStart Page = about:blank mWindow Title = IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Mr Dileto\Application Data\Mozilla\Firefox\Profiles\8fhp6hib.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.virginmedia.com/ FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHANS REMOVED - - - - SafeBoot-klmdb.sys ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-30 09:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1" . Completion time: 2010-04-30 09:19:32 ComboFix-quarantined-files.txt 2010-04-30 08:19 Pre-Run: 368,490,921,984 bytes free Post-Run: 368,512,245,760 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect [spybotsd] timeout.old=30 - - End Of File - - ADCF89EE7188DC557CB017BE5B07B774
  5. Hi Myrti, I tried to run GMER twice in normal mode and the computer crashed and restarted both times. Then I ran it in safe mode and it was fine. Please see the log below: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-04-28 22:39:24 Windows 5.1.2600 Service Pack 2 Running: 82gfyibe.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\axryrpog.sys ---- System - GMER 1.0.15 ---- SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF75BF87E] SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF75BFBFE] ---- Kernel code sections - GMER 1.0.15 ---- ? SYMEFA.SYS The system cannot find the file specified. ! ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Fastfat \Fat F69C8C8A AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@c!s!j!\30!\22!s!t!i!\30!t!y!f!\22!\24!\30!i! 71230 ---- EOF - GMER 1.0.15 ----
  6. OTL logfile created on: 27/04/2010 21:13:04 - Run 1 OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Mr Dileto\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1,023.00 Mb Total Physical Memory | 260.00 Mb Available Physical Memory | 25.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 460.87 Gb Total Space | 343.33 Gb Free Space | 74.50% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 293.69 Gb Total Space | 276.08 Gb Free Space | 94.00% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-94761DD7AC Current User Name: Mr Dileto Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/04/27 21:08:59 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr Dileto\Desktop\OTL.exe PRC - [2010/04/01 19:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/03/29 15:24:54 | 000,303,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010/03/29 15:24:52 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2009/08/22 08:28:17 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005/01/14 19:22:52 | 000,737,379 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe PRC - [2005/01/14 19:22:50 | 000,024,576 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe PRC - [2005/01/14 19:22:26 | 000,110,711 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe PRC - [2005/01/14 19:22:24 | 000,172,153 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe PRC - [2004/09/29 13:14:36 | 000,069,632 | -H-- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe PRC - [2004/08/04 13:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe ========== Modules (SafeList) ========== MOD - [2010/04/27 21:08:59 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr Dileto\Desktop\OTL.exe MOD - [2009/08/22 08:28:14 | 000,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\asOEHook.dll MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (BGRaSvc) SRV - [2010/04/23 20:15:40 | 001,265,264 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010/03/29 15:24:54 | 000,303,952 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2009/08/22 08:28:17 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security) SRV - [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist) SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005/01/14 19:22:50 | 000,024,576 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service) SRV - [2005/01/14 19:22:26 | 000,110,711 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2005/01/14 19:22:24 | 000,172,153 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2004/09/29 13:14:36 | 000,069,632 | -H-- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2004/08/04 13:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC) SRV - [2004/08/04 13:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP) SRV - [2004/08/04 13:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc) SRV - [2004/08/04 13:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) ========== Driver Services (SafeList) ========== DRV - [2010/04/23 23:49:53 | 000,061,056 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ohci1394.sys -- (ohci1394) DRV - [2010/04/02 18:51:10 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100427.002\NAVEX15.SYS -- (NAVEX15) DRV - [2010/04/02 18:51:10 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2010/04/02 18:51:10 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100427.002\NAVENG.SYS -- (NAVENG) DRV - [2010/03/29 15:24:46 | 000,020,824 | -H-- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010/02/04 16:53:02 | 000,064,288 | -H-- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2010/01/28 10:10:52 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\ccHPx86.sys -- (ccHP) DRV - [2009/11/10 10:27:06 | 000,018,560 | -H-- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb) DRV - [2009/10/28 23:37:22 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSXpx86.sys -- (IDSxpx86) DRV - [2009/08/27 09:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009/08/22 08:28:17 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS -- (SymEFA) DRV - [2009/08/22 08:28:17 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SRTSP.SYS -- (SRTSP) DRV - [2009/08/22 08:28:17 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86) DRV - [2009/08/22 08:28:17 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMTDI.SYS -- (SYMTDI) DRV - [2009/08/22 08:28:17 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW) DRV - [2009/08/22 08:28:17 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2009/08/22 08:28:17 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDIS.SYS -- (SYMNDIS) DRV - [2009/08/22 08:28:17 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS.SYS -- (SYMIDS) DRV - [2009/08/20 18:27:49 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009/08/18 20:11:17 | 000,036,400 | RH-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP) DRV - [2009/08/18 20:11:17 | 000,036,400 | RH-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM) DRV - [2009/02/09 08:37:56 | 000,007,808 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009/02/09 08:37:48 | 000,007,808 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009/02/09 08:37:46 | 000,022,016 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009/02/09 08:37:46 | 000,017,664 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008/08/26 10:26:12 | 000,018,816 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008/05/03 06:46:00 | 006,554,496 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2007/08/22 19:51:28 | 009,611,520 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2006/11/30 14:58:42 | 000,090,800 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44unic.sys -- (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM) DRV - [2006/11/30 14:58:34 | 000,086,432 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44obex.sys -- (se44obex) DRV - [2006/11/30 14:58:32 | 000,018,704 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44nd5.sys -- (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS) DRV - [2006/11/30 14:58:30 | 000,088,624 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44mgmt.sys -- (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM) DRV - [2006/11/30 14:58:26 | 000,097,088 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44mdm.sys -- (se44mdm) DRV - [2006/11/30 14:58:24 | 000,009,360 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44mdfl.sys -- (se44mdfl) DRV - [2006/11/30 14:58:18 | 000,061,536 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44bus.sys -- (se44bus) Sony Ericsson Device 068 driver (WDM) DRV - [2006/11/15 15:34:40 | 004,225,920 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006/02/27 06:46:20 | 000,081,408 | RH-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2005/06/08 11:13:26 | 000,008,960 | RH-- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\modrc.sys -- (MODRC) DRV - [2005/05/03 08:27:24 | 000,022,272 | RH-- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\modbda2.sys -- (MODBDA2) DRV - [2005/05/02 08:52:12 | 000,018,304 | RH-- | M] (DiBcom S.A) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\modload2.sys -- (MODLOAD2) DRV - [2005/02/05 08:00:00 | 000,085,888 | -H-- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\m5287.sys -- (m5287) DRV - [2005/01/07 18:07:18 | 000,138,752 | -H-- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus) DRV - [2004/12/01 11:49:00 | 000,051,840 | -H-- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\m5289.sys -- (m5289) DRV - [2004/08/13 11:56:20 | 000,005,810 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004/08/04 00:10:14 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2004/08/04 00:08:34 | 000,040,832 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IrBus.sys -- (IrBus) DRV - [2004/08/04 00:07:44 | 000,043,008 | -H-- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2004/08/04 00:07:44 | 000,041,088 | -H-- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2004/08/03 23:07:56 | 000,059,264 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2004/04/20 11:13:00 | 000,472,960 | -H-- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2003/08/06 10:43:00 | 000,159,744 | -H-- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k) DRV - [2001/08/17 15:07:44 | 000,019,072 | -H-- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001/08/17 15:07:42 | 000,030,688 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 15:07:40 | 000,028,384 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 15:07:36 | 000,032,640 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 15:07:34 | 000,016,256 | -H-- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 14:52:22 | 000,036,736 | -H-- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/17 14:52:20 | 000,045,312 | -H-- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001/08/17 14:52:20 | 000,040,320 | -H-- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001/08/17 14:52:18 | 000,049,024 | -H-- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001/08/17 14:52:16 | 000,179,584 | -H-- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/17 14:52:12 | 000,017,280 | -H-- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001/08/17 14:52:00 | 000,026,496 | -H-- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001/08/17 14:51:58 | 000,014,848 | -H-- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001/08/17 14:51:56 | 000,005,248 | -H-- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/17 14:51:54 | 000,006,656 | -H-- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.meshcomputers.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.meshcomputers.com IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.meshcomputers.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.meshcomputers.com IE - HKU\S-1-5-21-4051791904-2798153970-1156491738-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/ IE - HKU\S-1-5-21-4051791904-2798153970-1156491738-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.virginmedia.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Firefox\extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 22:02:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/15 20:23:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/25 09:09:11 | 000,000,000 | ---D | M] [2010/04/15 20:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Dileto\Application Data\Mozilla\Extensions [2010/04/26 22:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Dileto\Application Data\Mozilla\Firefox\Profiles\8fhp6hib.default\extensions [2010/04/15 22:55:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mr Dileto\Application Data\Mozilla\Firefox\Profiles\8fhp6hib.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/04/27 19:26:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/04/24 19:16:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/24 19:16:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/04/01 17:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2010/04/25 10:18:36 | 000,392,807 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 13568 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-4051791904-2798153970-1156491738-1007\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [Ptipbmf] C:\WINDOWS\System32\ptipbmf.dll (Promise Technology, Inc.) O4 - HKU\S-1-5-21-4051791904-2798153970-1156491738-1007..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4051791904-2798153970-1156491738-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4051791904-2798153970-1156491738-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 16895 O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1226018765765 (WUWebControl Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/11/24 16:45:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007/04/23 10:06:12 | 000,000,040 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/11/24 16:34:37 | 000,000,000 | -H-D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "Bonjour Service" MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: klmdb.sys - Driver SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: SymEFA.sys - C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS (Symantec Corporation) SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: klmdb.sys - Driver SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: SymEFA.sys - C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS (Symantec Corporation) SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297) ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.) Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) ========== Files/Folders - Created Within 30 Days ========== [2010/04/27 21:08:58 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mr Dileto\Desktop\OTL.exe [2010/04/25 21:45:51 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2010/04/24 19:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/04/24 19:16:46 | 000,411,368 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/04/24 19:16:46 | 000,153,376 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/04/24 19:16:46 | 000,145,184 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/04/24 19:16:46 | 000,145,184 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/04/24 19:16:46 | 000,073,728 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/04/24 19:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010/04/24 19:08:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2010/04/24 19:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2010/04/24 19:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\Application Data\Sun [2010/04/24 19:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010/04/24 06:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Tiscali Browser [2010/04/23 22:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\DoctorWeb [2010/04/23 22:21:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010/04/23 20:16:30 | 000,064,288 | -H-- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2010/04/23 20:15:59 | 000,095,024 | -H-- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010/04/23 20:13:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010/04/23 20:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2010/04/23 20:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2010/04/23 18:29:57 | 011,862,896 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Mr Dileto\Desktop\mssefullinstall-x86fre-en-us-xp.exe [2010/04/23 16:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/04/23 16:10:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/04/16 20:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real [2010/04/16 20:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\My Documents\Downloads [2010/04/15 20:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\Mozilla [2010/04/15 20:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\Application Data\Mozilla [2010/04/15 19:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010/04/14 23:42:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\7E7D778E121D4BBDBA29FAA81B9FBD8C.TMP [2010/04/14 22:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\avG [2010/04/14 22:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG [2010/04/07 23:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\Application Data\Safer Networking [2010/04/07 23:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking [2010/04/06 22:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\Application Data\Malwarebytes [2010/04/06 22:57:24 | 000,038,224 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/04/06 22:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/04/06 22:57:20 | 000,020,824 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/04/06 22:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/04/06 21:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010/04/06 21:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2010/04/06 20:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe [2010/04/06 20:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2010/04/06 20:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/04/06 20:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2009/05/01 18:35:33 | 000,176,128 | -H-- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll [2009/05/01 18:35:29 | 000,184,320 | -H-- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/04/27 21:08:59 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr Dileto\Desktop\OTL.exe [2010/04/27 20:43:59 | 000,012,598 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/04/27 19:25:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/04/27 19:25:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/04/26 23:29:23 | 010,485,760 | -H-- | M] () -- C:\Documents and Settings\Mr Dileto\NTUSER.DAT [2010/04/26 23:28:55 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Mr Dileto\ntuser.ini [2010/04/26 22:22:30 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\Microsoft Office Outlook 2003.lnk [2010/04/25 23:42:30 | 000,047,096 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/04/25 22:26:00 | 000,600,596 | -H-- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/04/25 22:26:00 | 000,498,730 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/04/25 22:26:00 | 000,090,770 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/04/25 22:21:45 | 000,175,717 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/04/25 21:57:55 | 000,000,921 | ---- | M] () -- C:\WINDOWS\win.ini [2010/04/25 21:57:55 | 000,000,239 | -HS- | M] () -- C:\boot.ini [2010/04/25 21:57:55 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/04/25 10:18:36 | 000,392,807 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/04/24 19:16:25 | 000,153,376 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/04/24 19:16:25 | 000,145,184 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/04/24 19:16:25 | 000,145,184 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/04/24 19:16:25 | 000,073,728 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/04/24 19:16:24 | 000,411,368 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/04/24 19:06:09 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010/04/24 08:00:20 | 000,208,104 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/04/24 07:19:59 | 000,392,807 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100425-101836.backup [2010/04/24 07:19:54 | 000,392,807 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100424-071959.backup [2010/04/24 00:01:24 | 000,392,807 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100424-071954.backup [2010/04/23 23:49:53 | 000,061,056 | -H-- | M] () -- C:\WINDOWS\System32\drivers\ohci1394.sys [2010/04/23 23:47:36 | 000,061,056 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys [2010/04/23 22:52:31 | 038,206,344 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\drweb-cureit.exe [2010/04/23 20:15:57 | 000,095,024 | -H-- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010/04/23 20:15:55 | 000,015,880 | -H-- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2010/04/23 20:13:19 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2010/04/23 18:30:03 | 011,862,896 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mr Dileto\Desktop\mssefullinstall-x86fre-en-us-xp.exe [2010/04/23 16:39:06 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\gmer.exe [2010/04/23 15:08:00 | 000,392,807 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100424-000123.backup [2010/04/22 19:01:15 | 000,392,702 | R--- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\hosts [2010/04/22 18:32:12 | 000,015,974 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\YciVS0tH5 [2010/04/20 22:14:01 | 000,000,970 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\Spybot - Search & Destroy.lnk [2010/04/20 22:12:30 | 000,391,944 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100422-190115.backup [2010/04/20 21:27:44 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\dds.scr [2010/04/20 21:14:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\defogger_reenable [2010/04/20 21:12:53 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\Defogger.exe [2010/04/20 20:37:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/04/19 21:17:22 | 000,391,944 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100420-221230.backup [2010/04/19 20:00:00 | 000,000,630 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Mr Dileto.job [2010/04/18 19:13:17 | 000,018,372 | -HS- | M] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\xSWFi252 [2010/04/18 19:13:17 | 000,018,372 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\xSWFi252 [2010/04/18 18:54:52 | 000,391,944 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100419-211722.backup [2010/04/15 22:18:25 | 000,000,664 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/04/15 20:23:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat [2010/04/15 19:38:01 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/04/14 22:05:41 | 000,391,944 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100418-185452.backup [2010/04/14 22:03:36 | 000,014,950 | -HS- | M] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\6Y5qPA2XU80 [2010/04/14 22:03:36 | 000,014,950 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6Y5qPA2XU80 [2010/04/12 19:29:53 | 000,000,552 | -H-- | M] () -- C:\WINDOWS\System32\d3d8caps.dat [2010/04/11 20:45:47 | 002,004,740 | ---- | M] () -- C:\WINDOWS\iis6.BAK [2010/04/11 19:56:50 | 000,016,484 | -HS- | M] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\xiNN54TR6Jl5 [2010/04/11 19:56:50 | 000,016,484 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\xiNN54TR6Jl5 [2010/04/11 19:52:06 | 000,385,900 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100414-220541.backup [2010/04/07 20:09:19 | 000,385,900 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100411-195206.backup [2010/04/06 22:57:28 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/04/06 22:25:37 | 000,385,900 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100407-200919.backup [2010/04/06 21:15:06 | 000,385,900 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100406-222537.backup [2010/04/03 19:22:57 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/04/03 10:20:41 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\Microsoft Office Excel 2003.lnk [2010/03/29 15:24:58 | 000,038,224 | -H-- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/03/29 15:24:46 | 000,020,824 | -H-- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/04/25 21:57:56 | 000,001,815 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2010/04/24 19:06:09 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010/04/23 22:46:08 | 038,206,344 | ---- | C] () -- C:\Documents and Settings\Mr Dileto\Desktop\drweb-cureit.exe [2010/04/23 20:37:27 | 000,015,880 | -H-- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2010/04/23 20:13:19 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2010/04/23 15:07:40 | 000,392,702 | R--- | C] () -- C:\Documents and Settings\Mr Dileto\Desktop\hosts [2010/04/22 18:30:22 | 000,015,974 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\YciVS0tH5 [2010/04/22 18:30:22 | 000,015,974 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\YciVS0tH5 [2010/04/20 21:27:44 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Mr Dileto\Desktop\dds.scr [2010/04/20 21:14:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mr Dileto\defogger_reenable [2010/04/20 21:12:53 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Mr Dileto\Desktop\Defogger.exe [2010/04/19 21:00:51 | 000,000,970 | ---- | C] () -- C:\Documents and Settings\Mr Dileto\Desktop\Spybot - Search & Destroy.lnk [2010/04/18 18:46:50 | 000,018,372 | -HS- | C] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\xSWFi252 [2010/04/18 18:37:29 | 000,018,372 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xSWFi252 [2010/04/18 18:37:29 | 000,018,356 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\xSWFi252 [2010/04/15 20:23:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010/04/15 19:38:01 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/04/14 22:02:26 | 000,014,950 | -HS- | C] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\6Y5qPA2XU80 [2010/04/14 21:39:40 | 000,014,950 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\6Y5qPA2XU80 [2010/04/14 21:39:40 | 000,014,950 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6Y5qPA2XU80 [2010/04/12 19:29:53 | 000,000,552 | -H-- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2010/04/11 18:55:06 | 000,016,484 | -HS- | C] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\xiNN54TR6Jl5 [2010/04/11 18:55:06 | 000,016,484 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xiNN54TR6Jl5 [2010/04/06 22:57:28 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/04/06 20:15:41 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/10/12 21:36:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI [2009/08/03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/05/01 18:35:33 | 009,611,520 | -H-- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys [2009/05/01 18:35:33 | 000,028,160 | -H-- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys [2009/05/01 18:35:33 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini [2008/12/22 23:49:17 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini [2008/11/17 23:26:39 | 000,000,049 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini [2008/11/12 20:24:08 | 000,363,520 | -H-- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2008/11/11 13:13:03 | 000,003,654 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll [2008/10/29 13:10:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008/10/29 12:47:43 | 000,061,056 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ohci1394.sys [2007/05/13 20:58:44 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll [2006/10/22 13:22:00 | 001,703,936 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/10/22 13:22:00 | 001,486,848 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll [2006/10/22 13:22:00 | 001,019,904 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/10/22 13:22:00 | 000,581,632 | -H-- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006/10/22 13:22:00 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/10/22 13:22:00 | 000,286,720 | -H-- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2005/11/24 17:07:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/11/24 16:59:38 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2005/11/24 16:49:10 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/11/24 16:42:31 | 000,021,791 | -H-- | C] () -- C:\WINDOWS\System32\smtpctrs.ini [2005/11/24 16:42:31 | 000,001,037 | -H-- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini [2005/11/24 16:42:17 | 000,038,576 | -H-- | C] () -- C:\WINDOWS\System32\w3ctrs.ini [2005/11/24 16:42:17 | 000,007,909 | -H-- | C] () -- C:\WINDOWS\System32\ftpctrs.ini [2005/11/24 16:42:16 | 000,011,435 | -H-- | C] () -- C:\WINDOWS\System32\infoctrs.ini [2005/11/24 16:42:16 | 000,010,225 | -H-- | C] () -- C:\WINDOWS\System32\axperf.ini [2005/09/09 23:39:14 | 000,002,679 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2003/01/07 16:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/02/07 09:00:22 | 000,005,810 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys ========== Custom Scans ========== < %systemroot%\system32\*.dll /lockedfiles > [4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < MD5 for: AGP440.SYS > [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys [2004/08/04 00:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys [2004/08/04 00:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS < MD5 for: ATAPI.SYS > [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys [2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys [2010/04/23 20:40:16 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys [2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll [2004/08/04 13:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2004/08/04 13:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: IASTOR.SYS > [2006/05/11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\DRIVERS\SCSI\INTEL\ICH6\iastor.sys [2006/05/11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\OEMdriver\12\iastor.sys [2004/04/20 11:13:30 | 000,472,960 | ---- | M] (Intel Corporation) MD5=C9F030A5E43AEDFABE0A39DF0A0DCBEB -- C:\DRIVERS\OEMDRIVER\2\iastor.sys [2004/04/20 11:13:00 | 000,472,960 | -H-- | M] (Intel Corporation) MD5=C9F030A5E43AEDFABE0A39DF0A0DCBEB -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll [2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll [2004/08/04 13:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll [2004/08/04 13:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll < MD5 for: NVATABUS.SYS > [2005/05/17 17:45:00 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\DRIVERS\SCSI\nvidia\sataraid\nvatabus.sys [2005/05/17 17:45:00 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\DRIVERS\SCSI\oemdriver\1\nvatabus.sys [2005/05/17 17:45:00 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\OEMdriver\11\nvatabus.sys [2004/09/02 16:24:38 | 000,082,816 | ---- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\DRIVERS\OEMDRIVER\8\NvAtaBus.sys [2004/09/02 16:24:38 | 000,082,816 | ---- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\DRIVERS\SCSI\nvidia\6.22\NvAtaBus.sys < MD5 for: SCECLI.DLL > [2004/08/04 13:00:00 | 000,180,224 | -H-- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll [2004/08/04 13:00:00 | 000,180,224 | -H-- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll < MD5 for: VIAMRAID.SYS > [2004/03/29 13:45:36 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\DRIVERS\OEMDRIVER\7\viamraid.sys [2004/03/29 13:45:00 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\DRIVERS\SCSI\oemdriver\8\viamraid.sys [2004/03/29 13:45:00 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\DRIVERS\SCSI\VIA\RAID\2003IA32\viamraid.sys [2004/03/29 13:45:00 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\DRIVERS\SCSI\VIA\RAID\Win2000\viamraid.sys [2004/03/29 13:45:00 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\DRIVERS\SCSI\VIA\RAID\Winxp\viamraid.sys [2004/03/29 13:45:00 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\WINDOWS\OEMdriver\8\viamraid.sys [2004/03/29 13:45:00 | 000,073,600 | -H-- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\WINDOWS\system32\drivers\viamraid.sys [2004/03/29 13:45:00 | 000,080,576 | ---- | M] (VIA Technologies inc,.ltd) MD5=9CF8BAD2B61BD1617E1AEC88FFECAEF3 -- C:\DRIVERS\SCSI\VIA\RAID\Winnt40\viamraid.sys < %systemroot%\*. /mp /s > ========== Alternate Data Streams ========== @Alternate Data Stream - 4348 bytes -> C:\WINDOWS\MESH_SKY.BMP:$Q30lsldxJoudresxAaaqpcawXc @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 < End of report > OTL Extras logfile created on: 27/04/2010 21:13:04 - Run 1 OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Mr Dileto\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1,023.00 Mb Total Physical Memory | 260.00 Mb Available Physical Memory | 25.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 460.87 Gb Total Space | 343.33 Gb Free Space | 74.50% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 293.69 Gb Total Space | 276.08 Gb Free Space | 94.00% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-94761DD7AC Current User Name: Mr Dileto Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-4051791904-2798153970-1156491738-1007\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe" = C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema -- (CyberLink Corp.) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger "{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution "{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan "{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy "{150C6C87-D187-4105-BF7A-090378D7AE2A}" = Nokia Ovi Suite "{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant "{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = PowerStarter "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls "{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema 4.0 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20 "{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload "{2FA28330-2028-4033-BD10-425C87EB4D54}" = Nokia Software Updater "{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook "{340695E9-AABC-4BCE-98CC-DFDC20649242}" = Enterprise "{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB2.0 UVC Camera "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0 "{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer "{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{4AE48A64-6C6A-4E5A-95FA-55F5131DECF9}" = Nokia Ovi One Touch Access "{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver "{5D6EC6F7-9B38-4a02-B063-97C2048B56A2}" = 7200_Help "{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier "{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations "{6EB6C056-02BB-453E-8448-EC90B9794180}" = Nokia Multimedia Common Components 2.4 "{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 "{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{8EA67542-82B6-4c5c-8AD3-CD36232C1362}" = HP PSC & Officejet 4.7 Corporate Edition "{8F7A4D82-B168-4F89-99C2-B9873EC877AF}" = HP Image Zone Express "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A4E0CA0F-1903-440A-9B98-FEA6CB049999}" = Nokia Flashing Cable Driver "{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes "{A7391302-FADF-4314-80DC-C757DAE45178}" = 7200 "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3 "{AC966B90-53CA-4710-8EEE-57ED25387872}" = 7200Trb "{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver "{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup 1.0 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0 "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0 "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = PowerDVD Copy 1.0 "{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F9EA1C47-64A6-45E4-9A80-8CC1575B971D}" = Nokia Ovi System Utilities "{FC906D5C-91F9-4DA4-A765-6DCBB669F317}" = Sony Ericsson PC Suite "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) "Ad-Aware" = Ad-Aware "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "DigiGuide TV Guide" = DigiGuide TV Guide "ESET Online Scanner" = ESET Online Scanner v3 "GOM Player" = GOM Player "HP Photo & Imaging" = HP Image Zone 4.7 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie8" = Windows Internet Explorer 8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mesh" = Mesh Online "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NIS" = Norton Internet Security "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011 "Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3011 "Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3018 "NVIDIA Drivers" = NVIDIA Drivers "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7 ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >
  7. Thank you for replying to my post Myrti. In desperation I have been scanning other people's posts looking for fixes and doing various stuff. I know that is a bit silly but I was getting desperate! The basics of the whole situation is that the XP Security virus started popping up about 2 weeks ago and then it stopped me opening programs. I already had Norton Internet Security 2009 installed and up to date running full protection as well as Spybot S&D with Resident SD Helper & Teatimer running. As I am sure you know in the Task Manager it was showing up as VMA.exe which I had to keep shutting down manually to get anything working. I installed Mawarebytes as well which found more problems to fix. When I upgraded the Malwarebytes program to run the protection module it seemed to stop it re-infecting again for a while. During that time I kept getting notifications Malwarebytes had stopped connections to Malicious Websites every 10 seconds or so! Examples of recurring IP addresses are shown below: 213.163.89.104, 213.163.89.105, 213.163.89.106 208.73.210.50 61.61.20.132 64.62.181.46 I tried to follow the usual instructions on the forum "I'm infected - What do I do now?, Please follow these instructions to clean your system" but I couldn't get GMER to complete a scan successfully. I booted into Safe Mode many times and run scans with Malwarebytes, Spybot S&D & Norton to no avail. I used DeFogger to disable the CD Emulation drivers & have also disabled System Restore. I have also run the DDS tool. Then just Sunday Norton picked up 'Backdoor.Tidserv.l!inf' in a scan but it cannot be removed. The information given was: 1 file & 1 browser cache c:\recycler\s-l-5-21-4051791904-2798153970-1156491738-1007\dc41.sys I could not find this anywhere myself or find a way to remove it. I ran the TDSS killer which didn't find anything. I also downloaded JAVARA and got rid of old Java programs and installed the latest version as per notes I had seen in the forums. Since then the GMER scan has now run successfully if that helps at all. I thank you in advance for your help with this draining problem I am having. Please find the requested OTL log below and the Extras log on the following message as it is too long to go into 1 post. ------------------------------------------------------------------------------------------------------------------------------------------- OTL logfile created on: 27/04/2010 21:13:04 - Run 1 OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Mr Dileto\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1,023.00 Mb Total Physical Memory | 260.00 Mb Available Physical Memory | 25.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 460.87 Gb Total Space | 343.33 Gb Free Space | 74.50% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 293.69 Gb Total Space | 276.08 Gb Free Space | 94.00% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-94761DD7AC Current User Name: Mr Dileto Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/04/27 21:08:59 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr Dileto\Desktop\OTL.exe PRC - [2010/04/01 19:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/03/29 15:24:54 | 000,303,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010/03/29 15:24:52 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2009/08/22 08:28:17 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005/01/14 19:22:52 | 000,737,379 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe PRC - [2005/01/14 19:22:50 | 000,024,576 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe PRC - [2005/01/14 19:22:26 | 000,110,711 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe PRC - [2005/01/14 19:22:24 | 000,172,153 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe PRC - [2004/09/29 13:14:36 | 000,069,632 | -H-- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe PRC - [2004/08/04 13:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe ========== Modules (SafeList) ========== MOD - [2010/04/27 21:08:59 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr Dileto\Desktop\OTL.exe MOD - [2009/08/22 08:28:14 | 000,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\asOEHook.dll MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (BGRaSvc) SRV - [2010/04/23 20:15:40 | 001,265,264 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010/03/29 15:24:54 | 000,303,952 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2009/08/22 08:28:17 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security) SRV - [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist) SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005/01/14 19:22:50 | 000,024,576 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service) SRV - [2005/01/14 19:22:26 | 000,110,711 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2005/01/14 19:22:24 | 000,172,153 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2004/09/29 13:14:36 | 000,069,632 | -H-- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2004/08/04 13:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC) SRV - [2004/08/04 13:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP) SRV - [2004/08/04 13:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc) SRV - [2004/08/04 13:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) ========== Driver Services (SafeList) ========== DRV - [2010/04/23 23:49:53 | 000,061,056 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ohci1394.sys -- (ohci1394) DRV - [2010/04/02 18:51:10 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100427.002\NAVEX15.SYS -- (NAVEX15) DRV - [2010/04/02 18:51:10 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2010/04/02 18:51:10 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100427.002\NAVENG.SYS -- (NAVENG) DRV - [2010/03/29 15:24:46 | 000,020,824 | -H-- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010/02/04 16:53:02 | 000,064,288 | -H-- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2010/01/28 10:10:52 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\ccHPx86.sys -- (ccHP) DRV - [2009/11/10 10:27:06 | 000,018,560 | -H-- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb) DRV - [2009/10/28 23:37:22 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSXpx86.sys -- (IDSxpx86) DRV - [2009/08/27 09:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009/08/22 08:28:17 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS -- (SymEFA) DRV - [2009/08/22 08:28:17 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SRTSP.SYS -- (SRTSP) DRV - [2009/08/22 08:28:17 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86) DRV - [2009/08/22 08:28:17 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMTDI.SYS -- (SYMTDI) DRV - [2009/08/22 08:28:17 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW) DRV - [2009/08/22 08:28:17 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2009/08/22 08:28:17 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDIS.SYS -- (SYMNDIS) DRV - [2009/08/22 08:28:17 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS.SYS -- (SYMIDS) DRV - [2009/08/20 18:27:49 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009/08/18 20:11:17 | 000,036,400 | RH-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP) DRV - [2009/08/18 20:11:17 | 000,036,400 | RH-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM) DRV - [2009/02/09 08:37:56 | 000,007,808 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009/02/09 08:37:48 | 000,007,808 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009/02/09 08:37:46 | 000,022,016 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009/02/09 08:37:46 | 000,017,664 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008/08/26 10:26:12 | 000,018,816 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008/05/03 06:46:00 | 006,554,496 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2007/08/22 19:51:28 | 009,611,520 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2006/11/30 14:58:42 | 000,090,800 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44unic.sys -- (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM) DRV - [2006/11/30 14:58:34 | 000,086,432 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44obex.sys -- (se44obex) DRV - [2006/11/30 14:58:32 | 000,018,704 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44nd5.sys -- (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS) DRV - [2006/11/30 14:58:30 | 000,088,624 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44mgmt.sys -- (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM) DRV - [2006/11/30 14:58:26 | 000,097,088 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44mdm.sys -- (se44mdm) DRV - [2006/11/30 14:58:24 | 000,009,360 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44mdfl.sys -- (se44mdfl) DRV - [2006/11/30 14:58:18 | 000,061,536 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44bus.sys -- (se44bus) Sony Ericsson Device 068 driver (WDM) DRV - [2006/11/15 15:34:40 | 004,225,920 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006/02/27 06:46:20 | 000,081,408 | RH-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2005/06/08 11:13:26 | 000,008,960 | RH-- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\modrc.sys -- (MODRC) DRV - [2005/05/03 08:27:24 | 000,022,272 | RH-- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\modbda2.sys -- (MODBDA2) DRV - [2005/05/02 08:52:12 | 000,018,304 | RH-- | M] (DiBcom S.A) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\modload2.sys -- (MODLOAD2) DRV - [2005/02/05 08:00:00 | 000,085,888 | -H-- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\m5287.sys -- (m5287) DRV - [2005/01/07 18:07:18 | 000,138,752 | -H-- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus) DRV - [2004/12/01 11:49:00 | 000,051,840 | -H-- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\m5289.sys -- (m5289) DRV - [2004/08/13 11:56:20 | 000,005,810 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004/08/04 00:10:14 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2004/08/04 00:08:34 | 000,040,832 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IrBus.sys -- (IrBus) DRV - [2004/08/04 00:07:44 | 000,043,008 | -H-- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2004/08/04 00:07:44 | 000,041,088 | -H-- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2004/08/03 23:07:56 | 000,059,264 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2004/04/20 11:13:00 | 000,472,960 | -H-- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2003/08/06 10:43:00 | 000,159,744 | -H-- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k) DRV - [2001/08/17 15:07:44 | 000,019,072 | -H-- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001/08/17 15:07:42 | 000,030,688 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 15:07:40 | 000,028,384 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 15:07:36 | 000,032,640 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 15:07:34 | 000,016,256 | -H-- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 14:52:22 | 000,036,736 | -H-- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/17 14:52:20 | 000,045,312 | -H-- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001/08/17 14:52:20 | 000,040,320 | -H-- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001/08/17 14:52:18 | 000,049,024 | -H-- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001/08/17 14:52:16 | 000,179,584 | -H-- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/17 14:52:12 | 000,017,280 | -H-- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001/08/17 14:52:00 | 000,026,496 | -H-- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001/08/17 14:51:58 | 000,014,848 | -H-- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001/08/17 14:51:56 | 000,005,248 | -H-- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/17 14:51:54 | 000,006,656 | -H-- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.meshcomputers.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.meshcomputers.com IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.meshcomputers.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.meshcomputers.com IE - HKU\S-1-5-21-4051791904-2798153970-1156491738-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/ IE - HKU\S-1-5-21-4051791904-2798153970-1156491738-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.virginmedia.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Firefox\extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 22:02:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/15 20:23:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/25 09:09:11 | 000,000,000 | ---D | M] [2010/04/15 20:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Dileto\Application Data\Mozilla\Extensions [2010/04/26 22:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Dileto\Application Data\Mozilla\Firefox\Profiles\8fhp6hib.default\extensions [2010/04/15 22:55:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mr Dileto\Application Data\Mozilla\Firefox\Profiles\8fhp6hib.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/04/27 19:26:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/04/24 19:16:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/24 19:16:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/04/01 17:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2010/04/25 10:18:36 | 000,392,807 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 13568 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-4051791904-2798153970-1156491738-1007\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [Ptipbmf] C:\WINDOWS\System32\ptipbmf.dll (Promise Technology, Inc.) O4 - HKU\S-1-5-21-4051791904-2798153970-1156491738-1007..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4051791904-2798153970-1156491738-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4051791904-2798153970-1156491738-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 16895 O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1226018765765 (WUWebControl Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/11/24 16:45:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007/04/23 10:06:12 | 000,000,040 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/11/24 16:34:37 | 000,000,000 | -H-D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "Bonjour Service" MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: klmdb.sys - Driver SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: SymEFA.sys - C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS (Symantec Corporation) SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: klmdb.sys - Driver SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: SymEFA.sys - C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS (Symantec Corporation) SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297) ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.) Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) ========== Files/Folders - Created Within 30 Days ========== [2010/04/27 21:08:58 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mr Dileto\Desktop\OTL.exe [2010/04/25 21:45:51 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2010/04/24 19:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/04/24 19:16:46 | 000,411,368 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/04/24 19:16:46 | 000,153,376 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/04/24 19:16:46 | 000,145,184 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/04/24 19:16:46 | 000,145,184 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/04/24 19:16:46 | 000,073,728 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/04/24 19:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010/04/24 19:08:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2010/04/24 19:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2010/04/24 19:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\Application Data\Sun [2010/04/24 19:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010/04/24 06:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Tiscali Browser [2010/04/23 22:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\DoctorWeb [2010/04/23 22:21:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010/04/23 20:16:30 | 000,064,288 | -H-- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2010/04/23 20:15:59 | 000,095,024 | -H-- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010/04/23 20:13:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010/04/23 20:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2010/04/23 20:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2010/04/23 18:29:57 | 011,862,896 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Mr Dileto\Desktop\mssefullinstall-x86fre-en-us-xp.exe [2010/04/23 16:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/04/23 16:10:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/04/16 20:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real [2010/04/16 20:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\My Documents\Downloads [2010/04/15 20:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\Mozilla [2010/04/15 20:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\Application Data\Mozilla [2010/04/15 19:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010/04/14 23:42:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\7E7D778E121D4BBDBA29FAA81B9FBD8C.TMP [2010/04/14 22:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\avG [2010/04/14 22:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG [2010/04/07 23:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\Application Data\Safer Networking [2010/04/07 23:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking [2010/04/06 22:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\Application Data\Malwarebytes [2010/04/06 22:57:24 | 000,038,224 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/04/06 22:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/04/06 22:57:20 | 000,020,824 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/04/06 22:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/04/06 21:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010/04/06 21:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2010/04/06 20:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe [2010/04/06 20:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2010/04/06 20:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/04/06 20:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2009/05/01 18:35:33 | 000,176,128 | -H-- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll [2009/05/01 18:35:29 | 000,184,320 | -H-- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/04/27 21:08:59 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr Dileto\Desktop\OTL.exe [2010/04/27 20:43:59 | 000,012,598 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/04/27 19:25:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/04/27 19:25:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/04/26 23:29:23 | 010,485,760 | -H-- | M] () -- C:\Documents and Settings\Mr Dileto\NTUSER.DAT [2010/04/26 23:28:55 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Mr Dileto\ntuser.ini [2010/04/26 22:22:30 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\Microsoft Office Outlook 2003.lnk [2010/04/25 23:42:30 | 000,047,096 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/04/25 22:26:00 | 000,600,596 | -H-- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/04/25 22:26:00 | 000,498,730 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/04/25 22:26:00 | 000,090,770 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/04/25 22:21:45 | 000,175,717 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/04/25 21:57:55 | 000,000,921 | ---- | M] () -- C:\WINDOWS\win.ini [2010/04/25 21:57:55 | 000,000,239 | -HS- | M] () -- C:\boot.ini [2010/04/25 21:57:55 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/04/25 10:18:36 | 000,392,807 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/04/24 19:16:25 | 000,153,376 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/04/24 19:16:25 | 000,145,184 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/04/24 19:16:25 | 000,145,184 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/04/24 19:16:25 | 000,073,728 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/04/24 19:16:24 | 000,411,368 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/04/24 19:06:09 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010/04/24 08:00:20 | 000,208,104 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/04/24 07:19:59 | 000,392,807 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100425-101836.backup [2010/04/24 07:19:54 | 000,392,807 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100424-071959.backup [2010/04/24 00:01:24 | 000,392,807 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100424-071954.backup [2010/04/23 23:49:53 | 000,061,056 | -H-- | M] () -- C:\WINDOWS\System32\drivers\ohci1394.sys [2010/04/23 23:47:36 | 000,061,056 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys [2010/04/23 22:52:31 | 038,206,344 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\drweb-cureit.exe [2010/04/23 20:15:57 | 000,095,024 | -H-- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010/04/23 20:15:55 | 000,015,880 | -H-- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2010/04/23 20:13:19 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2010/04/23 18:30:03 | 011,862,896 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mr Dileto\Desktop\mssefullinstall-x86fre-en-us-xp.exe [2010/04/23 16:39:06 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\gmer.exe [2010/04/23 15:08:00 | 000,392,807 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100424-000123.backup [2010/04/22 19:01:15 | 000,392,702 | R--- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\hosts [2010/04/22 18:32:12 | 000,015,974 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\YciVS0tH5 [2010/04/20 22:14:01 | 000,000,970 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\Spybot - Search & Destroy.lnk [2010/04/20 22:12:30 | 000,391,944 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100422-190115.backup [2010/04/20 21:27:44 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\dds.scr [2010/04/20 21:14:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\defogger_reenable [2010/04/20 21:12:53 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\Defogger.exe [2010/04/20 20:37:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/04/19 21:17:22 | 000,391,944 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100420-221230.backup [2010/04/19 20:00:00 | 000,000,630 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Mr Dileto.job [2010/04/18 19:13:17 | 000,018,372 | -HS- | M] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\xSWFi252 [2010/04/18 19:13:17 | 000,018,372 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\xSWFi252 [2010/04/18 18:54:52 | 000,391,944 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100419-211722.backup [2010/04/15 22:18:25 | 000,000,664 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/04/15 20:23:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat [2010/04/15 19:38:01 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/04/14 22:05:41 | 000,391,944 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100418-185452.backup [2010/04/14 22:03:36 | 000,014,950 | -HS- | M] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\6Y5qPA2XU80 [2010/04/14 22:03:36 | 000,014,950 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6Y5qPA2XU80 [2010/04/12 19:29:53 | 000,000,552 | -H-- | M] () -- C:\WINDOWS\System32\d3d8caps.dat [2010/04/11 20:45:47 | 002,004,740 | ---- | M] () -- C:\WINDOWS\iis6.BAK [2010/04/11 19:56:50 | 000,016,484 | -HS- | M] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\xiNN54TR6Jl5 [2010/04/11 19:56:50 | 000,016,484 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\xiNN54TR6Jl5 [2010/04/11 19:52:06 | 000,385,900 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100414-220541.backup [2010/04/07 20:09:19 | 000,385,900 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100411-195206.backup [2010/04/06 22:57:28 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/04/06 22:25:37 | 000,385,900 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100407-200919.backup [2010/04/06 21:15:06 | 000,385,900 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100406-222537.backup [2010/04/03 19:22:57 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/04/03 10:20:41 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\Microsoft Office Excel 2003.lnk [2010/03/29 15:24:58 | 000,038,224 | -H-- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/03/29 15:24:46 | 000,020,824 | -H-- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/04/25 21:57:56 | 000,001,815 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2010/04/24 19:06:09 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010/04/23 22:46:08 | 038,206,344 | ---- | C] () -- C:\Documents and Settings\Mr Dileto\Desktop\drweb-cureit.exe [2010/04/23 20:37:27 | 000,015,880 | -H-- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2010/04/23 20:13:19 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2010/04/23 15:07:40 | 000,392,702 | R--- | C] () -- C:\Documents and Settings\Mr Dileto\Desktop\hosts [2010/04/22 18:30:22 | 000,015,974 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\YciVS0tH5 [2010/04/22 18:30:22 | 000,015,974 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\YciVS0tH5 [2010/04/20 21:27:44 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Mr Dileto\Desktop\dds.scr [2010/04/20 21:14:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mr Dileto\defogger_reenable [2010/04/20 21:12:53 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Mr Dileto\Desktop\Defogger.exe [2010/04/19 21:00:51 | 000,000,970 | ---- | C] () -- C:\Documents and Settings\Mr Dileto\Desktop\Spybot - Search & Destroy.lnk [2010/04/18 18:46:50 | 000,018,372 | -HS- | C] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\xSWFi252 [2010/04/18 18:37:29 | 000,018,372 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xSWFi252 [2010/04/18 18:37:29 | 000,018,356 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\xSWFi252 [2010/04/15 20:23:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010/04/15 19:38:01 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/04/14 22:02:26 | 000,014,950 | -HS- | C] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\6Y5qPA2XU80 [2010/04/14 21:39:40 | 000,014,950 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\6Y5qPA2XU80 [2010/04/14 21:39:40 | 000,014,950 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6Y5qPA2XU80 [2010/04/12 19:29:53 | 000,000,552 | -H-- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2010/04/11 18:55:06 | 000,016,484 | -HS- | C] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\xiNN54TR6Jl5 [2010/04/11 18:55:06 | 000,016,484 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xiNN54TR6Jl5 [2010/04/06 22:57:28 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/04/06 20:15:41 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/10/12 21:36:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI [2009/08/03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/05/01 18:35:33 | 009,611,520 | -H-- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys [2009/05/01 18:35:33 | 000,028,160 | -H-- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys [2009/05/01 18:35:33 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini [2008/12/22 23:49:17 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini [2008/11/17 23:26:39 | 000,000,049 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini [2008/11/12 20:24:08 | 000,363,520 | -H-- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2008/11/11 13:13:03 | 000,003,654 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll [2008/10/29 13:10:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008/10/29 12:47:43 | 000,061,056 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ohci1394.sys [2007/05/13 20:58:44 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll [2006/10/22 13:22:00 | 001,703,936 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/10/22 13:22:00 | 001,486,848 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll [2006/10/22 13:22:00 | 001,019,904 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/10/22 13:22:00 | 000,581,632 | -H-- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006/10/22 13:22:00 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/10/22 13:22:00 | 000,286,720 | -H-- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2005/11/24 17:07:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/11/24 16:59:38 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2005/11/24 16:49:10 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/11/24 16:42:31 | 000,021,791 | -H-- | C] () -- C:\WINDOWS\System32\smtpctrs.ini [2005/11/24 16:42:31 | 000,001,037 | -H-- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini [2005/11/24 16:42:17 | 000,038,576 | -H-- | C] () -- C:\WINDOWS\System32\w3ctrs.ini [2005/11/24 16:42:17 | 000,007,909 | -H-- | C] () -- C:\WINDOWS\System32\ftpctrs.ini [2005/11/24 16:42:16 | 000,011,435 | -H-- | C] () -- C:\WINDOWS\System32\infoctrs.ini [2005/11/24 16:42:16 | 000,010,225 | -H-- | C] () -- C:\WINDOWS\System32\axperf.ini [2005/09/09 23:39:14 | 000,002,679 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2003/01/07 16:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/02/07 09:00:22 | 000,005,810 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys ========== Custom Scans ========== < %systemroot%\system32\*.dll /lockedfiles > [4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < MD5 for: AGP440.SYS > [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys [2004/08/04 00:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys [2004/08/04 00:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS < MD5 for: ATAPI.SYS > [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys [2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys [2010/04/23 20:40:16 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys [2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll [2004/08/04 13:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2004/08/04 13:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: IASTOR.SYS > [2006/05/11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\DRIVERS\SCSI\INTEL\ICH6\iastor.sys [2006/05/11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\OEMdriver\12\iastor.sys [2004/04/20 11:13:30 | 000,472,960 | ---- | M] (Intel Corporation) MD5=C9F030A5E43AEDFABE0A39DF0A0DCBEB -- C:\DRIVERS\OEMDRIVER\2\iastor.sys [2004/04/20 11:13:00 | 000,472,960 | -H-- | M] (Intel Corporation) MD5=C9F030A5E43AEDFABE0A39DF0A0DCBEB -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll [2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll [2004/08/04 13:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll [2004/08/04 13:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll < MD5 for: NVATABUS.SYS > [2005/05/17 17:45:00 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\DRIVERS\SCSI\nvidia\sataraid\nvatabus.sys [2005/05/17 17:45:00 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\DRIVERS\SCSI\oemdriver\1\nvatabus.sys [2005/05/17 17:45:00 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\OEMdriver\11\nvatabus.sys [2004/09/02 16:24:38 | 000,082,816 | ---- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\DRIVERS\OEMDRIVER\8\NvAtaBus.sys [2004/09/02 16:24:38 | 000,082,816 | ---- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\DRIVERS\SCSI\nvidia\6.22\NvAtaBus.sys < MD5 for: SCECLI.DLL > [2004/08/04 13:00:00 | 000,180,224 | -H-- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll [2004/08/04 13:00:00 | 000,180,224 | -H-- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll < MD5 for: VIAMRAID.SYS > [2004/03/29 13:45:36 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\DRIVERS\OEMDRIVER\7\viamraid.sys [2004/03/29 13:45:00 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\DRIVERS\SCSI\oemdriver\8\viamraid.sys [2004/03/29 13:45:00 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\DRIVERS\SCSI\VIA\RAID\2003IA32\viamraid.sys [2004/03/29 13:45:00 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\DRIVERS\SCSI\VIA\RAID\Win2000\viamraid.sys [2004/03/29 13:45:00 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\DRIVERS\SCSI\VIA\RAID\Winxp\viamraid.sys [2004/03/29 13:45:00 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\WINDOWS\OEMdriver\8\viamraid.sys [2004/03/29 13:45:00 | 000,073,600 | -H-- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\WINDOWS\system32\drivers\viamraid.sys [2004/03/29 13:45:00 | 000,080,576 | ---- | M] (VIA Technologies inc,.ltd) MD5=9CF8BAD2B61BD1617E1AEC88FFECAEF3 -- C:\DRIVERS\SCSI\VIA\RAID\Winnt40\viamraid.sys < %systemroot%\*. /mp /s > ========== Alternate Data Streams ========== @Alternate Data Stream - 4348 bytes -> C:\WINDOWS\MESH_SKY.BMP:$Q30lsldxJoudresxAaaqpcawXc @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 < End of report >
  8. I have now been re-infected for the 5th time in 10 days!!! This thing is driving me mad!!! Could not attach GMER ark.txt as scan would keep going wrong. Tried to do it 4 times but kept sticking and had to manually reboot, couldn't even close program or even open task manager or press start button! 3 of the 4 times it got stuck at: Device ->driver\atapi\device\harddisk0\DR0 Malwarebytes keeps notifying me it is blocking connection to the following IP addresses whether or not Mozilla Firefoz is running: 213.163.89.104 / 213.163.89.105 / 213.163.89.106 / 208.73.210.50 / 61.61.20.132 Since upgrading to full Malwarebytes it seemed to be blocking it for about 5 days but it got in (or out?) again! I also have Norton Internet Secuirty & Spybot SD running but they aren't stopping it. I have shown a before and after MBAM log to show what was removed. --------------------------------------------------------------------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 4016 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 22/04/2010 19:02:48 mbam-log-2010-04-22 (19-02-48).txt Scan type: Flash scan Objects scanned: 98976 Time elapsed: 5 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 5 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\vma.exe" /START "firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\vma.exe" /START "firefox.exe -safe-mode") Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\NetworkService\Local Settings\Application Data\vma.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. -------------------------------------------------------------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 4023 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 22/04/2010 20:38:10 mbam-log-2010-04-22 (20-38-10).txt Scan type: Full scan (C:\|) Objects scanned: 211521 Time elapsed: 1 hour(s), 30 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ------------------------------------------------------------------------------------------------------------------------------------------ DDS (Ver_10-03-17.01) - NTFSx86 Run by Mr Dileto at 21:30:41.46 on 22/04/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1023.300 [GMT 1:00] AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerCinema\PCMService.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\vsnp2uvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Mr Dileto\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.virginmedia.com/ uWindow Title = mWindow Title = uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=c:\windows\system32\Userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [Power2GoExpress] uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [PCMService] "c:\program files\cyberlink\powercinema\PCMService.exe" mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "c:\program files\cyberlink\powerbackup\PBKScheduler.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode mRun: [RTHDCPL] RTHDCPL.EXE mRun: [skyTel] SkyTel.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [bJCFD] c:\program files\broadjump\client foundation\CFD.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [snp2uvc] c:\windows\vsnp2uvc.exe mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles mRun: [Nokia FastStart] "c:\program files\nokia\nokia music\NokiaMusic.exe" /command:faststart mRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090804075411 DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxps://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226018765765 DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1231111340392&h=6cdc767511b40c642d298c72e525f92e/&filename=jinstall-6u11-windows-i586-jc.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin3.valueactive.eu/Register/Branding/olr3313/OCX/flashax.cab DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cards.hallmark.co.uk/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab? Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\mrdile~1\applic~1\mozilla\firefox\profiles\8fhp6hib.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.virginmedia.com/ FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-1-28 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-1-28 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-1-28 482432] R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100415.001\IDSXpx86.sys [2010-4-16 329592] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-6 303952] R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-1-28 117640] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 102448] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-6 20824] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100422.002\NAVENG.SYS [2010-4-22 84912] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100422.002\NAVEX15.SYS [2010-4-22 1324720] S3 BGRaSvc;BGRaSvc; [x] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-12-26 18560] S3 MODBDA2;KWorld MOD3000 TV receiver;c:\windows\system32\drivers\modbda2.sys [2008-11-12 22272] S3 MODLOAD2;DVB-T USB2.0 adapter firmware loader;c:\windows\system32\drivers\modload2.sys [2008-11-12 18304] S3 MODRC;KWorld Infrared Receiver;c:\windows\system32\drivers\modrc.sys [2008-11-12 8960] S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2005-11-25 85888] S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2005-11-25 51840] =============== Created Last 30 ================ 2010-04-22 18:03:44 54016 ----a-w- c:\windows\system32\drivers\gcwvrwsf.sys 2010-04-20 20:14:20 0 ----a-w- c:\documents and settings\mr dileto\defogger_reenable 2010-04-14 23:57:31 0 d-----w- c:\program files\BandiMPEG1 2010-04-14 22:42:13 0 d-----w- c:\windows\7E7D778E121D4BBDBA29FAA81B9FBD8C.TMP 2010-04-14 21:02:26 0 d-----w- c:\docume~1\alluse~1\applic~1\avG 2010-04-12 18:29:53 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-04-07 22:09:37 0 d-----w- c:\docume~1\mrdile~1\applic~1\Safer Networking 2010-04-07 22:09:22 0 d-----w- c:\program files\Safer Networking 2010-04-07 18:53:52 0 d-----w- c:\docume~1\mrdile~1\applic~1\Error Fix 2010-04-07 18:52:18 0 d-----w- c:\program files\Error Fix 2010-04-06 21:57:37 0 d-----w- c:\docume~1\mrdile~1\applic~1\Malwarebytes 2010-04-06 21:57:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-06 21:57:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-04-06 21:57:20 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-06 21:57:20 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-06 20:11:06 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-04-06 20:11:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-04-06 19:15:41 664 ----a-w- c:\windows\system32\d3d9caps.dat ==================== Find3M ==================== 2010-04-19 20:34:08 61056 ----a-w- c:\windows\system32\drivers\ohci1394.sys 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 12:31:30 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 13:17:38 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 12:39:04 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:47:05 100864 ----a-w- c:\windows\system32\6to4svc.dll ============= FINISH: 21:32:39.79 ===============
  9. Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 4016 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 21/04/2010 20:13:50 mbam-log-2010-04-21 (20-13-50).txt Scan type: Quick scan Objects scanned: 132044 Time elapsed: 17 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_10-03-17.01) - NTFSx86 Run by Mr Dileto at 20:27:05.32 on 21/04/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1023.261 [GMT 1:00] AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe C:\Program Files\CyberLink\PowerCinema\PCMService.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\vsnp2uvc.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Mr Dileto\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.virginmedia.com/ uWindow Title = mWindow Title = uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [Power2GoExpress] uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [PCMService] "c:\program files\cyberlink\powercinema\PCMService.exe" mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "c:\program files\cyberlink\powerbackup\PBKScheduler.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode mRun: [RTHDCPL] RTHDCPL.EXE mRun: [skyTel] SkyTel.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [bJCFD] c:\program files\broadjump\client foundation\CFD.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [snp2uvc] c:\windows\vsnp2uvc.exe mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles mRun: [Nokia FastStart] "c:\program files\nokia\nokia music\NokiaMusic.exe" /command:faststart mRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090804075411 DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxps://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226018765765 DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1231111340392&h=6cdc767511b40c642d298c72e525f92e/&filename=jinstall-6u11-windows-i586-jc.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin3.valueactive.eu/Register/Branding/olr3313/OCX/flashax.cab DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cards.hallmark.co.uk/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab? Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\mrdile~1\applic~1\mozilla\firefox\profiles\8fhp6hib.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.virginmedia.com/ FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-1-28 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-1-28 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-1-28 482432] R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100415.001\IDSXpx86.sys [2010-4-16 329592] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-6 303952] R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-1-28 117640] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 102448] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-6 20824] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100421.002\NAVENG.SYS [2010-4-21 84912] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100421.002\NAVEX15.SYS [2010-4-21 1324720] S3 BGRaSvc;BGRaSvc; [x] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-12-26 18560] S3 MODBDA2;KWorld MOD3000 TV receiver;c:\windows\system32\drivers\modbda2.sys [2008-11-12 22272] S3 MODLOAD2;DVB-T USB2.0 adapter firmware loader;c:\windows\system32\drivers\modload2.sys [2008-11-12 18304] S3 MODRC;KWorld Infrared Receiver;c:\windows\system32\drivers\modrc.sys [2008-11-12 8960] S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2005-11-25 85888] S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2005-11-25 51840] =============== Created Last 30 ================ 2010-04-20 20:14:20 0 ----a-w- c:\documents and settings\mr dileto\defogger_reenable 2010-04-14 23:57:31 0 d-----w- c:\program files\BandiMPEG1 2010-04-14 22:42:13 0 d-----w- c:\windows\7E7D778E121D4BBDBA29FAA81B9FBD8C.TMP 2010-04-14 21:02:26 0 d-----w- c:\docume~1\alluse~1\applic~1\avG 2010-04-12 18:29:53 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-04-07 22:09:37 0 d-----w- c:\docume~1\mrdile~1\applic~1\Safer Networking 2010-04-07 22:09:22 0 d-----w- c:\program files\Safer Networking 2010-04-07 18:53:52 0 d-----w- c:\docume~1\mrdile~1\applic~1\Error Fix 2010-04-07 18:52:18 0 d-----w- c:\program files\Error Fix 2010-04-06 21:57:37 0 d-----w- c:\docume~1\mrdile~1\applic~1\Malwarebytes 2010-04-06 21:57:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-06 21:57:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-04-06 21:57:20 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-06 21:57:20 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-06 20:11:06 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-04-06 20:11:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-04-06 19:15:41 664 ----a-w- c:\windows\system32\d3d9caps.dat ==================== Find3M ==================== 2010-04-19 20:34:08 61056 ----a-w- c:\windows\system32\drivers\ohci1394.sys 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 12:31:30 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 13:17:38 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 12:39:04 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:47:05 100864 ----a-w- c:\windows\system32\6to4svc.dll ============= FINISH: 20:29:19.17 =============== Could not attach GMER ark.txt as scan would keep going wrong. Tried to do it 4 times but kept sticking and had to manually reboot, couldn't even close program or even open task manager or press start button! 3 of the 4 times it got stuck at: Device ->driver\atapi\device\harddisk0\DR0 Malwarebytes keeps notifying me it is blocking connection to the following IP addresses whether or not Mozilla Firefoz is running: 213.163.89.104 / 213.163.89.105 / 213.163.89.106 / 208.73.210.50 / 61.61.20.132 Please help as I am losing my mind as I have been re-infected 4 times so far. Since upgrading to full Malwarebytes it seems to be getting blocked but for how much longer?! I also have Norton Internet Secuirty & Spybot SD running but aren't stoppin it. Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.