Jump to content

Need Help - XP Security/vma.exe virus


Recommended Posts

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 4016

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

21/04/2010 20:13:50

mbam-log-2010-04-21 (20-13-50).txt

Scan type: Quick scan

Objects scanned: 132044

Time elapsed: 17 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-03-17.01) - NTFSx86

Run by Mr Dileto at 20:27:05.32 on 21/04/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1023.261 [GMT 1:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

C:\Program Files\CyberLink\PowerCinema\PCMService.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\vsnp2uvc.exe

C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Mr Dileto\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.virginmedia.com/

uWindow Title =

mWindow Title =

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [Power2GoExpress]

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [PCMService] "c:\program files\cyberlink\powercinema\PCMService.exe"

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "c:\program files\cyberlink\powerbackup\PBKScheduler.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [bJCFD] c:\program files\broadjump\client foundation\CFD.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [snp2uvc] c:\windows\vsnp2uvc.exe

mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles

mRun: [Nokia FastStart] "c:\program files\nokia\nokia music\NokiaMusic.exe" /command:faststart

mRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090804075411

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxps://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226018765765

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1231111340392&h=6cdc767511b40c642d298c72e525f92e/&filename=jinstall-6u11-windows-i586-jc.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin3.valueactive.eu/Register/Branding/olr3313/OCX/flashax.cab

DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cards.hallmark.co.uk/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mrdile~1\applic~1\mozilla\firefox\profiles\8fhp6hib.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.virginmedia.com/

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-1-28 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-1-28 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-1-28 482432]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100415.001\IDSXpx86.sys [2010-4-16 329592]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-6 303952]

R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-1-28 117640]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 102448]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-6 20824]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100421.002\NAVENG.SYS [2010-4-21 84912]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100421.002\NAVEX15.SYS [2010-4-21 1324720]

S3 BGRaSvc;BGRaSvc; [x]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-12-26 18560]

S3 MODBDA2;KWorld MOD3000 TV receiver;c:\windows\system32\drivers\modbda2.sys [2008-11-12 22272]

S3 MODLOAD2;DVB-T USB2.0 adapter firmware loader;c:\windows\system32\drivers\modload2.sys [2008-11-12 18304]

S3 MODRC;KWorld Infrared Receiver;c:\windows\system32\drivers\modrc.sys [2008-11-12 8960]

S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2005-11-25 85888]

S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2005-11-25 51840]

=============== Created Last 30 ================

2010-04-20 20:14:20 0 ----a-w- c:\documents and settings\mr dileto\defogger_reenable

2010-04-14 23:57:31 0 d-----w- c:\program files\BandiMPEG1

2010-04-14 22:42:13 0 d-----w- c:\windows\7E7D778E121D4BBDBA29FAA81B9FBD8C.TMP

2010-04-14 21:02:26 0 d-----w- c:\docume~1\alluse~1\applic~1\avG

2010-04-12 18:29:53 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-04-07 22:09:37 0 d-----w- c:\docume~1\mrdile~1\applic~1\Safer Networking

2010-04-07 22:09:22 0 d-----w- c:\program files\Safer Networking

2010-04-07 18:53:52 0 d-----w- c:\docume~1\mrdile~1\applic~1\Error Fix

2010-04-07 18:52:18 0 d-----w- c:\program files\Error Fix

2010-04-06 21:57:37 0 d-----w- c:\docume~1\mrdile~1\applic~1\Malwarebytes

2010-04-06 21:57:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-06 21:57:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-04-06 21:57:20 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-06 21:57:20 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-06 20:11:06 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-04-06 20:11:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-04-06 19:15:41 664 ----a-w- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

2010-04-19 20:34:08 61056 ----a-w- c:\windows\system32\drivers\ohci1394.sys

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 12:31:30 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-16 13:17:38 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 12:39:04 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:47:05 100864 ----a-w- c:\windows\system32\6to4svc.dll

============= FINISH: 20:29:19.17 ===============

Could not attach GMER ark.txt as scan would keep going wrong. Tried to do it 4 times but kept sticking and had to manually reboot, couldn't even close program or even open task manager or press start button! 3 of the 4 times it got stuck at:

Device ->driver\atapi\device\harddisk0\DR0

Malwarebytes keeps notifying me it is blocking connection to the following IP addresses whether or not Mozilla Firefoz is running:

213.163.89.104 / 213.163.89.105 / 213.163.89.106 / 208.73.210.50 / 61.61.20.132

Please help as I am losing my mind as I have been re-infected 4 times so far. Since upgrading to full Malwarebytes it seems to be getting blocked but for how much longer?!

I also have Norton Internet Secuirty & Spybot SD running but aren't stoppin it.

Attach.zip

Link to post
Share on other sites

Hello and welcome to Malwarebytes

We apologize for the delay in responding to your request for help. Please note that your topic was not intentionally overlooked.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

  1. Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]In the custom scan box paste the following:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s

[*]Push the runscanbutton.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened
  • Extra.txt<--Will be minimized

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

Link to post
Share on other sites

Thank you for replying to my post Myrti. In desperation I have been scanning other people's posts looking for fixes and doing various stuff. I know that is a bit silly but I was getting desperate!

The basics of the whole situation is that the XP Security virus started popping up about 2 weeks ago and then it stopped me opening programs. I already had Norton Internet Security 2009 installed and up to date running full protection as well as Spybot S&D with Resident SD Helper & Teatimer running.

As I am sure you know in the Task Manager it was showing up as VMA.exe which I had to keep shutting down manually to get anything working. I installed Mawarebytes as well which found more problems to fix. When I upgraded the Malwarebytes program to run the protection module it seemed to stop it re-infecting again for a while. During that time I kept getting notifications Malwarebytes had stopped connections to Malicious Websites every 10 seconds or so! Examples of recurring IP addresses are shown below:

213.163.89.104, 213.163.89.105, 213.163.89.106

208.73.210.50

61.61.20.132

64.62.181.46

I tried to follow the usual instructions on the forum "I'm infected - What do I do now?, Please follow these instructions to clean your system" but I couldn't get GMER to complete a scan successfully. I booted into Safe Mode many times and run scans with Malwarebytes, Spybot S&D & Norton to no avail.

I used DeFogger to disable the CD Emulation drivers & have also disabled System Restore. I have also run the DDS tool.

Then just Sunday Norton picked up 'Backdoor.Tidserv.l!inf' in a scan but it cannot be removed.

The information given was:

1 file & 1 browser cache

c:\recycler\s-l-5-21-4051791904-2798153970-1156491738-1007\dc41.sys

I could not find this anywhere myself or find a way to remove it. I ran the TDSS killer which didn't find anything.

I also downloaded JAVARA and got rid of old Java programs and installed the latest version as per notes I had seen in the forums. Since then the GMER scan has now run successfully if that helps at all.

I thank you in advance for your help with this draining problem I am having.

Please find the requested OTL log below and the Extras log on the following message as it is too long to go into 1 post.

-------------------------------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 27/04/2010 21:13:04 - Run 1

OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Mr Dileto\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 260.00 Mb Available Physical Memory | 25.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 460.87 Gb Total Space | 343.33 Gb Free Space | 74.50% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 293.69 Gb Total Space | 276.08 Gb Free Space | 94.00% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: YOUR-94761DD7AC

Current User Name: Mr Dileto

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/27 21:08:59 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr Dileto\Desktop\OTL.exe

PRC - [2010/04/01 19:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/03/29 15:24:54 | 000,303,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/03/29 15:24:52 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2009/08/22 08:28:17 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005/01/14 19:22:52 | 000,737,379 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

PRC - [2005/01/14 19:22:50 | 000,024,576 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

PRC - [2005/01/14 19:22:26 | 000,110,711 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

PRC - [2005/01/14 19:22:24 | 000,172,153 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

PRC - [2004/09/29 13:14:36 | 000,069,632 | -H-- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2004/08/04 13:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe

========== Modules (SafeList) ==========

MOD - [2010/04/27 21:08:59 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr Dileto\Desktop\OTL.exe

MOD - [2009/08/22 08:28:14 | 000,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\asOEHook.dll

MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (BGRaSvc)

SRV - [2010/04/23 20:15:40 | 001,265,264 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2010/03/29 15:24:54 | 000,303,952 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2009/08/22 08:28:17 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)

SRV - [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)

SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2005/01/14 19:22:50 | 000,024,576 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)

SRV - [2005/01/14 19:22:26 | 000,110,711 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)

SRV - [2005/01/14 19:22:24 | 000,172,153 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

SRV - [2004/09/29 13:14:36 | 000,069,632 | -H-- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2004/08/04 13:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)

SRV - [2004/08/04 13:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)

SRV - [2004/08/04 13:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)

SRV - [2004/08/04 13:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)

========== Driver Services (SafeList) ==========

DRV - [2010/04/23 23:49:53 | 000,061,056 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ohci1394.sys -- (ohci1394)

DRV - [2010/04/02 18:51:10 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100427.002\NAVEX15.SYS -- (NAVEX15)

DRV - [2010/04/02 18:51:10 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2010/04/02 18:51:10 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100427.002\NAVENG.SYS -- (NAVENG)

DRV - [2010/03/29 15:24:46 | 000,020,824 | -H-- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/02/04 16:53:02 | 000,064,288 | -H-- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2010/01/28 10:10:52 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\ccHPx86.sys -- (ccHP)

DRV - [2009/11/10 10:27:06 | 000,018,560 | -H-- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)

DRV - [2009/10/28 23:37:22 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSXpx86.sys -- (IDSxpx86)

DRV - [2009/08/27 09:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2009/08/22 08:28:17 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS -- (SymEFA)

DRV - [2009/08/22 08:28:17 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SRTSP.SYS -- (SRTSP)

DRV - [2009/08/22 08:28:17 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86)

DRV - [2009/08/22 08:28:17 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMTDI.SYS -- (SYMTDI)

DRV - [2009/08/22 08:28:17 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW)

DRV - [2009/08/22 08:28:17 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV - [2009/08/22 08:28:17 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDIS.SYS -- (SYMNDIS)

DRV - [2009/08/22 08:28:17 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS.SYS -- (SYMIDS)

DRV - [2009/08/20 18:27:49 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2009/08/18 20:11:17 | 000,036,400 | RH-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)

DRV - [2009/08/18 20:11:17 | 000,036,400 | RH-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)

DRV - [2009/02/09 08:37:56 | 000,007,808 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2009/02/09 08:37:48 | 000,007,808 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2009/02/09 08:37:46 | 000,022,016 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2009/02/09 08:37:46 | 000,017,664 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2008/08/26 10:26:12 | 000,018,816 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/05/03 06:46:00 | 006,554,496 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2007/08/22 19:51:28 | 009,611,520 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2006/11/30 14:58:42 | 000,090,800 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44unic.sys -- (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM)

DRV - [2006/11/30 14:58:34 | 000,086,432 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44obex.sys -- (se44obex)

DRV - [2006/11/30 14:58:32 | 000,018,704 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44nd5.sys -- (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS)

DRV - [2006/11/30 14:58:30 | 000,088,624 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44mgmt.sys -- (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM)

DRV - [2006/11/30 14:58:26 | 000,097,088 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44mdm.sys -- (se44mdm)

DRV - [2006/11/30 14:58:24 | 000,009,360 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44mdfl.sys -- (se44mdfl)

DRV - [2006/11/30 14:58:18 | 000,061,536 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44bus.sys -- (se44bus) Sony Ericsson Device 068 driver (WDM)

DRV - [2006/11/15 15:34:40 | 004,225,920 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/02/27 06:46:20 | 000,081,408 | RH-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2005/06/08 11:13:26 | 000,008,960 | RH-- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\modrc.sys -- (MODRC)

DRV - [2005/05/03 08:27:24 | 000,022,272 | RH-- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\modbda2.sys -- (MODBDA2)

DRV - [2005/05/02 08:52:12 | 000,018,304 | RH-- | M] (DiBcom S.A) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\modload2.sys -- (MODLOAD2)

DRV - [2005/02/05 08:00:00 | 000,085,888 | -H-- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\m5287.sys -- (m5287)

DRV - [2005/01/07 18:07:18 | 000,138,752 | -H-- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004/12/01 11:49:00 | 000,051,840 | -H-- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\m5289.sys -- (m5289)

DRV - [2004/08/13 11:56:20 | 000,005,810 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2004/08/04 00:10:14 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)

DRV - [2004/08/04 00:08:34 | 000,040,832 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IrBus.sys -- (IrBus)

DRV - [2004/08/04 00:07:44 | 000,043,008 | -H-- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2004/08/04 00:07:44 | 000,041,088 | -H-- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2004/08/03 23:07:56 | 000,059,264 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2004/04/20 11:13:00 | 000,472,960 | -H-- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)

DRV - [2003/08/06 10:43:00 | 000,159,744 | -H-- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)

DRV - [2001/08/17 15:07:44 | 000,019,072 | -H-- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)

DRV - [2001/08/17 15:07:42 | 000,030,688 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2001/08/17 15:07:40 | 000,028,384 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2001/08/17 15:07:36 | 000,032,640 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2001/08/17 15:07:34 | 000,016,256 | -H-- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)

DRV - [2001/08/17 14:52:22 | 000,036,736 | -H-- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)

DRV - [2001/08/17 14:52:20 | 000,045,312 | -H-- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2001/08/17 14:52:20 | 000,040,320 | -H-- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2001/08/17 14:52:18 | 000,049,024 | -H-- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2001/08/17 14:52:16 | 000,179,584 | -H-- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2001/08/17 14:52:12 | 000,017,280 | -H-- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2001/08/17 14:52:00 | 000,026,496 | -H-- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)

DRV - [2001/08/17 14:51:58 | 000,014,848 | -H-- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)

DRV - [2001/08/17 14:51:56 | 000,005,248 | -H-- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2001/08/17 14:51:54 | 000,006,656 | -H-- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.meshcomputers.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.meshcomputers.com

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.meshcomputers.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.meshcomputers.com

IE - HKU\S-1-5-21-4051791904-2798153970-1156491738-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/

IE - HKU\S-1-5-21-4051791904-2798153970-1156491738-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.virginmedia.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 22:02:58 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/15 20:23:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/25 09:09:11 | 000,000,000 | ---D | M]

[2010/04/15 20:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Dileto\Application Data\Mozilla\Extensions

[2010/04/26 22:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Dileto\Application Data\Mozilla\Firefox\Profiles\8fhp6hib.default\extensions

[2010/04/15 22:55:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mr Dileto\Application Data\Mozilla\Firefox\Profiles\8fhp6hib.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/04/27 19:26:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/04/24 19:16:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/04/24 19:16:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/04/01 17:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/04/25 10:18:36 | 000,392,807 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 13568 more lines...

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-4051791904-2798153970-1156491738-1007\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [Ptipbmf] C:\WINDOWS\System32\ptipbmf.dll (Promise Technology, Inc.)

O4 - HKU\S-1-5-21-4051791904-2798153970-1156491738-1007..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-4051791904-2798153970-1156491738-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4051791904-2798153970-1156491738-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 16895

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1226018765765 (WUWebControl Class)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/11/24 16:45:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2007/04/23 10:06:12 | 000,000,040 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/11/24 16:34:37 | 000,000,000 | -H-D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "Bonjour Service"

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: klmdb.sys - Driver

SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: SymEFA.sys - C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS (Symantec Corporation)

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: klmdb.sys - Driver

SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: SymEFA.sys - C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS (Symantec Corporation)

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -

ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/27 21:08:58 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mr Dileto\Desktop\OTL.exe

[2010/04/25 21:45:51 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2010/04/24 19:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/04/24 19:16:46 | 000,411,368 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/04/24 19:16:46 | 000,153,376 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/04/24 19:16:46 | 000,145,184 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/04/24 19:16:46 | 000,145,184 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/04/24 19:16:46 | 000,073,728 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010/04/24 19:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2010/04/24 19:08:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2010/04/24 19:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/04/24 19:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\Application Data\Sun

[2010/04/24 19:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2010/04/24 06:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Tiscali Browser

[2010/04/23 22:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\DoctorWeb

[2010/04/23 22:21:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010/04/23 20:16:30 | 000,064,288 | -H-- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2010/04/23 20:15:59 | 000,095,024 | -H-- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/04/23 20:13:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

[2010/04/23 20:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2010/04/23 20:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2010/04/23 18:29:57 | 011,862,896 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Mr Dileto\Desktop\mssefullinstall-x86fre-en-us-xp.exe

[2010/04/23 16:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/04/23 16:10:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/04/16 20:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real

[2010/04/16 20:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\My Documents\Downloads

[2010/04/15 20:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\Mozilla

[2010/04/15 20:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\Application Data\Mozilla

[2010/04/15 19:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2010/04/14 23:42:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\7E7D778E121D4BBDBA29FAA81B9FBD8C.TMP

[2010/04/14 22:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\avG

[2010/04/14 22:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG

[2010/04/07 23:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\Application Data\Safer Networking

[2010/04/07 23:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking

[2010/04/06 22:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\Application Data\Malwarebytes

[2010/04/06 22:57:24 | 000,038,224 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/06 22:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/04/06 22:57:20 | 000,020,824 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/04/06 22:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/04/06 21:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/04/06 21:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2010/04/06 20:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/04/06 20:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010/04/06 20:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/04/06 20:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2009/05/01 18:35:33 | 000,176,128 | -H-- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll

[2009/05/01 18:35:29 | 000,184,320 | -H-- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/27 21:08:59 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr Dileto\Desktop\OTL.exe

[2010/04/27 20:43:59 | 000,012,598 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/04/27 19:25:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/04/27 19:25:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/04/26 23:29:23 | 010,485,760 | -H-- | M] () -- C:\Documents and Settings\Mr Dileto\NTUSER.DAT

[2010/04/26 23:28:55 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Mr Dileto\ntuser.ini

[2010/04/26 22:22:30 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\Microsoft Office Outlook 2003.lnk

[2010/04/25 23:42:30 | 000,047,096 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/04/25 22:26:00 | 000,600,596 | -H-- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/04/25 22:26:00 | 000,498,730 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/04/25 22:26:00 | 000,090,770 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/04/25 22:21:45 | 000,175,717 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/04/25 21:57:55 | 000,000,921 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/04/25 21:57:55 | 000,000,239 | -HS- | M] () -- C:\boot.ini

[2010/04/25 21:57:55 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/04/25 10:18:36 | 000,392,807 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/04/24 19:16:25 | 000,153,376 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/04/24 19:16:25 | 000,145,184 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/04/24 19:16:25 | 000,145,184 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/04/24 19:16:25 | 000,073,728 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010/04/24 19:16:24 | 000,411,368 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/04/24 19:06:09 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/04/24 08:00:20 | 000,208,104 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/04/24 07:19:59 | 000,392,807 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100425-101836.backup

[2010/04/24 07:19:54 | 000,392,807 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100424-071959.backup

[2010/04/24 00:01:24 | 000,392,807 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100424-071954.backup

[2010/04/23 23:49:53 | 000,061,056 | -H-- | M] () -- C:\WINDOWS\System32\drivers\ohci1394.sys

[2010/04/23 23:47:36 | 000,061,056 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys

[2010/04/23 22:52:31 | 038,206,344 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\drweb-cureit.exe

[2010/04/23 20:15:57 | 000,095,024 | -H-- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/04/23 20:15:55 | 000,015,880 | -H-- | M] () -- C:\WINDOWS\System32\lsdelete.exe

[2010/04/23 20:13:19 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2010/04/23 18:30:03 | 011,862,896 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mr Dileto\Desktop\mssefullinstall-x86fre-en-us-xp.exe

[2010/04/23 16:39:06 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\gmer.exe

[2010/04/23 15:08:00 | 000,392,807 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100424-000123.backup

[2010/04/22 19:01:15 | 000,392,702 | R--- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\hosts

[2010/04/22 18:32:12 | 000,015,974 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\YciVS0tH5

[2010/04/20 22:14:01 | 000,000,970 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\Spybot - Search & Destroy.lnk

[2010/04/20 22:12:30 | 000,391,944 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100422-190115.backup

[2010/04/20 21:27:44 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\dds.scr

[2010/04/20 21:14:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\defogger_reenable

[2010/04/20 21:12:53 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\Defogger.exe

[2010/04/20 20:37:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/04/19 21:17:22 | 000,391,944 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100420-221230.backup

[2010/04/19 20:00:00 | 000,000,630 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Mr Dileto.job

[2010/04/18 19:13:17 | 000,018,372 | -HS- | M] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\xSWFi252

[2010/04/18 19:13:17 | 000,018,372 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\xSWFi252

[2010/04/18 18:54:52 | 000,391,944 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100419-211722.backup

[2010/04/15 22:18:25 | 000,000,664 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/04/15 20:23:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2010/04/15 19:38:01 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/04/14 22:05:41 | 000,391,944 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100418-185452.backup

[2010/04/14 22:03:36 | 000,014,950 | -HS- | M] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\6Y5qPA2XU80

[2010/04/14 22:03:36 | 000,014,950 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6Y5qPA2XU80

[2010/04/12 19:29:53 | 000,000,552 | -H-- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/04/11 20:45:47 | 002,004,740 | ---- | M] () -- C:\WINDOWS\iis6.BAK

[2010/04/11 19:56:50 | 000,016,484 | -HS- | M] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\xiNN54TR6Jl5

[2010/04/11 19:56:50 | 000,016,484 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\xiNN54TR6Jl5

[2010/04/11 19:52:06 | 000,385,900 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100414-220541.backup

[2010/04/07 20:09:19 | 000,385,900 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100411-195206.backup

[2010/04/06 22:57:28 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/04/06 22:25:37 | 000,385,900 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100407-200919.backup

[2010/04/06 21:15:06 | 000,385,900 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100406-222537.backup

[2010/04/03 19:22:57 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/04/03 10:20:41 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\Microsoft Office Excel 2003.lnk

[2010/03/29 15:24:58 | 000,038,224 | -H-- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/03/29 15:24:46 | 000,020,824 | -H-- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/25 21:57:56 | 000,001,815 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2010/04/24 19:06:09 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/04/23 22:46:08 | 038,206,344 | ---- | C] () -- C:\Documents and Settings\Mr Dileto\Desktop\drweb-cureit.exe

[2010/04/23 20:37:27 | 000,015,880 | -H-- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2010/04/23 20:13:19 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2010/04/23 15:07:40 | 000,392,702 | R--- | C] () -- C:\Documents and Settings\Mr Dileto\Desktop\hosts

[2010/04/22 18:30:22 | 000,015,974 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\YciVS0tH5

[2010/04/22 18:30:22 | 000,015,974 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\YciVS0tH5

[2010/04/20 21:27:44 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Mr Dileto\Desktop\dds.scr

[2010/04/20 21:14:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mr Dileto\defogger_reenable

[2010/04/20 21:12:53 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Mr Dileto\Desktop\Defogger.exe

[2010/04/19 21:00:51 | 000,000,970 | ---- | C] () -- C:\Documents and Settings\Mr Dileto\Desktop\Spybot - Search & Destroy.lnk

[2010/04/18 18:46:50 | 000,018,372 | -HS- | C] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\xSWFi252

[2010/04/18 18:37:29 | 000,018,372 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xSWFi252

[2010/04/18 18:37:29 | 000,018,356 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\xSWFi252

[2010/04/15 20:23:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/04/15 19:38:01 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/04/14 22:02:26 | 000,014,950 | -HS- | C] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\6Y5qPA2XU80

[2010/04/14 21:39:40 | 000,014,950 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\6Y5qPA2XU80

[2010/04/14 21:39:40 | 000,014,950 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6Y5qPA2XU80

[2010/04/12 19:29:53 | 000,000,552 | -H-- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/04/11 18:55:06 | 000,016,484 | -HS- | C] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\xiNN54TR6Jl5

[2010/04/11 18:55:06 | 000,016,484 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xiNN54TR6Jl5

[2010/04/06 22:57:28 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/04/06 20:15:41 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/10/12 21:36:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI

[2009/08/03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/05/01 18:35:33 | 009,611,520 | -H-- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys

[2009/05/01 18:35:33 | 000,028,160 | -H-- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys

[2009/05/01 18:35:33 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini

[2008/12/22 23:49:17 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini

[2008/11/17 23:26:39 | 000,000,049 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini

[2008/11/12 20:24:08 | 000,363,520 | -H-- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2008/11/11 13:13:03 | 000,003,654 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll

[2008/10/29 13:10:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/10/29 12:47:43 | 000,061,056 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ohci1394.sys

[2007/05/13 20:58:44 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll

[2006/10/22 13:22:00 | 001,703,936 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/10/22 13:22:00 | 001,486,848 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/10/22 13:22:00 | 001,019,904 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/10/22 13:22:00 | 000,581,632 | -H-- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/10/22 13:22:00 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/10/22 13:22:00 | 000,286,720 | -H-- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2005/11/24 17:07:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/11/24 16:59:38 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2005/11/24 16:49:10 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005/11/24 16:42:31 | 000,021,791 | -H-- | C] () -- C:\WINDOWS\System32\smtpctrs.ini

[2005/11/24 16:42:31 | 000,001,037 | -H-- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini

[2005/11/24 16:42:17 | 000,038,576 | -H-- | C] () -- C:\WINDOWS\System32\w3ctrs.ini

[2005/11/24 16:42:17 | 000,007,909 | -H-- | C] () -- C:\WINDOWS\System32\ftpctrs.ini

[2005/11/24 16:42:16 | 000,011,435 | -H-- | C] () -- C:\WINDOWS\System32\infoctrs.ini

[2005/11/24 16:42:16 | 000,010,225 | -H-- | C] () -- C:\WINDOWS\System32\axperf.ini

[2005/09/09 23:39:14 | 000,002,679 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2003/01/07 16:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2002/02/07 09:00:22 | 000,005,810 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

========== Custom Scans ==========

< %systemroot%\system32\*.dll /lockedfiles >

[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< MD5 for: AGP440.SYS >

[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys

[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys

[2004/08/04 00:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys

[2004/08/04 00:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >

[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys

[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys

[2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys

[2010/04/23 20:40:16 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

[2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll

[2004/08/04 13:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll

[2004/08/04 13:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >

[2006/05/11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\DRIVERS\SCSI\INTEL\ICH6\iastor.sys

[2006/05/11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\OEMdriver\12\iastor.sys

[2004/04/20 11:13:30 | 000,472,960 | ---- | M] (Intel Corporation) MD5=C9F030A5E43AEDFABE0A39DF0A0DCBEB -- C:\DRIVERS\OEMDRIVER\2\iastor.sys

[2004/04/20 11:13:00 | 000,472,960 | -H-- | M] (Intel Corporation) MD5=C9F030A5E43AEDFABE0A39DF0A0DCBEB -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >

[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll

[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

[2004/08/04 13:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll

[2004/08/04 13:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >

[2005/05/17 17:45:00 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\DRIVERS\SCSI\nvidia\sataraid\nvatabus.sys

[2005/05/17 17:45:00 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\DRIVERS\SCSI\oemdriver\1\nvatabus.sys

[2005/05/17 17:45:00 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\OEMdriver\11\nvatabus.sys

[2004/09/02 16:24:38 | 000,082,816 | ---- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\DRIVERS\OEMDRIVER\8\NvAtaBus.sys

[2004/09/02 16:24:38 | 000,082,816 | ---- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\DRIVERS\SCSI\nvidia\6.22\NvAtaBus.sys

< MD5 for: SCECLI.DLL >

[2004/08/04 13:00:00 | 000,180,224 | -H-- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll

[2004/08/04 13:00:00 | 000,180,224 | -H-- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

< MD5 for: VIAMRAID.SYS >

[2004/03/29 13:45:36 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\DRIVERS\OEMDRIVER\7\viamraid.sys

[2004/03/29 13:45:00 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\DRIVERS\SCSI\oemdriver\8\viamraid.sys

[2004/03/29 13:45:00 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\DRIVERS\SCSI\VIA\RAID\2003IA32\viamraid.sys

[2004/03/29 13:45:00 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\DRIVERS\SCSI\VIA\RAID\Win2000\viamraid.sys

[2004/03/29 13:45:00 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\DRIVERS\SCSI\VIA\RAID\Winxp\viamraid.sys

[2004/03/29 13:45:00 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\WINDOWS\OEMdriver\8\viamraid.sys

[2004/03/29 13:45:00 | 000,073,600 | -H-- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\WINDOWS\system32\drivers\viamraid.sys

[2004/03/29 13:45:00 | 000,080,576 | ---- | M] (VIA Technologies inc,.ltd) MD5=9CF8BAD2B61BD1617E1AEC88FFECAEF3 -- C:\DRIVERS\SCSI\VIA\RAID\Winnt40\viamraid.sys

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 4348 bytes -> C:\WINDOWS\MESH_SKY.BMP:$Q30lsldxJoudresxAaaqpcawXc

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Link to post
Share on other sites

OTL logfile created on: 27/04/2010 21:13:04 - Run 1

OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Mr Dileto\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 260.00 Mb Available Physical Memory | 25.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 460.87 Gb Total Space | 343.33 Gb Free Space | 74.50% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 293.69 Gb Total Space | 276.08 Gb Free Space | 94.00% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: YOUR-94761DD7AC

Current User Name: Mr Dileto

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/27 21:08:59 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr Dileto\Desktop\OTL.exe

PRC - [2010/04/01 19:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/03/29 15:24:54 | 000,303,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/03/29 15:24:52 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2009/08/22 08:28:17 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005/01/14 19:22:52 | 000,737,379 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

PRC - [2005/01/14 19:22:50 | 000,024,576 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

PRC - [2005/01/14 19:22:26 | 000,110,711 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

PRC - [2005/01/14 19:22:24 | 000,172,153 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

PRC - [2004/09/29 13:14:36 | 000,069,632 | -H-- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2004/08/04 13:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe

========== Modules (SafeList) ==========

MOD - [2010/04/27 21:08:59 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr Dileto\Desktop\OTL.exe

MOD - [2009/08/22 08:28:14 | 000,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\asOEHook.dll

MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (BGRaSvc)

SRV - [2010/04/23 20:15:40 | 001,265,264 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2010/03/29 15:24:54 | 000,303,952 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2009/08/22 08:28:17 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)

SRV - [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)

SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2005/01/14 19:22:50 | 000,024,576 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)

SRV - [2005/01/14 19:22:26 | 000,110,711 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)

SRV - [2005/01/14 19:22:24 | 000,172,153 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

SRV - [2004/09/29 13:14:36 | 000,069,632 | -H-- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2004/08/04 13:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)

SRV - [2004/08/04 13:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)

SRV - [2004/08/04 13:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)

SRV - [2004/08/04 13:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)

========== Driver Services (SafeList) ==========

DRV - [2010/04/23 23:49:53 | 000,061,056 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ohci1394.sys -- (ohci1394)

DRV - [2010/04/02 18:51:10 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100427.002\NAVEX15.SYS -- (NAVEX15)

DRV - [2010/04/02 18:51:10 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2010/04/02 18:51:10 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100427.002\NAVENG.SYS -- (NAVENG)

DRV - [2010/03/29 15:24:46 | 000,020,824 | -H-- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/02/04 16:53:02 | 000,064,288 | -H-- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2010/01/28 10:10:52 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\ccHPx86.sys -- (ccHP)

DRV - [2009/11/10 10:27:06 | 000,018,560 | -H-- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)

DRV - [2009/10/28 23:37:22 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSXpx86.sys -- (IDSxpx86)

DRV - [2009/08/27 09:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2009/08/22 08:28:17 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS -- (SymEFA)

DRV - [2009/08/22 08:28:17 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SRTSP.SYS -- (SRTSP)

DRV - [2009/08/22 08:28:17 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86)

DRV - [2009/08/22 08:28:17 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMTDI.SYS -- (SYMTDI)

DRV - [2009/08/22 08:28:17 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW)

DRV - [2009/08/22 08:28:17 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV - [2009/08/22 08:28:17 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDIS.SYS -- (SYMNDIS)

DRV - [2009/08/22 08:28:17 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS.SYS -- (SYMIDS)

DRV - [2009/08/20 18:27:49 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2009/08/18 20:11:17 | 000,036,400 | RH-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)

DRV - [2009/08/18 20:11:17 | 000,036,400 | RH-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)

DRV - [2009/02/09 08:37:56 | 000,007,808 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2009/02/09 08:37:48 | 000,007,808 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2009/02/09 08:37:46 | 000,022,016 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2009/02/09 08:37:46 | 000,017,664 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2008/08/26 10:26:12 | 000,018,816 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/05/03 06:46:00 | 006,554,496 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2007/08/22 19:51:28 | 009,611,520 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2006/11/30 14:58:42 | 000,090,800 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44unic.sys -- (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM)

DRV - [2006/11/30 14:58:34 | 000,086,432 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44obex.sys -- (se44obex)

DRV - [2006/11/30 14:58:32 | 000,018,704 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44nd5.sys -- (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS)

DRV - [2006/11/30 14:58:30 | 000,088,624 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44mgmt.sys -- (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM)

DRV - [2006/11/30 14:58:26 | 000,097,088 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44mdm.sys -- (se44mdm)

DRV - [2006/11/30 14:58:24 | 000,009,360 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44mdfl.sys -- (se44mdfl)

DRV - [2006/11/30 14:58:18 | 000,061,536 | RH-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44bus.sys -- (se44bus) Sony Ericsson Device 068 driver (WDM)

DRV - [2006/11/15 15:34:40 | 004,225,920 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/02/27 06:46:20 | 000,081,408 | RH-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2005/06/08 11:13:26 | 000,008,960 | RH-- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\modrc.sys -- (MODRC)

DRV - [2005/05/03 08:27:24 | 000,022,272 | RH-- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\modbda2.sys -- (MODBDA2)

DRV - [2005/05/02 08:52:12 | 000,018,304 | RH-- | M] (DiBcom S.A) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\modload2.sys -- (MODLOAD2)

DRV - [2005/02/05 08:00:00 | 000,085,888 | -H-- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\m5287.sys -- (m5287)

DRV - [2005/01/07 18:07:18 | 000,138,752 | -H-- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004/12/01 11:49:00 | 000,051,840 | -H-- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\m5289.sys -- (m5289)

DRV - [2004/08/13 11:56:20 | 000,005,810 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2004/08/04 00:10:14 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)

DRV - [2004/08/04 00:08:34 | 000,040,832 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IrBus.sys -- (IrBus)

DRV - [2004/08/04 00:07:44 | 000,043,008 | -H-- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2004/08/04 00:07:44 | 000,041,088 | -H-- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2004/08/03 23:07:56 | 000,059,264 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2004/04/20 11:13:00 | 000,472,960 | -H-- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)

DRV - [2003/08/06 10:43:00 | 000,159,744 | -H-- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)

DRV - [2001/08/17 15:07:44 | 000,019,072 | -H-- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)

DRV - [2001/08/17 15:07:42 | 000,030,688 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2001/08/17 15:07:40 | 000,028,384 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2001/08/17 15:07:36 | 000,032,640 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2001/08/17 15:07:34 | 000,016,256 | -H-- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)

DRV - [2001/08/17 14:52:22 | 000,036,736 | -H-- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)

DRV - [2001/08/17 14:52:20 | 000,045,312 | -H-- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2001/08/17 14:52:20 | 000,040,320 | -H-- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2001/08/17 14:52:18 | 000,049,024 | -H-- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2001/08/17 14:52:16 | 000,179,584 | -H-- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2001/08/17 14:52:12 | 000,017,280 | -H-- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2001/08/17 14:52:00 | 000,026,496 | -H-- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)

DRV - [2001/08/17 14:51:58 | 000,014,848 | -H-- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)

DRV - [2001/08/17 14:51:56 | 000,005,248 | -H-- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2001/08/17 14:51:54 | 000,006,656 | -H-- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.meshcomputers.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.meshcomputers.com

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.meshcomputers.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.meshcomputers.com

IE - HKU\S-1-5-21-4051791904-2798153970-1156491738-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/

IE - HKU\S-1-5-21-4051791904-2798153970-1156491738-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.virginmedia.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 22:02:58 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/15 20:23:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/25 09:09:11 | 000,000,000 | ---D | M]

[2010/04/15 20:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Dileto\Application Data\Mozilla\Extensions

[2010/04/26 22:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Dileto\Application Data\Mozilla\Firefox\Profiles\8fhp6hib.default\extensions

[2010/04/15 22:55:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mr Dileto\Application Data\Mozilla\Firefox\Profiles\8fhp6hib.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/04/27 19:26:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/04/24 19:16:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/04/24 19:16:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/04/01 17:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/04/25 10:18:36 | 000,392,807 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 13568 more lines...

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-4051791904-2798153970-1156491738-1007\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [Ptipbmf] C:\WINDOWS\System32\ptipbmf.dll (Promise Technology, Inc.)

O4 - HKU\S-1-5-21-4051791904-2798153970-1156491738-1007..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-4051791904-2798153970-1156491738-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4051791904-2798153970-1156491738-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 16895

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1226018765765 (WUWebControl Class)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/11/24 16:45:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2007/04/23 10:06:12 | 000,000,040 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/11/24 16:34:37 | 000,000,000 | -H-D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "Bonjour Service"

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: klmdb.sys - Driver

SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: SymEFA.sys - C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS (Symantec Corporation)

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: klmdb.sys - Driver

SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: SymEFA.sys - C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS (Symantec Corporation)

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -

ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/27 21:08:58 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mr Dileto\Desktop\OTL.exe

[2010/04/25 21:45:51 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2010/04/24 19:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/04/24 19:16:46 | 000,411,368 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/04/24 19:16:46 | 000,153,376 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/04/24 19:16:46 | 000,145,184 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/04/24 19:16:46 | 000,145,184 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/04/24 19:16:46 | 000,073,728 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010/04/24 19:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2010/04/24 19:08:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2010/04/24 19:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/04/24 19:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\Application Data\Sun

[2010/04/24 19:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2010/04/24 06:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Tiscali Browser

[2010/04/23 22:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\DoctorWeb

[2010/04/23 22:21:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010/04/23 20:16:30 | 000,064,288 | -H-- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2010/04/23 20:15:59 | 000,095,024 | -H-- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/04/23 20:13:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

[2010/04/23 20:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2010/04/23 20:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2010/04/23 18:29:57 | 011,862,896 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Mr Dileto\Desktop\mssefullinstall-x86fre-en-us-xp.exe

[2010/04/23 16:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/04/23 16:10:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/04/16 20:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real

[2010/04/16 20:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\My Documents\Downloads

[2010/04/15 20:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\Mozilla

[2010/04/15 20:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\Application Data\Mozilla

[2010/04/15 19:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2010/04/14 23:42:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\7E7D778E121D4BBDBA29FAA81B9FBD8C.TMP

[2010/04/14 22:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\avG

[2010/04/14 22:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG

[2010/04/07 23:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\Application Data\Safer Networking

[2010/04/07 23:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking

[2010/04/06 22:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Dileto\Application Data\Malwarebytes

[2010/04/06 22:57:24 | 000,038,224 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/06 22:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/04/06 22:57:20 | 000,020,824 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/04/06 22:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/04/06 21:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/04/06 21:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2010/04/06 20:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/04/06 20:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010/04/06 20:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/04/06 20:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2009/05/01 18:35:33 | 000,176,128 | -H-- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll

[2009/05/01 18:35:29 | 000,184,320 | -H-- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/27 21:08:59 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr Dileto\Desktop\OTL.exe

[2010/04/27 20:43:59 | 000,012,598 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/04/27 19:25:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/04/27 19:25:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/04/26 23:29:23 | 010,485,760 | -H-- | M] () -- C:\Documents and Settings\Mr Dileto\NTUSER.DAT

[2010/04/26 23:28:55 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Mr Dileto\ntuser.ini

[2010/04/26 22:22:30 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\Microsoft Office Outlook 2003.lnk

[2010/04/25 23:42:30 | 000,047,096 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/04/25 22:26:00 | 000,600,596 | -H-- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/04/25 22:26:00 | 000,498,730 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/04/25 22:26:00 | 000,090,770 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/04/25 22:21:45 | 000,175,717 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/04/25 21:57:55 | 000,000,921 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/04/25 21:57:55 | 000,000,239 | -HS- | M] () -- C:\boot.ini

[2010/04/25 21:57:55 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/04/25 10:18:36 | 000,392,807 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/04/24 19:16:25 | 000,153,376 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/04/24 19:16:25 | 000,145,184 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/04/24 19:16:25 | 000,145,184 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/04/24 19:16:25 | 000,073,728 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010/04/24 19:16:24 | 000,411,368 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/04/24 19:06:09 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/04/24 08:00:20 | 000,208,104 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/04/24 07:19:59 | 000,392,807 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100425-101836.backup

[2010/04/24 07:19:54 | 000,392,807 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100424-071959.backup

[2010/04/24 00:01:24 | 000,392,807 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100424-071954.backup

[2010/04/23 23:49:53 | 000,061,056 | -H-- | M] () -- C:\WINDOWS\System32\drivers\ohci1394.sys

[2010/04/23 23:47:36 | 000,061,056 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys

[2010/04/23 22:52:31 | 038,206,344 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\drweb-cureit.exe

[2010/04/23 20:15:57 | 000,095,024 | -H-- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/04/23 20:15:55 | 000,015,880 | -H-- | M] () -- C:\WINDOWS\System32\lsdelete.exe

[2010/04/23 20:13:19 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2010/04/23 18:30:03 | 011,862,896 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mr Dileto\Desktop\mssefullinstall-x86fre-en-us-xp.exe

[2010/04/23 16:39:06 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\gmer.exe

[2010/04/23 15:08:00 | 000,392,807 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100424-000123.backup

[2010/04/22 19:01:15 | 000,392,702 | R--- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\hosts

[2010/04/22 18:32:12 | 000,015,974 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\YciVS0tH5

[2010/04/20 22:14:01 | 000,000,970 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\Spybot - Search & Destroy.lnk

[2010/04/20 22:12:30 | 000,391,944 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100422-190115.backup

[2010/04/20 21:27:44 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\dds.scr

[2010/04/20 21:14:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\defogger_reenable

[2010/04/20 21:12:53 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\Defogger.exe

[2010/04/20 20:37:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/04/19 21:17:22 | 000,391,944 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100420-221230.backup

[2010/04/19 20:00:00 | 000,000,630 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Mr Dileto.job

[2010/04/18 19:13:17 | 000,018,372 | -HS- | M] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\xSWFi252

[2010/04/18 19:13:17 | 000,018,372 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\xSWFi252

[2010/04/18 18:54:52 | 000,391,944 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100419-211722.backup

[2010/04/15 22:18:25 | 000,000,664 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/04/15 20:23:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2010/04/15 19:38:01 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/04/14 22:05:41 | 000,391,944 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100418-185452.backup

[2010/04/14 22:03:36 | 000,014,950 | -HS- | M] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\6Y5qPA2XU80

[2010/04/14 22:03:36 | 000,014,950 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6Y5qPA2XU80

[2010/04/12 19:29:53 | 000,000,552 | -H-- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/04/11 20:45:47 | 002,004,740 | ---- | M] () -- C:\WINDOWS\iis6.BAK

[2010/04/11 19:56:50 | 000,016,484 | -HS- | M] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\xiNN54TR6Jl5

[2010/04/11 19:56:50 | 000,016,484 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\xiNN54TR6Jl5

[2010/04/11 19:52:06 | 000,385,900 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100414-220541.backup

[2010/04/07 20:09:19 | 000,385,900 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100411-195206.backup

[2010/04/06 22:57:28 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/04/06 22:25:37 | 000,385,900 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100407-200919.backup

[2010/04/06 21:15:06 | 000,385,900 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100406-222537.backup

[2010/04/03 19:22:57 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/04/03 10:20:41 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Mr Dileto\Desktop\Microsoft Office Excel 2003.lnk

[2010/03/29 15:24:58 | 000,038,224 | -H-- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/03/29 15:24:46 | 000,020,824 | -H-- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/25 21:57:56 | 000,001,815 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2010/04/24 19:06:09 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/04/23 22:46:08 | 038,206,344 | ---- | C] () -- C:\Documents and Settings\Mr Dileto\Desktop\drweb-cureit.exe

[2010/04/23 20:37:27 | 000,015,880 | -H-- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2010/04/23 20:13:19 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2010/04/23 15:07:40 | 000,392,702 | R--- | C] () -- C:\Documents and Settings\Mr Dileto\Desktop\hosts

[2010/04/22 18:30:22 | 000,015,974 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\YciVS0tH5

[2010/04/22 18:30:22 | 000,015,974 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\YciVS0tH5

[2010/04/20 21:27:44 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Mr Dileto\Desktop\dds.scr

[2010/04/20 21:14:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mr Dileto\defogger_reenable

[2010/04/20 21:12:53 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Mr Dileto\Desktop\Defogger.exe

[2010/04/19 21:00:51 | 000,000,970 | ---- | C] () -- C:\Documents and Settings\Mr Dileto\Desktop\Spybot - Search & Destroy.lnk

[2010/04/18 18:46:50 | 000,018,372 | -HS- | C] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\xSWFi252

[2010/04/18 18:37:29 | 000,018,372 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xSWFi252

[2010/04/18 18:37:29 | 000,018,356 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\xSWFi252

[2010/04/15 20:23:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/04/15 19:38:01 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/04/14 22:02:26 | 000,014,950 | -HS- | C] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\6Y5qPA2XU80

[2010/04/14 21:39:40 | 000,014,950 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\6Y5qPA2XU80

[2010/04/14 21:39:40 | 000,014,950 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6Y5qPA2XU80

[2010/04/12 19:29:53 | 000,000,552 | -H-- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/04/11 18:55:06 | 000,016,484 | -HS- | C] () -- C:\Documents and Settings\Mr Dileto\Local Settings\Application Data\xiNN54TR6Jl5

[2010/04/11 18:55:06 | 000,016,484 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xiNN54TR6Jl5

[2010/04/06 22:57:28 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/04/06 20:15:41 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/10/12 21:36:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI

[2009/08/03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/05/01 18:35:33 | 009,611,520 | -H-- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys

[2009/05/01 18:35:33 | 000,028,160 | -H-- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys

[2009/05/01 18:35:33 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini

[2008/12/22 23:49:17 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini

[2008/11/17 23:26:39 | 000,000,049 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini

[2008/11/12 20:24:08 | 000,363,520 | -H-- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2008/11/11 13:13:03 | 000,003,654 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll

[2008/10/29 13:10:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/10/29 12:47:43 | 000,061,056 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ohci1394.sys

[2007/05/13 20:58:44 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll

[2006/10/22 13:22:00 | 001,703,936 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/10/22 13:22:00 | 001,486,848 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/10/22 13:22:00 | 001,019,904 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/10/22 13:22:00 | 000,581,632 | -H-- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/10/22 13:22:00 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/10/22 13:22:00 | 000,286,720 | -H-- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2005/11/24 17:07:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/11/24 16:59:38 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2005/11/24 16:49:10 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005/11/24 16:42:31 | 000,021,791 | -H-- | C] () -- C:\WINDOWS\System32\smtpctrs.ini

[2005/11/24 16:42:31 | 000,001,037 | -H-- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini

[2005/11/24 16:42:17 | 000,038,576 | -H-- | C] () -- C:\WINDOWS\System32\w3ctrs.ini

[2005/11/24 16:42:17 | 000,007,909 | -H-- | C] () -- C:\WINDOWS\System32\ftpctrs.ini

[2005/11/24 16:42:16 | 000,011,435 | -H-- | C] () -- C:\WINDOWS\System32\infoctrs.ini

[2005/11/24 16:42:16 | 000,010,225 | -H-- | C] () -- C:\WINDOWS\System32\axperf.ini

[2005/09/09 23:39:14 | 000,002,679 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2003/01/07 16:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2002/02/07 09:00:22 | 000,005,810 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

========== Custom Scans ==========

< %systemroot%\system32\*.dll /lockedfiles >

[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< MD5 for: AGP440.SYS >

[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys

[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys

[2004/08/04 00:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys

[2004/08/04 00:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >

[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys

[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys

[2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys

[2010/04/23 20:40:16 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

[2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll

[2004/08/04 13:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll

[2004/08/04 13:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >

[2006/05/11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\DRIVERS\SCSI\INTEL\ICH6\iastor.sys

[2006/05/11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\OEMdriver\12\iastor.sys

[2004/04/20 11:13:30 | 000,472,960 | ---- | M] (Intel Corporation) MD5=C9F030A5E43AEDFABE0A39DF0A0DCBEB -- C:\DRIVERS\OEMDRIVER\2\iastor.sys

[2004/04/20 11:13:00 | 000,472,960 | -H-- | M] (Intel Corporation) MD5=C9F030A5E43AEDFABE0A39DF0A0DCBEB -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >

[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll

[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

[2004/08/04 13:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll

[2004/08/04 13:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >

[2005/05/17 17:45:00 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\DRIVERS\SCSI\nvidia\sataraid\nvatabus.sys

[2005/05/17 17:45:00 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\DRIVERS\SCSI\oemdriver\1\nvatabus.sys

[2005/05/17 17:45:00 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\OEMdriver\11\nvatabus.sys

[2004/09/02 16:24:38 | 000,082,816 | ---- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\DRIVERS\OEMDRIVER\8\NvAtaBus.sys

[2004/09/02 16:24:38 | 000,082,816 | ---- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\DRIVERS\SCSI\nvidia\6.22\NvAtaBus.sys

< MD5 for: SCECLI.DLL >

[2004/08/04 13:00:00 | 000,180,224 | -H-- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll

[2004/08/04 13:00:00 | 000,180,224 | -H-- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

< MD5 for: VIAMRAID.SYS >

[2004/03/29 13:45:36 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\DRIVERS\OEMDRIVER\7\viamraid.sys

[2004/03/29 13:45:00 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\DRIVERS\SCSI\oemdriver\8\viamraid.sys

[2004/03/29 13:45:00 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\DRIVERS\SCSI\VIA\RAID\2003IA32\viamraid.sys

[2004/03/29 13:45:00 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\DRIVERS\SCSI\VIA\RAID\Win2000\viamraid.sys

[2004/03/29 13:45:00 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\DRIVERS\SCSI\VIA\RAID\Winxp\viamraid.sys

[2004/03/29 13:45:00 | 000,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\WINDOWS\OEMdriver\8\viamraid.sys

[2004/03/29 13:45:00 | 000,073,600 | -H-- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\WINDOWS\system32\drivers\viamraid.sys

[2004/03/29 13:45:00 | 000,080,576 | ---- | M] (VIA Technologies inc,.ltd) MD5=9CF8BAD2B61BD1617E1AEC88FFECAEF3 -- C:\DRIVERS\SCSI\VIA\RAID\Winnt40\viamraid.sys

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 4348 bytes -> C:\WINDOWS\MESH_SKY.BMP:$Q30lsldxJoudresxAaaqpcawXc

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

OTL Extras logfile created on: 27/04/2010 21:13:04 - Run 1

OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Mr Dileto\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 260.00 Mb Available Physical Memory | 25.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 460.87 Gb Total Space | 343.33 Gb Free Space | 74.50% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 293.69 Gb Total Space | 276.08 Gb Free Space | 94.00% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: YOUR-94761DD7AC

Current User Name: Mr Dileto

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-4051791904-2798153970-1156491738-1007\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe" = C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema -- (CyberLink Corp.)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger

"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution

"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan

"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy

"{150C6C87-D187-4105-BF7A-090378D7AE2A}" = Nokia Ovi Suite

"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant

"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = PowerStarter

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls

"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema 4.0

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer

"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload

"{2FA28330-2028-4033-BD10-425C87EB4D54}" = Nokia Software Updater

"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook

"{340695E9-AABC-4BCE-98CC-DFDC20649242}" = Enterprise

"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext

"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB2.0 UVC Camera

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0

"{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer

"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4AE48A64-6C6A-4E5A-95FA-55F5131DECF9}" = Nokia Ovi One Touch Access

"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver

"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver

"{5D6EC6F7-9B38-4a02-B063-97C2048B56A2}" = 7200_Help

"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier

"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update

"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations

"{6EB6C056-02BB-453E-8448-EC90B9794180}" = Nokia Multimedia Common Components 2.4

"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics

"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8

"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{8EA67542-82B6-4c5c-8AD3-CD36232C1362}" = HP PSC & Officejet 4.7 Corporate Edition

"{8F7A4D82-B168-4F89-99C2-B9873EC877AF}" = HP Image Zone Express

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A4E0CA0F-1903-440A-9B98-FEA6CB049999}" = Nokia Flashing Cable Driver

"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer

"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes

"{A7391302-FADF-4314-80DC-C757DAE45178}" = 7200

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3

"{AC966B90-53CA-4710-8EEE-57ED25387872}" = 7200Trb

"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver

"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup 1.0

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = PowerDVD Copy 1.0

"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F9EA1C47-64A6-45E4-9A80-8CC1575B971D}" = Nokia Ovi System Utilities

"{FC906D5C-91F9-4DA4-A765-6DCBB669F317}" = Sony Ericsson PC Suite

"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard

"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)

"Ad-Aware" = Ad-Aware

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"DigiGuide TV Guide" = DigiGuide TV Guide

"ESET Online Scanner" = ESET Online Scanner v3

"GOM Player" = GOM Player

"HP Photo & Imaging" = HP Image Zone 4.7

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mesh" = Mesh Online

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NIS" = Norton Internet Security

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011

"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3011

"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3018

"NVIDIA Drivers" = NVIDIA Drivers

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Link to post
Share on other sites

Hi,

very happy to hear that you have managed to run gmer. I would like to see a scan. :)

Please download a fresh copy of gmer to run the scan:

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

Link to post
Share on other sites

Hi Myrti,

I tried to run GMER twice in normal mode and the computer crashed and restarted both times. Then I ran it in safe mode and it was fine. Please see the log below:

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-04-28 22:39:24

Windows 5.1.2600 Service Pack 2

Running: 82gfyibe.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\axryrpog.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF75BF87E]

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF75BFBFE]

---- Kernel code sections - GMER 1.0.15 ----

? SYMEFA.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat F69C8C8A

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@c!s!j!\30!\22!s!t!i!\30!t!y!f!\22!\24!\30!i! 71230

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Hi,

could you please run ComboFix next:

Please download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

Link to post
Share on other sites

Hi Myrti,

Please find the ComboFix log below:

---------------------------------------------------------------------------------------------------------------------------------------------

ComboFix 10-04-29.01 - Mr Dileto 30/04/2010 9:09.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1023.430 [GMT 1:00]

Running from: c:\documents and settings\Mr Dileto\Desktop\ComboFix.exe

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\recycler\S-1-5-21-3280019663-960141844-3905040108-500

c:\windows\system32\Cache

c:\windows\system32\images

c:\windows\system32\images\3models.gif

c:\windows\system32\images\but3_off.gif

c:\windows\system32\images\but3_on.gif

c:\windows\system32\images\main_bot.gif

c:\windows\system32\images\main_mid.gif

c:\windows\system32\images\main_top.gif

c:\windows\system32\images\model1.gif

c:\windows\system32\images\panel_bot.gif

c:\windows\system32\images\panel_top.gif

c:\windows\system32\images\pc.gif

c:\windows\system32\images\pcw_award_cover.gif

c:\windows\system32\images\pcwcover.gif

c:\windows\system32\images\Thumbs.db

c:\windows\system32\images\topoff.gif

c:\windows\system32\images\topon.gif

c:\windows\system32\images\webscreen.gif

c:\windows\system32\Thumbs.db

.

((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-30 )))))))))))))))))))))))))))))))

.

2010-04-30 06:50 . 2010-04-02 17:51 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100429.021\NAVENG.SYS

2010-04-30 06:50 . 2010-04-02 17:51 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100429.021\EECTRL.SYS

2010-04-30 06:50 . 2010-04-02 17:51 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100429.021\CCERASER.DLL

2010-04-30 06:50 . 2010-04-02 17:51 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100429.021\ECMSVR32.DLL

2010-04-30 06:50 . 2010-04-02 17:51 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100429.021\NAVENG32.DLL

2010-04-30 06:50 . 2010-04-02 17:51 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100429.021\NAVEX32A.DLL

2010-04-30 06:50 . 2010-04-02 17:51 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100429.021\NAVEX15.SYS

2010-04-30 06:50 . 2010-04-02 17:51 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100429.021\ERASER.SYS

2010-04-30 06:40 . 2010-02-01 19:20 165240 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll

2010-04-27 18:36 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSvix86.sys

2010-04-27 18:36 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSXpx86.sys

2010-04-27 18:36 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\Scxpx86.dll

2010-04-27 18:36 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSxpx86.dll

2010-04-27 18:36 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSviA64.sys

2010-04-26 21:02 . 2010-02-12 17:41 558448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll

2010-04-25 20:38 . 2010-04-25 20:38 47096 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-24 18:21 . 2010-04-24 18:21 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

2010-04-24 18:17 . 2010-04-24 18:17 -------- d-----w- c:\program files\Common Files\Java

2010-04-24 18:16 . 2010-04-24 18:16 411368 ---ha-w- c:\windows\system32\deployJava1.dll

2010-04-24 18:16 . 2010-04-24 18:16 -------- d-----w- c:\program files\Java

2010-04-24 18:08 . 2010-04-24 18:08 -------- d-----w- c:\windows\Sun

2010-04-24 18:08 . 2010-04-24 18:08 61440 ----a-w- c:\documents and settings\Mr Dileto\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7d0d3492-n\decora-sse.dll

2010-04-24 18:08 . 2010-04-24 18:08 503808 ----a-w- c:\documents and settings\Mr Dileto\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a262f0f-n\msvcp71.dll

2010-04-24 18:08 . 2010-04-24 18:08 499712 ----a-w- c:\documents and settings\Mr Dileto\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a262f0f-n\jmc.dll

2010-04-24 18:08 . 2010-04-24 18:08 348160 ----a-w- c:\documents and settings\Mr Dileto\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a262f0f-n\msvcr71.dll

2010-04-24 18:08 . 2010-04-24 18:08 12800 ----a-w- c:\documents and settings\Mr Dileto\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7d0d3492-n\decora-d3d.dll

2010-04-24 18:05 . 2010-04-24 18:05 -------- d-----w- c:\program files\Common Files\Adobe

2010-04-24 05:58 . 2010-04-24 05:58 -------- d-----w- c:\program files\Tiscali Browser

2010-04-24 05:21 . 2010-04-24 05:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sony Ericsson

2010-04-23 22:55 . 2010-04-23 22:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec

2010-04-23 22:53 . 2010-04-23 22:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2010-04-23 21:54 . 2010-04-23 21:54 -------- d-----w- c:\documents and settings\Mr Dileto\DoctorWeb

2010-04-23 19:37 . 2010-04-23 19:15 15880 ---ha-w- c:\windows\system32\lsdelete.exe

2010-04-23 19:16 . 2010-02-04 15:53 64288 ---ha-w- c:\windows\system32\drivers\Lbd.sys

2010-04-23 19:13 . 2010-04-23 19:13 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-04-23 19:13 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe

2010-04-23 19:12 . 2010-04-23 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-04-23 19:12 . 2010-04-23 19:13 -------- d-----w- c:\program files\Lavasoft

2010-04-23 15:31 . 2010-04-23 15:31 -------- d-----w- c:\program files\ESET

2010-04-23 15:10 . 2010-04-23 15:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-04-15 19:23 . 2010-04-15 19:23 0 ----a-w- c:\windows\nsreg.dat

2010-04-15 19:23 . 2010-04-15 19:23 -------- d-----w- c:\documents and settings\Mr Dileto\Local Settings\Application Data\Mozilla

2010-04-15 00:14 . 2010-04-15 00:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-04-15 00:13 . 2010-04-15 00:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-04-14 22:42 . 2010-04-14 22:43 -------- d-----w- c:\windows\7E7D778E121D4BBDBA29FAA81B9FBD8C.TMP

2010-04-14 21:02 . 2010-04-14 21:02 -------- d-----w- c:\documents and settings\Mr Dileto\Local Settings\Application Data\avG

2010-04-14 21:02 . 2010-04-14 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avG

2010-04-12 18:29 . 2010-04-12 18:29 552 ---ha-w- c:\windows\system32\d3d8caps.dat

2010-04-11 20:18 . 2010-04-11 20:18 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-04-07 22:09 . 2010-04-07 22:09 -------- d-----w- c:\documents and settings\Mr Dileto\Application Data\Safer Networking

2010-04-07 22:09 . 2010-04-07 22:11 -------- d-----w- c:\program files\Safer Networking

2010-04-06 21:57 . 2010-04-06 21:57 -------- d-----w- c:\documents and settings\Mr Dileto\Application Data\Malwarebytes

2010-04-06 21:57 . 2010-03-29 14:24 38224 ---ha-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-06 21:57 . 2010-04-06 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-04-06 21:57 . 2010-04-06 21:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-06 21:57 . 2010-03-29 14:24 20824 ---ha-w- c:\windows\system32\drivers\mbam.sys

2010-04-06 20:11 . 2010-04-19 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-04-06 20:11 . 2010-04-19 20:15 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-04-06 19:15 . 2010-04-06 21:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-04-06 19:15 . 2010-04-15 21:18 664 ---ha-w- c:\windows\system32\d3d9caps.dat

2010-04-06 19:15 . 2010-04-06 19:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-30 06:44 . 2010-04-25 22:37 601320 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2010-04-28 21:54 . 2008-11-06 20:53 69476 ----a-w- c:\windows\hpoins05.dat

2010-04-25 22:42 . 2008-11-06 19:34 47096 ----a-w- c:\documents and settings\Mr Dileto\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-25 21:34 . 2008-11-06 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-04-25 21:34 . 2008-11-06 23:05 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-04-25 08:09 . 2008-11-11 12:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-04-24 06:58 . 2009-12-19 12:18 -------- d-----w- c:\program files\QuickTime

2010-04-24 06:56 . 2005-11-24 16:10 -------- d-----w- c:\program files\Common Files\Real

2010-04-24 06:52 . 2008-12-21 17:15 -------- d-----w- c:\program files\DivX

2010-04-23 22:49 . 2008-10-29 11:47 61056 ---ha-w- c:\windows\system32\drivers\ohci1394.sys

2010-04-23 19:40 . 2004-08-03 22:59 95360 ---ha-w- c:\windows\system32\drivers\atapi.sys

2010-04-23 12:34 . 2009-05-06 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2010-04-23 12:33 . 2008-11-12 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2010-04-23 12:32 . 2008-12-10 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Tesco Photobook Creator

2010-04-19 19:42 . 2009-08-16 16:08 -------- d-----w- c:\program files\Nokia

2010-03-10 06:15 . 2005-09-09 22:38 420352 ---ha-w- c:\windows\system32\vbscript.dll

2010-03-04 19:07 . 2009-04-03 19:43 -------- d-----w- c:\program files\DigiGuide TV Guide

2010-02-25 06:24 . 2005-09-09 22:38 916480 ---ha-w- c:\windows\system32\wininet.dll

2010-02-24 12:31 . 2005-09-09 22:38 454016 ---ha-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-16 13:17 . 2004-08-03 23:18 2137088 ---ha-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 12:39 . 2004-08-03 22:59 2016768 ---ha-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:47 . 2005-09-09 22:38 100864 ---ha-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:01 . 2005-09-09 22:38 226880 ---ha-w- c:\windows\system32\drivers\tcpip6.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]

"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]

"nwiz"="nwiz.exe" [2008-05-03 1630208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"{1290A33C-85F5-4164-A1BE-7DD299D4986A}"="c:\program files\CyberLink\PowerBackup\PBKScheduler.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Alcmtr"=ALCMTR.EXE

"BJCFD"=c:\program files\BroadJump\Client Foundation\CFD.exe

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart

"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles

"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe"

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"

"SkyTel"=SkyTel.EXE

"snp2uvc"=c:\windows\vsnp2uvc.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23/04/2010 20:16 64288]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SymEFA.sys [28/01/2010 10:11 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029\BHDrvx86.sys [28/01/2010 10:11 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.029\cchpx86.sys [28/01/2010 10:10 482432]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSXpx86.sys [27/04/2010 19:36 329592]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [06/04/2010 22:57 303952]

R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [28/01/2010 10:10 117640]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/08/2009 09:00 102448]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/04/2010 22:57 20824]

S3 BGRaSvc;BGRaSvc; [x]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [26/12/2009 20:51 18560]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 16:52 1265264]

S3 MODBDA2;KWorld MOD3000 TV receiver;c:\windows\system32\drivers\modbda2.sys [12/11/2008 20:24 22272]

S3 MODLOAD2;DVB-T USB2.0 adapter firmware loader;c:\windows\system32\drivers\modload2.sys [12/11/2008 20:23 18304]

S3 MODRC;KWorld Infrared Receiver;c:\windows\system32\drivers\modrc.sys [12/11/2008 20:24 8960]

S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [25/11/2005 00:33 85888]

S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [25/11/2005 00:33 51840]

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.virginmedia.com/

mLocal Page = about:blank

mStart Page = about:blank

mWindow Title =

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Mr Dileto\Application Data\Mozilla\Firefox\Profiles\8fhp6hib.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.virginmedia.com/

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-30 09:16

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

.

Completion time: 2010-04-30 09:19:32

ComboFix-quarantined-files.txt 2010-04-30 08:19

Pre-Run: 368,490,921,984 bytes free

Post-Run: 368,512,245,760 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

[spybotsd]

timeout.old=30

- - End Of File - - ADCF89EE7188DC557CB017BE5B07B774

Link to post
Share on other sites

Hi,

could you please run maxlook next: Please download maxlook, saving the file to your desktop.

Double click maxlook.exe to run it. Note - you must run it only once!

As instructed when the tool runs, restart the computer and logon to the Recovery Console.

Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C

batch look.bat

lookXP.gif

You will see 1 file copied many times then return to the x:\windows> prompt.

Type Exit to restart your computer then logon in normal mode.

Once booted:

  • Click on start
  • select Run...
  • enter "%userprofile%\Desktop\maxlook.exe" -sig and hit enter
  • a blue window will open. Please make sure that you are connected to the internet while the blue window is open.
  • Once it is finished a log file will open. Please save that log and post the content in your next reply.

If you do not have the run-command in your Start menu:

Please right click on your taskbar, select Properties, select the Start Menu tab, click on Customize and tick the Display Run checkbox and click OK.

regards myrti

Link to post
Share on other sites

Dear Myrti,

As requested please find below the Max Look log file:

-----------------------------------------------------------------------------------------------------------------------------------------------

Run from C:\Documents and Settings\Mr Dileto\Desktop\maxlook.exe on 30/04/2010 at 16:20:05.90

--------- maxlook unsigned files ---------

No matching files were found.


--------- system32\drivers unsigned files ---------

c:\windows\system32\drivers\cdr4_xp.sys:
Verified: Unsigned
File date: 22:48 28/08/2006
Publisher: Sonic Solutions
Description: CDR4 CD and DVD Place Holder Driver (see PxHelp)
Product: Drag-to-Disc
Version: 8.0.0.212
File version: 8.0.0.212
c:\windows\system32\drivers\cdralw2k.sys:
Verified: Unsigned
File date: 22:48 28/08/2006
Publisher: Sonic Solutions
Description: CDRAL Place Holder Driver (see PxHelp)
Product: Drag-to-Disc
Version: 8.0.0.212
File version: 8.0.0.212
c:\windows\system32\drivers\modbda2.sys:
Verified: Unsigned
File date: 08:27 03/05/2005
Publisher: DiBcom SA
Description: DVB-T USB2.0 adapter BDA driver
Product: MOD3000 MB DVB-T USB2.0 adapter BDA driver
Version: 2.0.0.12
File version: 2.0.0.12
c:\windows\system32\drivers\modload2.sys:
Verified: Unsigned
File date: 08:52 02/05/2005
Publisher: DiBcom S.A
Description: DVB-T USB2.0 adapter firmware loader
Product: DVB-T USB2.0 adapter
Version: 2.0.0.12
File version: 2.0.0.12
c:\windows\system32\drivers\modrc.sys:
Verified: Unsigned
File date: 11:13 08/06/2005
Publisher: DiBcom S.A.
Description: HID Remote Control minidriver
Product: MODxxxx DVB-T USB2.0 Remote Control minidriver
Version: 1, 0, 2, 0
File version: 1, 0, 2, 0
c:\windows\system32\drivers\ohci1394.sys:
Verified: Unsigned
File date: 23:49 23/04/2010
Publisher: n/a
Description: n/a
Product: n/a
Version: n/a
File version: n/a
c:\windows\system32\drivers\pxhelp20.sys:
Verified: Unsigned
File date: 17:57 02/11/2006
Publisher: Sonic Solutions
Description: Px Engine Device Driver for Windows 2000/XP
Product: PxHelp20
Version: n/a
File version: 3.00.43J
c:\windows\system32\drivers\sonypvs1.sys:
Verified: Unsigned
File date: 14:46 30/10/2006
Publisher: Sony Corporation
Description: Sony Digital Imaging
Product:
Version: 1, 1, 1, 14
File version: 1, 1, 1, 14


Rogue configuration file = C:\WINDOWS\system32\config\default.sav


Rogue configuration file = C:\WINDOWS\system32\config\software.sav


Rogue configuration file = C:\WINDOWS\system32\config\system.sav

Link to post
Share on other sites

Hi,

this does not look like it worked. Could you please uninstall maxlook:

Please download maxlook.exe by noahdfear and save it onto your Desktop.

  • Then click on start
  • select Run...
  • enter "%userprofile%\Desktop\maxlook.exe" -cleanup and hit enter
  • a blue window will open. Please make sure that you are connected to the internet while the blue window is open.
  • Once it is finished a log file will open. Please save that log and post the content in your next reply.

If you do not have the run-command in your Start menu:

Please right click on your taskbar, select Properties, select the Start Menu tab, click on Customize and tick the Display Run checkbox and click OK.

Then try to run the previous instructions again. Did you see the "1 file(s) copied" as shown in the screenshot?

regards myrti

Link to post
Share on other sites

Hi Myrti,

I have followed you insructions again and yes many '1 file copied' apperaed at least 15 times.

The log is below but it seems the same again:

------------------------------------------------------------------------------------------------------------------------------------------

Run from C:\Documents and Settings\Mr Dileto\Desktop\maxlook.exe on 01/05/2010 at 12:56:32.62

--------- maxlook unsigned files ---------

No matching files were found.


--------- system32\drivers unsigned files ---------

c:\windows\system32\drivers\cdr4_xp.sys:
Verified: Unsigned
File date: 22:48 28/08/2006
Publisher: Sonic Solutions
Description: CDR4 CD and DVD Place Holder Driver (see PxHelp)
Product: Drag-to-Disc
Version: 8.0.0.212
File version: 8.0.0.212
c:\windows\system32\drivers\cdralw2k.sys:
Verified: Unsigned
File date: 22:48 28/08/2006
Publisher: Sonic Solutions
Description: CDRAL Place Holder Driver (see PxHelp)
Product: Drag-to-Disc
Version: 8.0.0.212
File version: 8.0.0.212
c:\windows\system32\drivers\modbda2.sys:
Verified: Unsigned
File date: 08:27 03/05/2005
Publisher: DiBcom SA
Description: DVB-T USB2.0 adapter BDA driver
Product: MOD3000 MB DVB-T USB2.0 adapter BDA driver
Version: 2.0.0.12
File version: 2.0.0.12
c:\windows\system32\drivers\modload2.sys:
Verified: Unsigned
File date: 08:52 02/05/2005
Publisher: DiBcom S.A
Description: DVB-T USB2.0 adapter firmware loader
Product: DVB-T USB2.0 adapter
Version: 2.0.0.12
File version: 2.0.0.12
c:\windows\system32\drivers\modrc.sys:
Verified: Unsigned
File date: 11:13 08/06/2005
Publisher: DiBcom S.A.
Description: HID Remote Control minidriver
Product: MODxxxx DVB-T USB2.0 Remote Control minidriver
Version: 1, 0, 2, 0
File version: 1, 0, 2, 0
c:\windows\system32\drivers\ohci1394.sys:
Verified: Unsigned
File date: 23:49 23/04/2010
Publisher: n/a
Description: n/a
Product: n/a
Version: n/a
File version: n/a
c:\windows\system32\drivers\pxhelp20.sys:
Verified: Unsigned
File date: 17:57 02/11/2006
Publisher: Sonic Solutions
Description: Px Engine Device Driver for Windows 2000/XP
Product: PxHelp20
Version: n/a
File version: 3.00.43J
c:\windows\system32\drivers\sonypvs1.sys:
Verified: Unsigned
File date: 14:46 30/10/2006
Publisher: Sony Corporation
Description: Sony Digital Imaging
Product:
Version: 1, 1, 1, 14
File version: 1, 1, 1, 14


Rogue configuration file = C:\WINDOWS\system32\config\default.sav


Rogue configuration file = C:\WINDOWS\system32\config\software.sav


Rogue configuration file = C:\WINDOWS\system32\config\system.sav

Link to post
Share on other sites

Hi,

please run the following script with ComboFix and let me know if that improves your PC:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

TDL::

c:\windows\system32\drivers\ohci1394.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Can you tell me in which file Norton found TidServ.inf?

regards myrti

Link to post
Share on other sites

Hi Myrti,

The information from Norton is confusing because once the scan has finshed and detected the problem which cannot be fixed, there is no reference in the history. In fact in Norton History there are no details in either 'Resolved Security Risks', 'Scan Results', 'Unresolved Security Risks' or 'Quarantine'. Does this mean Norton has been compromised in some way?

Previously 'Backdoor.Tidserv.l!inf' was listed at:

c:\recycler\s-l-5-21-4051791904-2798153970-1156491738-1007\dc41.sys

I cannot find any reference to this myself.

Please find Combofix log below:

-----------------------------------------------------------------------------------------------------------------------------------------------

ComboFix 10-04-29.01 - Mr Dileto 02/05/2010 11:17:00.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1023.478 [GMT 1:00]

Running from: c:\documents and settings\Mr Dileto\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Mr Dileto\Desktop\CFScript.txt

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((( Files Created from 2010-04-02 to 2010-05-02 )))))))))))))))))))))))))))))))

.

2010-05-02 07:37 . 2010-02-01 19:20 165240 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll

2010-05-01 22:50 . 2010-04-02 17:51 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100501.018\NAVENG.SYS

2010-05-01 22:50 . 2010-04-02 17:51 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100501.018\EECTRL.SYS

2010-05-01 22:50 . 2010-04-02 17:51 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100501.018\CCERASER.DLL

2010-05-01 22:50 . 2010-04-02 17:51 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100501.018\ECMSVR32.DLL

2010-05-01 22:50 . 2010-04-02 17:51 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100501.018\NAVENG32.DLL

2010-05-01 22:50 . 2010-04-02 17:51 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100501.018\NAVEX32A.DLL

2010-05-01 22:50 . 2010-04-02 17:51 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100501.018\NAVEX15.SYS

2010-05-01 22:50 . 2010-04-02 17:51 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100501.018\ERASER.SYS

2010-05-01 21:21 . 2010-05-01 21:21 755096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe

2010-05-01 11:47 . 2010-05-01 12:51 -------- d-----w- c:\windows\maxdriver

2010-04-30 15:20 . 2010-02-26 16:26 220024 ---ha-w- c:\windows\sigcheck.exe

2010-04-30 15:05 . 2010-05-01 11:47 1230 ---ha-w- c:\windows\look.bat

2010-04-30 08:24 . 2010-04-30 08:24 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-04-27 18:36 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSvix86.sys

2010-04-27 18:36 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSXpx86.sys

2010-04-27 18:36 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\Scxpx86.dll

2010-04-27 18:36 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSxpx86.dll

2010-04-27 18:36 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSviA64.sys

2010-04-26 21:02 . 2010-02-12 17:41 558448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll

2010-04-25 20:38 . 2010-04-25 20:38 47096 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-24 18:21 . 2010-04-24 18:21 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

2010-04-24 18:17 . 2010-04-24 18:17 -------- d-----w- c:\program files\Common Files\Java

2010-04-24 18:16 . 2010-04-24 18:16 411368 ---ha-w- c:\windows\system32\deployJava1.dll

2010-04-24 18:16 . 2010-04-24 18:16 -------- d-----w- c:\program files\Java

2010-04-24 18:08 . 2010-04-24 18:08 -------- d-----w- c:\windows\Sun

2010-04-24 18:08 . 2010-04-24 18:08 61440 ----a-w- c:\documents and settings\Mr Dileto\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7d0d3492-n\decora-sse.dll

2010-04-24 18:08 . 2010-04-24 18:08 503808 ----a-w- c:\documents and settings\Mr Dileto\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a262f0f-n\msvcp71.dll

2010-04-24 18:08 . 2010-04-24 18:08 499712 ----a-w- c:\documents and settings\Mr Dileto\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a262f0f-n\jmc.dll

2010-04-24 18:08 . 2010-04-24 18:08 348160 ----a-w- c:\documents and settings\Mr Dileto\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a262f0f-n\msvcr71.dll

2010-04-24 18:08 . 2010-04-24 18:08 12800 ----a-w- c:\documents and settings\Mr Dileto\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7d0d3492-n\decora-d3d.dll

2010-04-24 18:05 . 2010-04-24 18:05 -------- d-----w- c:\program files\Common Files\Adobe

2010-04-24 05:58 . 2010-04-24 05:58 -------- d-----w- c:\program files\Tiscali Browser

2010-04-24 05:21 . 2010-04-24 05:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sony Ericsson

2010-04-23 22:55 . 2010-04-23 22:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec

2010-04-23 22:53 . 2010-04-23 22:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2010-04-23 21:54 . 2010-04-23 21:54 -------- d-----w- c:\documents and settings\Mr Dileto\DoctorWeb

2010-04-23 19:37 . 2010-04-23 19:15 15880 ---ha-w- c:\windows\system32\lsdelete.exe

2010-04-23 19:16 . 2010-02-04 15:53 64288 ---ha-w- c:\windows\system32\drivers\Lbd.sys

2010-04-23 19:13 . 2010-04-23 19:13 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-04-23 19:13 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe

2010-04-23 19:12 . 2010-04-23 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-04-23 19:12 . 2010-04-23 19:13 -------- d-----w- c:\program files\Lavasoft

2010-04-23 15:31 . 2010-04-23 15:31 -------- d-----w- c:\program files\ESET

2010-04-23 15:10 . 2010-04-23 15:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-04-15 19:23 . 2010-04-15 19:23 0 ---ha-w- c:\windows\nsreg.dat

2010-04-15 19:23 . 2010-04-15 19:23 -------- d-----w- c:\documents and settings\Mr Dileto\Local Settings\Application Data\Mozilla

2010-04-15 00:14 . 2010-04-15 00:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-04-15 00:13 . 2010-04-15 00:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-04-14 22:42 . 2010-04-14 22:43 -------- d-----w- c:\windows\7E7D778E121D4BBDBA29FAA81B9FBD8C.TMP

2010-04-14 21:02 . 2010-04-14 21:02 -------- d-----w- c:\documents and settings\Mr Dileto\Local Settings\Application Data\avG

2010-04-14 21:02 . 2010-04-14 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avG

2010-04-12 18:29 . 2010-04-12 18:29 552 ---ha-w- c:\windows\system32\d3d8caps.dat

2010-04-11 20:18 . 2010-04-11 20:18 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-04-07 22:09 . 2010-04-07 22:09 -------- d-----w- c:\documents and settings\Mr Dileto\Application Data\Safer Networking

2010-04-07 22:09 . 2010-04-07 22:11 -------- d-----w- c:\program files\Safer Networking

2010-04-06 21:57 . 2010-04-06 21:57 -------- d-----w- c:\documents and settings\Mr Dileto\Application Data\Malwarebytes

2010-04-06 21:57 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-06 21:57 . 2010-04-06 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-04-06 21:57 . 2010-05-01 07:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-06 21:57 . 2010-03-29 14:24 20824 ---ha-w- c:\windows\system32\drivers\mbam.sys

2010-04-06 20:11 . 2010-04-19 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-04-06 20:11 . 2010-04-19 20:15 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-04-06 19:15 . 2010-04-06 21:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-04-06 19:15 . 2010-04-15 21:18 664 ---ha-w- c:\windows\system32\d3d9caps.dat

2010-04-06 19:15 . 2010-04-06 19:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-02 07:41 . 2010-04-25 22:37 601320 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2010-05-01 21:22 . 2010-04-23 19:15 566432 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll

2010-05-01 21:22 . 2010-04-23 19:15 893952 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe

2010-05-01 21:22 . 2010-04-23 19:15 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe

2010-05-01 21:22 . 2010-04-23 19:15 211600 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll

2010-05-01 21:22 . 2010-04-23 19:15 397480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll

2010-05-01 21:22 . 2010-04-23 19:15 574632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll

2010-05-01 18:57 . 2008-11-06 23:10 -------- d-----w- c:\documents and settings\Mr Dileto\Application Data\Symantec

2010-04-28 21:54 . 2008-11-06 20:53 69476 ---ha-w- c:\windows\hpoins05.dat

2010-04-25 22:42 . 2008-11-06 19:34 47096 ----a-w- c:\documents and settings\Mr Dileto\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-25 21:34 . 2008-11-06 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-04-25 21:34 . 2008-11-06 23:05 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-04-25 08:09 . 2008-11-11 12:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-04-24 06:58 . 2009-12-19 12:18 -------- d-----w- c:\program files\QuickTime

2010-04-24 06:56 . 2005-11-24 16:10 -------- d-----w- c:\program files\Common Files\Real

2010-04-24 06:52 . 2008-12-21 17:15 -------- d-----w- c:\program files\DivX

2010-04-23 22:49 . 2008-10-29 11:47 61056 ---ha-w- c:\windows\system32\drivers\ohci1394.sys

2010-04-23 19:40 . 2004-08-03 22:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys

2010-04-23 19:15 . 2010-04-23 19:15 95024 ---ha-w- c:\windows\system32\drivers\SBREDrv.sys

2010-04-23 19:15 . 2010-04-23 19:15 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys

2010-04-23 19:15 . 2010-04-23 19:15 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll

2010-04-23 19:15 . 2010-04-23 19:15 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll

2010-04-23 19:15 . 2010-04-23 19:15 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll

2010-04-23 19:15 . 2010-04-23 19:15 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll

2010-04-23 12:34 . 2009-05-06 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2010-04-23 12:33 . 2008-11-12 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2010-04-23 12:32 . 2008-12-10 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Tesco Photobook Creator

2010-04-19 19:42 . 2009-08-16 16:08 -------- d-----w- c:\program files\Nokia

2010-03-10 06:15 . 2005-09-09 22:38 420352 ---ha-w- c:\windows\system32\vbscript.dll

2010-03-04 19:07 . 2009-04-03 19:43 -------- d-----w- c:\program files\DigiGuide TV Guide

2010-02-25 06:24 . 2005-09-09 22:38 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 12:31 . 2005-09-09 22:38 454016 ---ha-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-16 13:17 . 2004-08-03 23:18 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 12:39 . 2004-08-03 22:59 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:47 . 2005-09-09 22:38 100864 ---ha-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:01 . 2005-09-09 22:38 226880 ---ha-w- c:\windows\system32\drivers\tcpip6.sys

.

((((((((((((((((((((((((((((( SnapShot@2010-04-30_08.16.51 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-05-02 07:38 . 2010-05-02 07:38 16384 c:\windows\Temp\Perflib_Perfdata_1f4.dat

- 2008-07-14 11:09 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe

+ 2008-07-14 11:09 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe

+ 2005-11-24 15:47 . 2010-05-01 21:22 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2005-11-24 15:47 . 2010-04-23 19:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2005-11-24 15:47 . 2010-05-01 21:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2005-11-24 15:47 . 2010-04-23 19:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2010-04-11 20:18 . 2010-04-23 19:49 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat

+ 2010-04-11 20:18 . 2010-05-01 21:22 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat

+ 2010-05-01 21:20 . 2010-05-01 21:22 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2005-11-24 15:47 . 2010-04-23 19:49 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2010-04-06 21:57 . 2010-04-29 14:39 38224 c:\windows\maxdriver\mbamswissarmy.sys

+ 2004-08-03 22:58 . 2004-08-03 22:58 24576 c:\windows\maxdriver\kbdclass.sys

+ 2005-09-09 22:38 . 2004-08-04 12:00 29056 c:\windows\maxdriver\ip6fw.sys

+ 2004-08-03 22:59 . 2010-04-23 19:40 95360 c:\windows\maxdriver\atapi.sys

+ 2005-09-09 22:38 . 2004-08-04 12:00 14336 c:\windows\maxdriver\asyncmac.sys

+ 2005-11-24 16:19 . 2004-08-03 23:07 42368 c:\windows\maxdriver\AGP440.SYS

+ 2001-08-17 13:57 . 2004-08-04 12:00 11648 c:\windows\maxdriver\acpiec.sys

+ 2009-12-21 19:09 . 2009-12-21 19:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll

+ 2009-12-22 00:57 . 2009-12-22 00:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe

+ 2009-12-21 19:02 . 2009-12-21 19:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll

+ 2009-12-21 22:21 . 2009-12-21 22:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe

+ 2009-12-21 22:37 . 2009-12-21 22:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe

+ 2009-12-21 17:39 . 2009-12-21 17:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe

+ 2009-12-21 17:27 . 2009-12-21 17:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll

+ 2009-12-21 17:27 . 2009-12-21 17:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll

+ 2005-09-09 22:38 . 2004-08-04 12:00 2944 c:\windows\maxdriver\null.sys

+ 2005-09-09 22:38 . 2004-08-04 12:00 4224 c:\windows\maxdriver\beep.sys

+ 2005-09-09 22:38 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll

- 2005-09-09 22:38 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll

+ 2005-11-24 15:42 . 2010-05-02 07:37 227343 c:\windows\system32\inetsrv\MetaBase.bin

- 2005-09-09 22:38 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll

+ 2005-09-09 22:38 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll

+ 2005-09-09 22:38 . 2008-06-20 10:45 360320 c:\windows\maxdriver\tcpip.sys

+ 2009-03-17 23:18 . 2009-08-20 17:27 124976 c:\windows\maxdriver\SYMEVENT.SYS

+ 2005-09-09 22:38 . 2007-02-09 11:10 574464 c:\windows\maxdriver\ntfs.sys

+ 2005-09-09 22:38 . 2004-08-04 12:00 182912 c:\windows\maxdriver\ndis.sys

+ 2008-10-29 11:53 . 2006-02-15 00:22 142464 c:\windows\maxdriver\aec.sys

+ 2009-12-21 17:35 . 2009-12-21 17:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll

+ 2009-12-21 19:05 . 2009-12-21 19:05 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlrShim.exe

+ 2009-12-21 17:34 . 2009-12-21 17:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll

+ 2009-11-09 18:18 . 2009-11-09 18:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll

+ 2009-12-21 19:02 . 2009-12-21 19:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe

+ 2009-12-21 17:43 . 2009-12-21 17:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll

+ 2009-12-22 00:57 . 2009-12-22 00:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe

+ 2009-12-21 17:15 . 2009-12-21 17:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll

+ 2009-12-21 18:32 . 2009-12-21 18:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe

+ 2009-12-21 18:15 . 2009-12-21 18:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe

+ 2010-05-01 09:53 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll

+ 2010-05-01 09:53 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe

+ 2010-05-01 09:53 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll

+ 2009-12-21 17:29 . 2009-12-21 17:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll

+ 2009-10-27 19:34 . 2009-10-27 19:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll

+ 2009-12-21 22:31 . 2009-12-21 22:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll

+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\521507.msp

+ 2009-12-21 22:21 . 2009-12-21 22:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]

"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]

"nwiz"="nwiz.exe" [2008-05-03 1630208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"{1290A33C-85F5-4164-A1BE-7DD299D4986A}"="c:\program files\CyberLink\PowerBackup\PBKScheduler.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Alcmtr"=ALCMTR.EXE

"BJCFD"=c:\program files\BroadJump\Client Foundation\CFD.exe

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart

"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles

"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe"

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"

"SkyTel"=SkyTel.EXE

"snp2uvc"=c:\windows\vsnp2uvc.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23/04/2010 20:16 64288]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SymEFA.sys [28/01/2010 10:11 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029\BHDrvx86.sys [28/01/2010 10:11 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.029\cchpx86.sys [28/01/2010 10:10 482432]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSXpx86.sys [27/04/2010 19:36 329592]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [06/04/2010 22:57 304464]

R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [28/01/2010 10:10 117640]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/08/2009 09:00 102448]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/04/2010 22:57 20824]

S3 BGRaSvc;BGRaSvc; [x]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [26/12/2009 20:51 18560]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 16:52 1285864]

S3 MODBDA2;KWorld MOD3000 TV receiver;c:\windows\system32\drivers\modbda2.sys [12/11/2008 20:24 22272]

S3 MODLOAD2;DVB-T USB2.0 adapter firmware loader;c:\windows\system32\drivers\modload2.sys [12/11/2008 20:23 18304]

S3 MODRC;KWorld Infrared Receiver;c:\windows\system32\drivers\modrc.sys [12/11/2008 20:24 8960]

S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [25/11/2005 00:33 85888]

S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [25/11/2005 00:33 51840]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.virginmedia.com/

mLocal Page = about:blank

mStart Page = about:blank

mWindow Title =

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Mr Dileto\Application Data\Mozilla\Firefox\Profiles\8fhp6hib.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.virginmedia.com/

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3956)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-05-02 11:27:26

ComboFix-quarantined-files.txt 2010-05-02 10:27

ComboFix2.txt 2010-04-30 08:19

Pre-Run: 368,626,925,568 bytes free

Post-Run: 368,583,901,184 bytes free

- - End Of File - - 0F00DB15737FACFE13BF0191E30A2CA1

Link to post
Share on other sites

Hi,

please run TFC to delete the temporary files and empty you trash bin:

Please download TFC by Old Timer and save it to your desktop.

alternate download link

  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

Let me know if norton continues to detect the infection.

regards myrti

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.