Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

i cant open ativirus sites or windows update

Started by MrMishu , May 08 2009 03:56 AM

  • Please log in to reply

#1
MrMishu
Posted 08 May 2009 - 03:56 AM

MrMishu

    New Member

  • Member
  • Pip
  • 2 posts
hi, i'm new here! my laptop dose not want to open any antivirus or spyware sites or windows update to update my system, i cant open your sites(forum) also and i cant install any spyware removal software, i tryed Spybot S&D and Malwarebytes. What can i do ? Please help me !

This is OTListIt2 log :

OTListIt logfile created on: 08.05.2009 13:32:19 - Run 2
OTListIt2 by OldTimer - Version 2.0.15.4 Folder = C:\Documents and Settings\Mikyduta\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 76,89% Memory free
3,85 Gb Paging File | 3,51 Gb Available in Paging File | 91,12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15,00 Gb Total Space | 5,87 Gb Free Space | 39,12% Space Free | Partition Type: NTFS
Drive D: | 96,78 Gb Total Space | 25,41 Gb Free Space | 26,25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 4,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 20,00 Gb Total Space | 10,04 Gb Free Space | 50,17% Space Free | Partition Type: NTFS
Drive H: | 91,78 Gb Total Space | 42,89 Gb Free Space | 46,73% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: MIKY
Current User Name: Mikyduta
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
PRC - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe ()
PRC - C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Mikyduta\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Norton Internet Security [Auto | Running]) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (Symantec Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (TestHandler [Auto | Running]) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (TOSHIBA Bluetooth Service [Auto | Running]) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (BHDrvx86 [System | Running]) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\BHDrvx86.sys (Symantec Corporation)
DRV - (ccHP [System | Running]) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\ccHPx86.sys (Symantec Corporation)
DRV - (dtscsi [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\dtscsi.sys ()
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IDSxpx86 [System | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys (Symantec Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (IrBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\IrBus.sys (Microsoft Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090506.054\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090506.054\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (nvsmu [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvsmu.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ROOTMODEM [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SIS163u [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\sis163u.sys (Silicon Integrated Systems Corp.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SRTSP [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEFA [Boot | Running]) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMIDS.SYS (Symantec Corporation)
DRV - (SymIM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SymIMMP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMTDI.SYS (Symantec Corporation)
DRV - (tosporte [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tosporte.sys (TOSHIBA Corporation)
DRV - (tosrfbd [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom [System | Running]) -- C:\WINDOWS\System32\Drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (Tosrfhid [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfnds [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (TosRfSnd [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (tosrfusb [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TVICHW32 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS (EnTech Taiwan)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)
O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1204033929905 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemreq.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://plugin.driver...driveragent.cab (Driver Agent ActiveX Control)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.08.25 01:25:52 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{025f6a73-535a-11db-af86-003005ff6bd0}\Shell - "" = AutoRun
O33 - MountPoints2\{025f6a73-535a-11db-af86-003005ff6bd0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{025f6a73-535a-11db-af86-003005ff6bd0}\Shell\AutoRun\command - "" = I:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{025f6a74-535a-11db-af86-003005ff6bd0}\Shell - "" = AutoRun
O33 - MountPoints2\{025f6a74-535a-11db-af86-003005ff6bd0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{025f6a74-535a-11db-af86-003005ff6bd0}\Shell\AutoRun\command - "" = I:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{0b5e3e00-210d-11dd-affd-003005ff6bd0}\Shell - "" = AutoRun
O33 - MountPoints2\{0b5e3e00-210d-11dd-affd-003005ff6bd0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0b5e3e00-210d-11dd-affd-003005ff6bd0}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\{123a348d-4fc6-11dd-b038-003005ff6bd0}\Shell - "" = AutoRun
O33 - MountPoints2\{123a348d-4fc6-11dd-b038-003005ff6bd0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{123a348d-4fc6-11dd-b038-003005ff6bd0}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{123a348f-4fc6-11dd-b038-003005ff6bd0}\Shell - "" = AutoRun
O33 - MountPoints2\{123a348f-4fc6-11dd-b038-003005ff6bd0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{123a348f-4fc6-11dd-b038-003005ff6bd0}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{6223aa84-37d7-11db-b047-003005ff6bd0}\Shell - "" = AutoRun
O33 - MountPoints2\{6223aa84-37d7-11db-b047-003005ff6bd0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6223aa84-37d7-11db-b047-003005ff6bd0}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{7926fa81-4e41-11db-af85-003005ff6bd0}\Shell - "" = AutoRun
O33 - MountPoints2\{7926fa81-4e41-11db-af85-003005ff6bd0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7926fa81-4e41-11db-af85-003005ff6bd0}\Shell\AutoRun\command - "" = I:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{9b79a0a4-5440-11dd-b03d-003005ff6bd0}\Shell - "" = AutoRun
O33 - MountPoints2\{9b79a0a4-5440-11dd-b03d-003005ff6bd0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9b79a0a4-5440-11dd-b03d-003005ff6bd0}\Shell\AutoRun\command - "" = I:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{9b79a0a5-5440-11dd-b03d-003005ff6bd0}\Shell - "" = AutoRun
O33 - MountPoints2\{9b79a0a5-5440-11dd-b03d-003005ff6bd0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9b79a0a5-5440-11dd-b03d-003005ff6bd0}\Shell\AutoRun\command - "" = I:\StartVMCLite.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[2009.05.08 13:31:55 | 00,502,272 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Mikyduta\Desktop\OTListIt2.exe
[2009.05.08 13:22:41 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009.05.07 17:35:21 | 00,617,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\Cat.DB
[2009.05.07 17:35:10 | 00,035,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009.05.07 17:35:07 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009.05.07 17:35:07 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009.05.07 17:35:07 | 00,010,635 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009.05.07 17:35:07 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009.05.07 17:35:07 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009.05.07 17:35:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009.05.07 17:35:01 | 00,001,993 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Norton Internet Security.lnk
[2009.05.07 17:35:00 | 00,362,544 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\ccHPx86.sys
[2009.05.07 17:35:00 | 00,309,296 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.sys
[2009.05.07 17:35:00 | 00,305,712 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.sys
[2009.05.07 17:35:00 | 00,254,512 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.sys
[2009.05.07 17:35:00 | 00,198,192 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symtdi.sys
[2009.05.07 17:35:00 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symfw.sys
[2009.05.07 17:35:00 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.sys
[2009.05.07 17:35:00 | 00,040,496 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symndisv.sys
[2009.05.07 17:35:00 | 00,037,424 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symndis.sys
[2009.05.07 17:35:00 | 00,034,608 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symids.sys
[2009.05.07 17:35:00 | 00,024,752 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symredrv.sys
[2009.05.07 17:35:00 | 00,012,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symdns.sys
[2009.05.07 17:34:47 | 00,003,375 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.inf
[2009.05.07 17:34:47 | 00,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\ccHPx86.inf
[2009.05.07 17:34:47 | 00,001,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymNet.inf
[2009.05.07 17:34:47 | 00,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.inf
[2009.05.07 17:34:47 | 00,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.inf
[2009.05.07 17:34:47 | 00,000,641 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.inf
[2009.05.07 17:34:47 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\isolate.ini
[2009.05.07 17:34:39 | 00,013,089 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymNet.cat
[2009.05.07 17:34:39 | 00,010,659 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.cat
[2009.05.07 17:34:39 | 00,010,621 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.cat
[2009.05.07 17:34:39 | 00,010,617 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.cat
[2009.05.07 17:34:39 | 00,010,613 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.CAT
[2009.05.07 17:34:39 | 00,010,609 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\ccHPx86.cat
[2009.05.07 17:34:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1000000.07D
[2009.05.07 17:34:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2009.05.07 17:34:37 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009.05.07 17:34:37 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009.05.07 17:34:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009.05.07 17:33:44 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009.05.07 17:33:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009.05.07 17:15:11 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009.05.07 17:15:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009.05.07 17:15:05 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009.05.07 17:14:47 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2009.05.06 23:15:00 | 00,006,160 | ---- | C] () -- C:\bootsqm.dat
[2009.05.06 12:18:02 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009.04.15 23:17:54 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009.04.15 23:17:54 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009.04.15 23:17:53 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009.04.15 23:17:53 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009.04.15 23:17:53 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009.04.15 23:17:53 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009.04.15 23:17:53 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009.04.15 23:17:53 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009.04.15 23:17:53 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009.04.15 23:17:33 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009.04.15 23:17:33 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009.04.15 23:17:33 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2008.11.06 19:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.11.06 19:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008.11.06 19:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008.11.06 19:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008.05.12 16:49:28 | 00,000,617 | ---- | C] () -- C:\WINDOWS\game1.INI
[2008.05.12 16:49:28 | 00,000,368 | ---- | C] () -- C:\WINDOWS\game5.INI
[2008.05.12 16:49:28 | 00,000,312 | ---- | C] () -- C:\WINDOWS\game4.ini
[2008.05.12 16:49:28 | 00,000,269 | ---- | C] () -- C:\WINDOWS\game2.ini
[2008.05.12 16:49:27 | 00,000,269 | ---- | C] () -- C:\WINDOWS\GAME3.INI
[2008.04.25 14:23:38 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\EvOnlDiag.dll
[2008.02.28 00:00:25 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.02.27 03:10:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.02.26 16:43:29 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2008.02.26 16:41:51 | 00,664,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.02.26 16:41:51 | 00,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd6285.sys
[2008.02.26 16:16:29 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007.04.01 00:21:25 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.04.01 00:21:25 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.04.01 00:21:24 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.04.01 00:21:23 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.04.01 00:21:23 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007.04.01 00:21:22 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006.12.05 14:05:06 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2006.08.25 01:25:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2005.07.22 22:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004.08.04 15:00:00 | 00,000,667 | ---- | C] () -- C:\WINDOWS\win.ini
[2004.08.04 15:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2002.08.18 17:32:04 | 00,499,712 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002.04.21 21:30:12 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002.04.02 01:16:28 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002.04.02 01:16:14 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002.04.02 01:15:40 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009.05.08 13:28:08 | 00,502,272 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Mikyduta\Desktop\OTListIt2.exe
[2009.05.08 13:19:39 | 00,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009.05.08 13:19:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.05.08 13:19:21 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Mikyduta\Local Settings\desktop.ini
[2009.05.08 13:19:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.05.07 17:35:26 | 00,617,392 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\Cat.DB
[2009.05.07 17:35:07 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009.05.07 17:35:07 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009.05.07 17:35:07 | 00,010,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009.05.07 17:35:07 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009.05.07 17:35:01 | 00,001,993 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Norton Internet Security.lnk
[2009.05.07 17:35:00 | 00,362,544 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\ccHPx86.sys
[2009.05.07 17:35:00 | 00,309,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.sys
[2009.05.07 17:35:00 | 00,305,712 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.sys
[2009.05.07 17:35:00 | 00,254,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.sys
[2009.05.07 17:35:00 | 00,198,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symtdi.sys
[2009.05.07 17:35:00 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symfw.sys
[2009.05.07 17:35:00 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.sys
[2009.05.07 17:35:00 | 00,040,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symndisv.sys
[2009.05.07 17:35:00 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symndis.sys
[2009.05.07 17:35:00 | 00,035,888 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009.05.07 17:35:00 | 00,034,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symids.sys
[2009.05.07 17:35:00 | 00,024,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symredrv.sys
[2009.05.07 17:35:00 | 00,012,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symdns.sys
[2009.05.07 17:34:47 | 00,003,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.inf
[2009.05.07 17:34:47 | 00,001,754 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\ccHPx86.inf
[2009.05.07 17:34:47 | 00,001,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymNet.inf
[2009.05.07 17:34:47 | 00,001,389 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.inf
[2009.05.07 17:34:47 | 00,001,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.inf
[2009.05.07 17:34:47 | 00,000,641 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.inf
[2009.05.07 17:34:47 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\isolate.ini
[2009.05.07 17:34:39 | 00,013,089 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymNet.cat
[2009.05.07 17:34:39 | 00,010,659 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.cat
[2009.05.07 17:34:39 | 00,010,621 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.cat
[2009.05.07 17:34:39 | 00,010,617 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.cat
[2009.05.07 17:34:39 | 00,010,613 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.CAT
[2009.05.07 17:34:39 | 00,010,609 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\ccHPx86.cat
[2009.05.07 17:20:33 | 00,134,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.05.07 17:15:38 | 00,507,902 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.05.07 17:15:38 | 00,433,424 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.05.07 17:15:38 | 00,067,962 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.05.06 23:15:00 | 00,006,160 | ---- | M] () -- C:\bootsqm.dat
[2009.05.05 19:23:08 | 00,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.04.15 23:44:23 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >

ROOTKIT log

Microsoft Windows XP Professional (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:15358 Mo/Free:1912 Mo)
D:\ [Fixed] - NTFS - (Total:99104 Mo/Free:1439 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:4412 Mo/Free:0 Mo)
G:\ [Fixed] - NTFS - (Total:20481 Mo/Free:2084 Mo)
H:\ [Fixed] - NTFS - (Total:93981 Mo/Free:2959 Mo)

08.05.2009|14:40

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
---------- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\WINDOWS\RTHDCPL.EXE
---------- C:\Program Files\DAEMON Tools\daemon.exe
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
---------- C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
---------- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
---------- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
---------- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
---------- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
---------- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
---------- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
---------- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!

HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS
HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS

----------------------\\ Registry

[HKEY_LOCAL_MACHINE\Software\TDSS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\tdssdata]


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\Mikyduta\Cookies\[email protected][2].txt
C:\DOCUME~1\Mikyduta\Local Settings\Temporary Internet Files\Content.IE5\HQRKNQCV\crack-shot-game[1].jpg


1 - "C:\Rooter$\Rooter_1.txt" - 08.05.2009|13:24
2 - "C:\Rooter$\Rooter_2.txt" - 08.05.2009|14:42

----------------------\\ Scan completed at 14:42

Edited by MrMishu, 08 May 2009 - 06:17 AM.

  • 0

Advertisements

#2
MrMishu
Posted 09 May 2009 - 03:40 AM

MrMishu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
thank you for your answers i resolved the problem by my own :)

It was TDSS trojan horse.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP