Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

need some help [Solved]


  • This topic is locked This topic is locked

#1
warcrimm

warcrimm

    New Member

  • Member
  • Pip
  • 9 posts
hi, i think i have a virus but im not 100% sure,i use alot of p2p files and suspect a keygan i have used maybe infecting my pc.i have norton 360 and mbam installed. i downloaded a keygan a while back and norton said it was safe.i rescanned it quite a few times and i got the same result. then after 2 months suddenly norton started flagging it as a trojan and removed it.i have the olt log here and have backed up my registry as of today.also i tied to run gmer but it takes up 100% of my pc usage and then hangs. i tried the scan again and left it overnight and it had finished scanning,but when i tried saving it and it just hung again.here is otl log and mbam log.thnx in advance :)


OTL logfile created on: 24/04/2010 12:23:24 PM - Run 5
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\sam\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 12.53 Gb Free Space | 8.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAM-3A465199155
Current User Name: sam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/02 04:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/30 00:46:02 | 001,086,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/03/23 05:03:14 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sam\Desktop\OTL.exe
PRC - [2010/02/26 09:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.1.0.32\ccsvchst.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/28 08:40:22 | 002,169,352 | ---- | M] (Xpertvision, Inc.) -- C:\Program Files\XpertVision\TBPANEL.exe


========== Modules (SafeList) ==========

MOD - [2010/03/27 09:52:36 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.1.0.32\asoehook.dll
MOD - [2010/03/23 05:03:14 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sam\Desktop\OTL.exe
MOD - [2009/07/12 18:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.1.0.32\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 18:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.1.0.32\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/04/14 10:11:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/03 10:10:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/27 05:18:48 | 002,519,044 | ---- | M] (NCH Software) [Disabled | Stopped] -- C:\Program Files\NCH Software\ExpressInvoice\expressinvoice.exe -- (ExpressInvoiceService)
SRV - [2010/02/26 15:14:04 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/02/26 09:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe -- (N360)
SRV - [2007/02/01 08:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.4
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..network.proxy.http: "132.239.17.224"
FF - prefs.js..network.proxy.http_port: 3127

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/04/19 09:43:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/04/19 09:43:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/11 14:16:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/14 15:01:35 | 000,000,000 | ---D | M]

[2010/01/28 14:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sam\Application Data\Mozilla\Extensions
[2010/04/23 12:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\r8vly4j1.default\extensions
[2010/04/18 01:30:53 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\r8vly4j1.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/01/28 14:52:49 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\r8vly4j1.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/01/31 15:44:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\r8vly4j1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/26 23:39:28 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\r8vly4j1.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010/04/18 01:30:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/04 10:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/04/02 02:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/02 02:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/02 02:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/02 02:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/03/03 10:36:38 | 000,001,216 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.1.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe (Xpertvision, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1264653959125 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\sam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\sam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/27 16:17:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{858b33e0-2be2-11df-b9d6-001837099bed}\Shell\AutoRun\command - "" = k1d.exe
O33 - MountPoints2\{858b33e0-2be2-11df-b9d6-001837099bed}\Shell\open\Command - "" = k1d.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/04/24 00:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sam\Desktop\gmer
[2010/04/23 23:59:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/23 23:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/23 23:48:28 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sam\Desktop\TFC.exe
[2010/04/23 19:20:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\sam\Recent
[2010/04/23 16:52:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\sam\IECompatCache
[2010/04/19 01:08:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/04/14 22:33:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sam\Desktop\nokia
[2010/04/14 22:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sam\Local Settings\Application Data\Nokia
[2010/04/14 22:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sam\Application Data\Nseries
[2010/04/14 22:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/04/14 22:08:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/14 22:07:59 | 000,137,344 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys
[2010/04/14 22:07:59 | 000,008,320 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys
[2010/04/14 22:07:59 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2010/04/14 22:07:58 | 000,022,528 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2010/04/14 22:07:58 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2010/04/14 22:07:57 | 000,662,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2010/04/14 22:07:57 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2010/04/14 22:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/04/14 21:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/04/14 21:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/14 21:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/04/14 21:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/04/14 21:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2010/04/14 21:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sam\Application Data\Nokia
[2010/04/14 21:13:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Globalization
[2010/04/14 21:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010/04/14 21:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010/04/14 21:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/04/14 21:12:26 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/04/14 21:12:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sam\Application Data\PC Suite
[2010/04/14 21:12:11 | 000,092,672 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2010/04/14 21:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010/04/14 21:11:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/04/05 08:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/02/17 14:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/17 14:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/27 16:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/27 16:17:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/27 16:17:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/04/24 12:20:46 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI
[2010/04/24 12:06:16 | 000,267,725 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/04/24 12:06:15 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2010/04/24 12:06:07 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/24 12:06:07 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/24 12:05:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/24 12:05:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/24 11:52:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/23 23:59:07 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\sam\Desktop\NTREGOPT.lnk
[2010/04/23 23:59:07 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\sam\Desktop\ERUNT.lnk
[2010/04/23 23:52:37 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\sam\NTUSER.DAT
[2010/04/23 23:48:42 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sam\Desktop\TFC.exe
[2010/04/23 20:43:10 | 000,000,435 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/23 19:36:27 | 032,495,170 | -H-- | M] () -- C:\Documents and Settings\sam\Local Settings\Application Data\IconCache.db
[2010/04/21 21:33:42 | 000,000,337 | ---- | M] () -- C:\Documents and Settings\sam\Application Data\default.rss
[2010/04/21 21:33:40 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/19 12:15:57 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/19 12:15:57 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2010/04/19 11:56:44 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/04/19 11:56:10 | 000,623,062 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\Cat.DB
[2010/04/19 10:15:34 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/04/19 10:15:14 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\expressinvoiceShakeIcon.job
[2010/04/19 09:40:14 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/04/19 09:40:14 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/04/19 09:40:14 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/04/19 09:40:14 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/04/19 08:30:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/15 16:35:33 | 000,026,448 | ---- | M] () -- C:\Documents and Settings\sam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/14 22:14:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010/04/14 22:14:05 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/04/14 22:10:33 | 002,206,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/14 22:07:15 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Software Updater.lnk
[2010/04/14 22:00:11 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010/04/14 22:00:06 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_05_00.Wdf
[2010/04/14 21:58:49 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/04/14 21:58:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
[2010/04/14 21:58:41 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/04/14 21:28:12 | 000,001,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Download!.lnk
[2010/04/14 21:15:25 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Nseries Video Manager.lnk
[2010/04/14 21:14:39 | 000,001,845 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Photos.lnk
[2010/04/14 21:13:24 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Nseries PC Suite.lnk
[2010/04/14 21:11:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/04/14 15:01:35 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2010/04/23 23:59:07 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\sam\Desktop\NTREGOPT.lnk
[2010/04/23 23:59:07 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\sam\Desktop\ERUNT.lnk
[2010/04/19 10:15:13 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\expressinvoiceShakeIcon.job
[2010/04/14 22:14:08 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010/04/14 22:14:05 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/04/14 22:00:11 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010/04/14 22:00:06 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_05_00.Wdf
[2010/04/14 21:58:49 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/04/14 21:58:42 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
[2010/04/14 21:58:41 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/04/14 21:28:51 | 000,001,855 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Software Updater.lnk
[2010/04/14 21:28:12 | 000,001,785 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Download!.lnk
[2010/04/14 21:15:25 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Nseries Video Manager.lnk
[2010/04/14 21:14:39 | 000,001,845 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Photos.lnk
[2010/04/14 21:13:24 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Nseries PC Suite.lnk
[2010/04/14 21:11:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/02/09 14:33:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/09 13:31:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\sam\Application Data\downloads.m3u
[2010/02/08 14:09:08 | 000,000,337 | ---- | C] () -- C:\Documents and Settings\sam\Application Data\default.rss
[2010/02/05 07:04:10 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/02 09:08:35 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/02/02 08:58:03 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/02/01 15:37:51 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2010/02/01 15:37:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/02/01 14:49:21 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/01/30 12:14:54 | 000,471,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/01/28 14:23:05 | 000,000,288 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/27 16:31:13 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2009/03/04 06:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2007/11/28 17:14:12 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/12/07 11:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

========== LOP Check ==========

[2010/02/02 08:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/02/01 15:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/04/14 22:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/03/11 09:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/04/14 22:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/04/14 21:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/02/09 03:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Readon
[2010/02/01 14:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/04/23 18:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sam\Application Data\BitTorrent
[2010/02/10 18:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sam\Application Data\Canon
[2010/01/28 15:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sam\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/02 09:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sam\Application Data\DAEMON Tools Lite
[2010/02/17 17:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sam\Application Data\DNA
[2010/02/01 15:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sam\Application Data\Epson
[2010/03/11 09:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sam\Application Data\IObit
[2010/02/20 13:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sam\Application Data\JonDo
[2010/01/28 18:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sam\Application Data\Leadertech
[2010/04/14 21:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sam\Application Data\Nokia
[2010/04/14 22:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sam\Application Data\Nseries
[2010/01/30 06:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sam\Application Data\OpenOffice.org
[2010/04/14 22:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sam\Application Data\PC Suite
[2010/01/31 15:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sam\Application Data\SystemRequirementsLab
[2010/03/09 12:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sam\Application Data\Uniblue
[2010/04/24 12:06:15 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\AWC AutoSweep.job
[2010/02/27 05:19:01 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\expressinvoiceSevenDaysInit.job
[2010/04/19 10:15:14 | 000,000,300 | ---- | M] () -- C:\WINDOWS\Tasks\expressinvoiceShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/13 00:06:15 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/01/28 02:09:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/01/28 02:09:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 04:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 04:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/13 00:06:15 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/01/28 02:09:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/01/28 02:09:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 04:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 04:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/12 23:55:51 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 10:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 10:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/12 23:57:17 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2004/08/13 00:11:50 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 10:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 10:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/07 04:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/07 04:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/13 00:02:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/13 00:04:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 10:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 10:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/02/02 08:58:03 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2010/01/27 08:05:51 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/01/27 08:05:51 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/01/27 08:05:51 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/02/26 13:32:44 | 000,018,176 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys
[2010/02/26 13:32:44 | 000,022,528 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys
[2010/01/27 16:40:23 | 000,026,600 | R--- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 23:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/26 13:21:22 | 000,137,344 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys
[2010/02/26 13:21:22 | 000,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
[2010/02/02 08:58:03 | 000,691,696 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys
[2010/04/19 09:40:14 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
[2010/02/11 22:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2010/02/26 13:32:46 | 000,008,192 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
[2010/02/26 13:32:58 | 000,008,192 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
< End of report >


and here is mbam log

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4021

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24/04/2010 12:25:05 PM
mbam-log-2010-04-24 (12-25-05).txt

Scan type: Quick scan
Objects scanned: 100917
Time elapsed: 3 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements


#2
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi warcrimm,

Welcome to Geeks To Go!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.
I'm currently looking at your logs, I'll get back to you shortly.
  • 0

#3
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi,

STEP 1 - OTL Fix

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :OTL
    O33 - MountPoints2\{858b33e0-2be2-11df-b9d6-001837099bed}\Shell\AutoRun\command - "" = k1d.exe
    O33 - MountPoints2\{858b33e0-2be2-11df-b9d6-001837099bed}\Shell\open\Command - "" = k1d.exe
    [2010/04/14 22:14:08 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
    [2010/04/14 22:14:05 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    [2010/04/14 22:00:11 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_PCCSWpdDriver_01_05_00.Wdf
    [2010/04/14 22:00:06 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_05_00.Wdf
    [2010/04/14 21:58:49 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
    [2010/04/14 21:58:42 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
    [2010/04/14 21:58:41 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    [2010/04/14 21:11:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
    [2005/12/07 11:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM''s database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • Kaspersky Log

  • 0

#4
warcrimm

warcrimm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
hi mpascal and thank you for a quick responce.ii have done what you requested and here are the logs.btw nothing was found on either scans.i would like to point out also, in my previous post i couldnt run gamer. i have managed to run it since then and have a log,(this was done before i followed your steps)so if u want me to post it just let me know.thank you

Attached File  kasreport.txt..txt   842bytes   123 downloads
Attached File  mbam_log_2010_04_25__09_35_22_.txt   895bytes   105 downloads
  • 0

#5
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Sure, post the GMER log here. No need to attach it, just post it in the thread.
  • 0

#6
warcrimm

warcrimm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ok here it is.just remember that it was done before i took any of those steps you described :)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-25 08:11:12
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\sam\LOCALS~1\Temp\agaoipog.sys


---- System - GMER 1.0.15 ----

SSDT 89DED050 ZwAlertResumeThread
SSDT 89D25050 ZwAlertThread
SSDT 89CEE488 ZwAllocateVirtualMemory
SSDT 89D00050 ZwAssignProcessToJobObject
SSDT 8A2EA460 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB440A210]
SSDT 89B4E978 ZwCreateMutant
SSDT 89B4E460 ZwCreateSymbolicLinkObject
SSDT 89C4C4C0 ZwCreateThread
SSDT 8A347050 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB440A490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB440A9F0]
SSDT 89CF03F8 ZwDuplicateObject
SSDT spdg.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spdg.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT 89CE64C8 ZwFreeVirtualMemory
SSDT 89D7C050 ZwImpersonateAnonymousToken
SSDT 89D93050 ZwImpersonateThread
SSDT 8A33A850 ZwLoadDriver
SSDT 89CE63E8 ZwMapViewOfSection
SSDT 89DF8050 ZwOpenEvent
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwOpenKey [0xB440A7A0]
SSDT 89CF0598 ZwOpenProcess
SSDT 89DBB050 ZwOpenProcessToken
SSDT 8A2BB050 ZwOpenSection
SSDT 89CF04C8 ZwOpenThread
SSDT 89B4E530 ZwProtectVirtualMemory
SSDT spdg.sys ZwQueryKey [0xB7ECE20A]
SSDT spdg.sys ZwQueryValueKey [0xB7ECE08A]
SSDT 89D71050 ZwResumeThread
SSDT 89D07050 ZwSetContextThread
SSDT 89B4C488 ZwSetInformationProcess
SSDT 89DA4050 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB440AC40]
SSDT 8A361050 ZwSuspendProcess
SSDT 89D57050 ZwSuspendThread
SSDT 89D0D050 ZwTerminateProcess
SSDT 8A383050 ZwTerminateThread
SSDT 89DAB050 ZwUnmapViewOfSection
SSDT 89CE6598 ZwWriteVirtualMemory

INT 0x63 ? 8A3E9F00
INT 0x83 ? 8A613BF8
INT 0x83 ? 8A613BF8
INT 0x83 ? 8A3E9F00
INT 0x83 ? 8A613BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504518 4 Bytes JMP 110ECED1
.text ntkrnlpa.exe!ZwCallbackReturn + 2D80 8050461C 4 Bytes CALL 9CDA1484
? spdg.sys The system cannot find the file specified. !
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B795C8AC 5 Bytes JMP 8A3E94E0
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6F0C380, 0x550AF5, 0xE8000020]
.text apm8e6a4.SYS B6EBF386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text apm8e6a4.SYS B6EBF3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text apm8e6a4.SYS B6EBF3C4 3 Bytes [00, 80, 02]
.text apm8e6a4.SYS B6EBF3C9 1 Byte [30]
.text apm8e6a4.SYS B6EBF3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A6121F8

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbohci \Device\USBPDO-0 8A445500
Device \Driver\usbehci \Device\USBPDO-1 8A30E1F8

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5A31F8
Device \Driver\Cdrom \Device\CdRom0 8A3A0500
Device \Driver\Cdrom \Device\CdRom1 8A3A0500
Device \Driver\atapi \Device\Ide\IdePort0 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 89DEF1F8
Device \Driver\NetBT \Device\NetbiosSmb 89DEF1F8
Device \Driver\PCI_PNP6454 \Device\0000004e spdg.sys

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbohci \Device\USBFDO-0 8A445500
Device \Driver\sptd \Device\1911327704 spdg.sys
Device \Driver\usbehci \Device\USBFDO-1 8A30E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A1E6500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A1E6500
Device \Driver\Ftdisk \Device\FtControl 8A5A31F8
Device \Driver\apm8e6a4 \Device\Scsi\apm8e6a41 8A27B1F8
Device \Driver\apm8e6a4 \Device\Scsi\apm8e6a41Port4Path0Target0Lun0 8A27B1F8
Device \FileSystem\Cdfs \Cdfs 88F7E1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBF 0x13 0xA3 0x87 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDF 0x52 0x29 0x74 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE8 0xFE 0x02 0x4C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBF 0x13 0xA3 0x87 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDF 0x52 0x29 0x74 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE8 0xFE 0x02 0x4C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBF 0x13 0xA3 0x87 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDF 0x52 0x29 0x74 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE8 0xFE 0x02 0x4C ...

---- EOF - GMER 1.0.15 ----
  • 0

#7
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi,

Please download ComboFix and save it to your Desktop.NOTE: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don''t know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post C:\Combo-Fix.txt in your next post.
**Note: Do not click the ComboFix window while it's running. That may cause it to stall**
  • 0

#8
warcrimm

warcrimm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
hi again,here is the log u asked for.just one thing i wana know,was my suspicion right or was my pc clean?

ComboFix 10-04-21.01 - sam 26/04/2010 2:42.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1611 [GMT 10:00]
Running from: c:\documents and settings\sam\Desktop\Combo-Fix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://liveupdate.symantec.com
hxxp://definitions.symantec.com
.
((((((((((((((((((((((((( Files Created from 2010-03-25 to 2010-04-25 )))))))))))))))))))))))))))))))
.

2010-04-25 01:31 . 2010-04-16 15:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100424.020\NAVENG.SYS
2010-04-25 01:31 . 2010-04-16 15:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100424.020\NAVENG32.DLL
2010-04-25 01:31 . 2010-04-16 15:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100424.020\NAVEX32A.DLL
2010-04-25 01:31 . 2010-04-16 15:00 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100424.020\NAVEX15.SYS
2010-04-25 01:31 . 2010-04-16 15:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100424.020\EECTRL.SYS
2010-04-25 01:31 . 2010-04-16 15:00 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100424.020\CCERASER.DLL
2010-04-25 01:31 . 2010-04-16 15:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100424.020\ECMSVR32.DLL
2010-04-25 01:31 . 2010-04-16 15:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100424.020\ERASER.SYS
2010-04-24 23:20 . 2010-04-24 23:20 -------- d-----w- C:\_OTL
2010-04-23 13:59 . 2010-04-23 13:59 -------- d-----w- c:\program files\ERUNT
2010-04-23 06:52 . 2010-04-23 06:52 -------- d-sh--w- c:\documents and settings\sam\IECompatCache
2010-04-19 00:33 . 2009-11-17 00:51 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100415.001\Scxpx86.dll
2010-04-19 00:33 . 2009-11-17 00:51 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100415.001\IDSxpx86.dll
2010-04-19 00:33 . 2009-11-17 00:51 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100415.001\IDSviA64.sys
2010-04-19 00:33 . 2009-11-17 00:51 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100415.001\IDSvix86.sys
2010-04-19 00:33 . 2009-11-17 00:51 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100415.001\IDSXpx86.sys
2010-04-18 23:43 . 2010-03-25 23:29 786800 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
2010-04-18 23:43 . 2009-11-17 00:51 164216 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
2010-04-18 23:40 . 2009-11-17 00:51 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\BinHub\IDSxpx86.sys
2010-04-18 23:40 . 2009-11-17 00:51 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20091105.001\IDSxpx86.sys
2010-04-18 23:40 . 2009-11-17 00:51 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\BinHub\IDSvia64.sys
2010-04-18 23:40 . 2009-11-17 00:51 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20091105.001\IDSVia64.sys
2010-04-18 23:40 . 2009-11-17 00:51 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\BinHub\IDSvix86.sys
2010-04-18 23:40 . 2009-11-17 00:51 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20091105.001\IDSVix86.sys
2010-04-18 23:40 . 2009-11-17 00:51 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\BinHub\scxpx86.dll
2010-04-18 23:40 . 2009-11-17 00:51 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20091105.001\Scxpx86.dll
2010-04-18 23:40 . 2009-12-08 02:21 1117040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\hsplayer.dll
2010-04-18 23:40 . 2009-11-17 00:51 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\BinHub\idsxpx86.dll
2010-04-18 23:40 . 2009-11-17 00:51 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20091105.001\IDSxpx86.dll
2010-04-18 23:39 . 2009-12-17 07:10 893296 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CLT\cltLMSx.dll
2010-04-17 15:53 . 2001-05-16 07:54 309616 ----a-w- c:\windows\system32\wmv8dmod.dll
2010-04-17 15:53 . 2001-05-11 03:18 420240 ----a-w- c:\windows\system32\mpg4c32.dll
2010-04-14 12:15 . 2010-04-14 12:15 -------- d-----w- c:\documents and settings\sam\Local Settings\Application Data\Nokia
2010-04-14 12:15 . 2010-04-14 12:24 -------- d-----w- c:\documents and settings\sam\Application Data\Nseries
2010-04-14 12:13 . 2008-11-07 08:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-04-14 12:08 . 2010-04-14 12:08 -------- d-----w- c:\program files\PC Connectivity Solution
2010-04-14 12:07 . 2010-02-26 03:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-04-14 12:07 . 2010-02-26 03:21 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2010-04-14 12:07 . 2010-02-26 03:21 137344 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2010-04-14 12:07 . 2010-02-26 03:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-04-14 12:07 . 2010-02-26 03:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-04-14 12:07 . 2010-02-26 03:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-04-14 12:07 . 2010-02-26 03:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-04-14 12:07 . 2010-02-26 03:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-04-14 11:14 . 2010-04-14 11:14 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-04-14 11:13 . 2010-04-14 11:37 -------- d-----w- c:\documents and settings\sam\Application Data\Nokia
2010-04-14 11:13 . 2010-04-14 11:15 -------- d-----w- c:\windows\Globalization
2010-04-14 11:13 . 2010-04-14 12:07 -------- d-----w- c:\program files\Common Files\Nokia
2010-04-14 11:12 . 2010-04-14 11:12 -------- d-----w- c:\program files\Common Files\PCSuite
2010-04-14 11:12 . 2010-04-14 11:12 -------- d-----w- c:\program files\DIFX
2010-04-14 11:12 . 2008-08-25 23:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-04-14 11:12 . 2010-04-14 12:24 -------- d-----w- c:\documents and settings\sam\Application Data\PC Suite
2010-04-14 11:12 . 2010-04-14 12:08 -------- d-----w- c:\program files\Nokia
2010-04-14 11:12 . 2010-02-26 03:32 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-04-14 11:11 . 2010-04-24 23:20 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-04-05 01:36 . 2010-04-05 01:36 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-04 22:44 . 2010-04-04 22:45 -------- d-----w- c:\program files\QuickTime
2010-04-04 22:44 . 2010-04-04 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-04 22:30 . 2010-04-04 22:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-03-29 14:16 . 2010-03-29 14:16 -------- d--h--w- c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 08:27 . 2010-01-28 04:28 -------- d-----w- c:\documents and settings\sam\Application Data\BitTorrent
2010-04-23 03:29 . 2010-01-30 05:57 -------- d-----w- c:\documents and settings\sam\Application Data\vlc
2010-04-23 00:03 . 2010-02-04 22:02 -------- d-----w- c:\documents and settings\sam\Application Data\dvdcss
2010-04-19 00:17 . 2010-01-28 03:49 -------- d-----w- c:\documents and settings\sam\Application Data\Skype
2010-04-19 00:16 . 2010-01-28 03:50 -------- d-----w- c:\documents and settings\sam\Application Data\skypePM
2010-04-18 23:42 . 2010-01-27 06:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-18 23:40 . 2010-01-27 06:40 -------- d-----w- c:\program files\Symantec
2010-04-18 23:40 . 2010-01-27 06:40 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-18 23:40 . 2010-01-27 06:40 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-18 23:40 . 2010-01-27 06:40 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-18 23:40 . 2010-01-27 06:40 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-18 04:01 . 2010-01-28 02:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-15 06:35 . 2010-01-27 06:21 26448 ----a-w- c:\documents and settings\sam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-14 15:13 . 2010-01-30 02:14 471664 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-14 12:06 . 2010-04-14 12:06 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4186FEBC-F0CC-4185-A406-24292BC9877A}\Installer\CommonCustomActions\msxml6Exec.exe
2010-04-14 12:06 . 2010-04-14 12:06 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4186FEBC-F0CC-4185-A406-24292BC9877A}\Installer\CommonCustomActions\Sleep.exe
2010-04-14 12:06 . 2010-04-14 12:06 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4186FEBC-F0CC-4185-A406-24292BC9877A}\Installer\CommonCustomActions\vcredistExec.exe
2010-04-14 12:06 . 2010-04-14 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-04-14 12:06 . 2010-04-14 12:06 35362608 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4186FEBC-F0CC-4185-A406-24292BC9877A}\NokiaSoftwareUpdaterSetup_2.4.8EN.exe
2010-04-14 12:04 . 2010-04-14 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2010-04-14 11:59 . 2010-04-14 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-04-14 11:28 . 2010-04-14 11:28 -------- d-----w- c:\program files\MSXML 6.0
2010-04-05 01:36 . 2010-03-20 04:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 14:46 . 2010-03-20 04:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 14:45 . 2010-03-20 04:33 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-24 20:38 . 2010-03-24 20:38 536112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
2010-03-24 20:38 . 2010-03-24 20:38 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHRules.dll
2010-03-24 20:38 . 2010-03-24 20:38 1407888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHEngine.dll
2010-03-24 20:38 . 2010-03-24 20:38 678960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx64.sys
2010-03-24 20:38 . 2010-03-24 20:38 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\bbRGen.dll
2010-03-20 04:34 . 2010-03-20 04:34 -------- d-----w- c:\documents and settings\sam\Application Data\Malwarebytes
2010-03-20 04:33 . 2010-03-20 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-13 00:35 . 2010-02-02 07:41 -------- d-----w- c:\program files\ACETON2.0
2010-03-12 07:02 . 2010-03-12 07:02 -------- d-----w- c:\program files\Recuva
2010-03-10 23:40 . 2010-01-28 03:16 -------- d-----w- c:\documents and settings\sam\Application Data\IObit
2010-03-10 23:30 . 2010-03-10 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-03-10 06:15 . 2004-08-12 14:08 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 02:09 . 2010-03-09 02:09 -------- d-----w- c:\documents and settings\sam\Application Data\Uniblue
2010-03-08 09:12 . 2010-02-02 01:47 -------- d-----w- c:\program files\RepInfo
2010-03-08 04:39 . 2010-01-29 20:11 1 ----a-w- c:\documents and settings\sam\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-08 03:25 . 2010-01-28 04:38 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-03 00:52 . 2010-03-03 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-03 00:16 . 2010-03-03 00:16 -------- d-----w- c:\program files\Adobe Media Player
2010-03-03 00:10 . 2010-03-03 00:10 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-02-25 07:23 . 2010-02-25 07:22 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-25 07:23 . 2010-02-25 07:23 -------- d-----w- c:\program files\AGEIA Technologies
2010-02-25 07:23 . 2010-02-25 07:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-25 07:23 . 2010-02-25 07:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-02-25 06:24 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-12 14:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2004-08-12 14:02 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-12 13:55 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-12 14:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-01 22:58 . 2010-02-01 22:58 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-31 05:56 . 2010-01-31 05:56 290816 ----a-w- c:\documents and settings\sam\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-01-31 05:56 . 2010-01-31 05:56 290816 ----a-w- c:\documents and settings\sam\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-01-31 05:56 . 2010-01-31 05:56 290816 ----a-w- c:\documents and settings\sam\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-01-31 05:56 . 2010-01-31 05:56 290816 ----a-w- c:\documents and settings\sam\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-01-30 02:14 . 2010-01-30 02:13 1956528 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-01-28 04:22 . 2010-01-28 04:09 249856 ------w- c:\windows\Setup1.exe
2010-01-28 04:22 . 2010-01-28 04:09 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-01-28 04:11 . 2010-01-28 04:11 0 ----a-w- c:\windows\nsreg.dat
2010-01-28 03:56 . 2010-01-28 03:56 503808 ----a-w- c:\documents and settings\sam\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-61f806f5-n\msvcp71.dll
2010-01-28 03:56 . 2010-01-28 03:56 499712 ----a-w- c:\documents and settings\sam\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-61f806f5-n\jmc.dll
2010-01-28 03:56 . 2010-01-28 03:56 348160 ----a-w- c:\documents and settings\sam\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-61f806f5-n\msvcr71.dll
2010-01-28 03:55 . 2010-01-28 03:55 61440 ----a-w- c:\documents and settings\sam\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5d875a78-n\decora-sse.dll
2010-01-28 03:55 . 2010-01-28 03:55 12800 ----a-w- c:\documents and settings\sam\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5d875a78-n\decora-d3d.dll
2010-01-28 03:50 . 2010-01-28 03:50 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-27 16:17 . 2010-01-27 06:16 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-27 06:40 . 2010-01-27 06:40 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-27 06:40 . 2010-01-27 06:40 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-01-27 06:15 . 2010-01-27 06:15 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="c:\program files\XpertVision\TBPanel.exe" [2007-11-27 2169352]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-04 18085888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^sam^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\sam\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-01-28 04:28 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 11:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FLEXnet Licensing Service"=3 (0x3)
"CCALib8"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"gupdate"=2 (0x2)
"ExpressInvoiceService"=3 (0x3)
"HotspotShieldService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port
"96:TCP"= 96:TCP:Express Invoice Web Server
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0401000.020\symds.sys [19/04/2010 10:33 AM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0401000.020\symefa.sys [19/04/2010 10:33 AM 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [25/03/2010 6:38 AM 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0401000.020\cchpx86.sys [19/04/2010 10:33 AM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.020\ironx86.sys [19/04/2010 10:33 AM 116784]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.1.0.32\ccsvchst.exe [19/04/2010 10:33 AM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/03/2010 6:25 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100415.001\IDSXpx86.sys [19/04/2010 10:33 AM 329592]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/02/2010 8:58 AM 691696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28/01/2010 12:27 PM 1684736]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [14/04/2010 10:07 PM 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [14/04/2010 10:07 PM 8320]
S4 ExpressInvoiceService;Express Invoice;c:\program files\NCH Software\ExpressInvoice\expressinvoice.exe [27/02/2010 5:18 AM 2519044]
.
Contents of the 'Scheduled Tasks' folder

2010-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-04-25 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-01-28 04:11]

2010-02-26 c:\windows\Tasks\expressinvoiceSevenDaysInit.job
- c:\program files\NCH Software\ExpressInvoice\expressinvoice.exe [2010-02-26 19:18]

2010-04-19 c:\windows\Tasks\expressinvoiceShakeIcon.job
- c:\program files\NCH Software\ExpressInvoice\expressinvoice.exe [2010-02-26 19:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\sam\Application Data\Mozilla\Firefox\Profiles\r8vly4j1.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-26 02:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.1.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-04-26 02:46:51
ComboFix-quarantined-files.txt 2010-04-25 16:46

Pre-Run: 13,304,008,704 bytes free
Post-Run: 13,374,656,512 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 82E7D2CC814C401AF085125259E7FDB1
  • 0

#9
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Your PC appear to be clean, are you having any other issues?
  • 0

#10
warcrimm

warcrimm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
you mean clean now or was it clean from the beginning? im not having any problems with it right now :).
  • 0

#11
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
We deleted a few things along the way, but everything looks good now.

Now that your system appears to be clean, I'll give you some instructions to remove the tools we have used and I'll offer some advice to help prevent future infection.

STEP 1 - Clear Restore Points

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [CLEARALLRESTOREPOINTS]
  • Then click the Run Fix button at the top.
STEP 2 - Uninstall ComboFix
  • Rename the Combo-Fix file on your desktop to Uninstall.
  • Double click on Uninstall to uninstall the program.
STEP 3 - Remove Tools

Run OTL
  • Click Clean Up in the upper right corner.
  • This will remove most if not all the tools we used while we were fixing your computer. Feel free to delete any others it leaves behind.
Now that you have a clean system, I would like to share with you some advice to help reduce the risk of future infection.

+++++++++++++++++++++++++++++++++++++++++++++++

I recommend that you install both of the following free programs if you haven''t already, as they can greatly increase the security of your system. It is not essential that you have these programs installed, but they do a very good job at preventing infection if your system is scanned regularly.+++++++++++++++++++++++++++++++++++++++++++++++

A good firewall is also useful for keeping a system infection free. You should only have ONE firewall installed on your computer - having more than one will not increase the security of your system. Here is a small list of some free firewalls if you don't already have one installed:An antivirus program is also a program that should be installed on all computers. These will help reduce the risk that your computer gets infected by viruses or trojans in the future. Keep in mind that you only need ONE antivirus program installed on your computer. If you have more than one installed, they can often conflict and leave your system unprotected. Here are a few free antivirus programs if you don't have one installed:Having up to date Antivirus and Firewall software is vital to keeping a healthy, infection free system

+++++++++++++++++++++++++++++++++++++++++++++++

I also suggest you take a look at Preventing Malware and Safe Computing, a guide by Rorschach112 which contains more great information about protecting your system.

To find out more information on how your system got infected, or how to protect yourself on the internet in the future, this article by Tony Klein provides some great information.

Good luck and safe surfing!

-mpascal
  • 0

#12
warcrimm

warcrimm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
thanx for your time and help,much appreciated :)
  • 0

#13
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP