I've found a Backdoor.Tidserv.I! virus on my netbook. It started out as 3 cases, then 10, and this morning a norton scan revealed 22.
I've gone through the Malware/Spyware Cleaning guide. Posted below are my MBAM and OTL logs. I ran GMER as well, but it took almost 24 hours to complete the scan and the computer rebooted (overnight of course) when the scan completed. I can't find a log saved anywhere from it.
Any help would be greatly appreciated as I'm starting back at school tomorrow and will really need my netbook in top shape!
Thanks.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
07/05/2010 12:53:48 PM
mbam-log-2010-05-07 (12-53-48).txt
Scan type: Quick scan
Objects scanned: 125199
Time elapsed: 15 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-------------------------------------------------------
OTL logfile created on: 09/05/2010 10:03:58 AM - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Vicki Morrison\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
1,015.00 Mb Total Physical Memory | 366.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 13.04 Gb Free Space | 17.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: VICKI
Current User Name: Vicki Morrison
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/05/09 10:03:18 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vicki Morrison\My Documents\Downloads\OTL.exe
PRC - [2010/04/27 10:06:49 | 006,364,992 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2010/04/06 10:55:13 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/09 05:05:51 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccsvchst.exe
PRC - [2009/11/18 19:47:26 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2008/12/12 08:31:10 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/12/12 02:46:22 | 000,125,424 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
PRC - [2008/12/02 22:57:30 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/09/11 07:00:10 | 000,446,556 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\sttray.exe
PRC - [2008/09/11 07:00:10 | 000,446,556 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/09/11 07:00:10 | 000,237,650 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\WDM\stacsv.exe
PRC - [2008/08/02 18:38:03 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/05/29 12:49:50 | 001,085,440 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2008/05/20 14:26:36 | 000,835,584 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2008/04/15 00:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/31 17:27:04 | 000,118,784 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2007/10/11 19:03:10 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2007/03/16 04:23:20 | 000,983,040 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
========== Modules (SafeList) ==========
MOD - [2010/05/09 10:03:18 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vicki Morrison\My Documents\Downloads\OTL.exe
MOD - [2008/04/15 00:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010/04/27 10:06:49 | 006,364,992 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV - [2010/01/04 14:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/12/09 05:05:51 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe -- (NAV)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008/12/12 02:46:22 | 000,125,424 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2008/09/11 07:00:10 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2006/12/14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
========== Driver Services (SafeList) ==========
DRV - [2010/04/29 13:44:04 | 000,537,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\BASHDefs\20100429.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/04/27 10:06:50 | 000,054,920 | ---- | M] (Prevx) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pxrts.sys -- (pxrts)
DRV - [2010/04/27 10:06:50 | 000,030,320 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2010/04/27 10:06:49 | 000,024,400 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pxkbf.sys -- (pxkbf)
DRV - [2010/04/20 23:17:31 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2010/02/03 20:00:05 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100508.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/03 20:00:04 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100508.019\NAVENG.SYS -- (NAVENG)
DRV - [2009/12/09 05:06:51 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1105000.07F\ccHPx86.sys -- (ccHP)
DRV - [2009/12/03 02:08:32 | 000,325,168 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1105000.07F\SRTSP.SYS -- (SRTSP)
DRV - [2009/12/03 02:08:32 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1105000.07F\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/11/26 02:41:48 | 000,172,592 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1105000.07F\SYMEFA.SYS -- (SymEFA)
DRV - [2009/11/26 02:41:22 | 000,116,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1105000.07F\Ironx86.SYS -- (SymIRON)
DRV - [2009/11/21 20:43:48 | 000,362,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1105000.07F\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/11/20 18:50:24 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/11/20 02:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/11/20 02:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/11/11 11:44:50 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasenum.sys -- (SASENUM)
DRV - [2009/11/11 11:44:48 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/11 11:44:46 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/11/05 18:06:13 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1105000.07F\SYMDS.SYS -- (SymDS)
DRV - [2009/10/28 18:37:22 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\IPSDefs\20100505.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2009/03/05 02:35:56 | 001,294,200 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/12/11 05:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SaibVd32.sys -- (SaibVd32)
DRV - [2008/12/11 05:00:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SahdIa32.sys -- (SahdIa32)
DRV - [2008/12/11 05:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SaibIa32.sys -- (SaibIa32)
DRV - [2008/12/04 18:55:14 | 000,204,976 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/12/02 22:57:32 | 000,112,128 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/09/25 02:09:40 | 000,103,792 | ---- | M] (Sonic Solutions) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\syscow32x.sys -- (SysCow)
DRV - [2008/09/11 07:00:10 | 001,390,323 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/06/27 14:02:00 | 000,289,024 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/04/15 00:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 11:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 11:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2008/04/14 00:10:28 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008/02/15 10:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/04/24 12:33:46 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/24 12:33:46 | 000,098,696 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125obex.sys -- (s125obex)
DRV - [2007/04/24 12:33:44 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007/04/24 12:33:42 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007/04/24 12:33:34 | 000,083,336 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)
DRV - [2001/08/18 01:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 01:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 01:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 01:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 01:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/18 00:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 00:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 00:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 00:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 00:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 00:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 00:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 00:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 00:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 00:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {c1b73280-1b40-4d1a-921d-11c56d7670f7}:1.300.244
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..keyword.URL: "http://ca.search.yah...-caam&slv8-&p="
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\IPSFFPlgn\ [2009/11/20 18:52:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/07 09:55:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/06 10:55:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010/01/25 17:49:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2010/01/25 17:49:06 | 000,000,000 | ---D | M]
[2009/07/02 18:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\Mozilla\Extensions
[2009/07/02 18:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\Mozilla\Extensions\[email protected]
[2010/05/09 10:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\Mozilla\Firefox\Profiles\74xb8c1m.default\extensions
[2009/09/02 09:26:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Vicki Morrison\Application Data\Mozilla\Firefox\Profiles\74xb8c1m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/13 23:32:11 | 000,000,000 | ---D | M] (AIR MILES TOOLBAR) -- C:\Documents and Settings\Vicki Morrison\Application Data\Mozilla\Firefox\Profiles\74xb8c1m.default\extensions\{c1b73280-1b40-4d1a-921d-11c56d7670f7}
[2009/05/14 00:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\Mozilla\Sunbird\Profiles\s632wlod.default\extensions
[2009/05/14 00:05:04 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Vicki Morrison\Application Data\Mozilla\Firefox\Profiles\74xb8c1m.default\searchplugins\ask.xml
[2009/05/13 23:32:27 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\Vicki Morrison\Application Data\Mozilla\Firefox\Profiles\74xb8c1m.default\searchplugins\search-the-web.xml
[2009/11/20 21:14:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/05/28 16:56:17 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
[2009/03/03 10:51:42 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
O1 HOSTS File: ([2008/04/15 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SafeOnline BHO) - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll (Prevx)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} http://pogo.oberon-m...eb.1.0.0.10.cab (CPlayFirstzenerchiControl Object)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} http://pogo.oberon-m...sh.1.0.0.47.cab (CPlayFirstWeddingDashControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Tempest.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Tempest.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3da8de2a-40af-11de-815a-00248161045b}\Shell - "" = AutoRun
O33 - MountPoints2\{3da8de2a-40af-11de-815a-00248161045b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3da8de2a-40af-11de-815a-00248161045b}\Shell\AutoRun\command - "" = D:\start.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/03/05 01:52:01 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
========== Files/Folders - Created Within 90 Days ==========
[2010/05/09 04:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/07 12:37:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/07 12:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/20 23:17:31 | 000,110,304 | ---- | C] (Protect Software GmbH) -- C:\WINDOWS\System32\drivers\ACEDRV09.sys
[2010/04/20 20:09:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Shared
[2010/04/20 20:06:11 | 001,089,536 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\ROBOEX32.DLL
[2010/04/20 20:06:11 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\INETWH32.dll
[2010/04/20 20:06:10 | 000,085,504 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\HtmlWH.dll
[2010/04/20 17:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/20 17:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/08 02:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki Morrison\My Documents\itunes ready videos
[2010/04/08 02:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki Morrison\Local Settings\Application Data\Geckofx
[2010/04/08 02:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/04/08 02:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\Red Kawa
[2010/04/06 23:43:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MAGIX
[2010/04/06 23:43:02 | 000,700,416 | ---- | C] (MAGIX AG) -- C:\WINDOWS\System32\mgxoschk.dll
[2010/04/06 23:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Magix Shared
[2010/04/06 23:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki Morrison\My Documents\MAGIX downloads
[2010/04/06 23:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki Morrison\My Documents\MAGIX_Music_Maker_16
[2010/04/06 23:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki Morrison\Application Data\MAGIX
[2010/04/06 23:17:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki Morrison\My Documents\MAGIX_Screenshare
[2010/04/06 23:15:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\MAGIX_Speed2_burnR_mxcdr_MSI
[2010/04/06 23:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2010/04/06 23:14:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010/04/06 23:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2010/04/05 13:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki Morrison\My Documents\Italy Program
[2010/02/25 00:27:57 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\WINDOWS\System32\tm20dec.ax
[2010/02/25 00:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Auralog
[2010/02/21 01:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki Morrison\My Documents\Any Video Converter
[2010/02/21 01:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki Morrison\Application Data\AnvSoft
[2010/02/21 01:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki Morrison\Application Data\AVS4YOU
[2010/02/21 01:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/02/21 01:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/02/21 01:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/02/09 17:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki Morrison\My Documents\Cakes and Catering
[2 C:\Documents and Settings\Vicki Morrison\*.tmp files -> C:\Documents and Settings\Vicki Morrison\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/05/09 10:08:30 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
[2010/05/09 09:56:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/09 09:56:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/09 09:56:10 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/07 12:21:28 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Vicki Morrison\NTUSER.DAT
[2010/05/07 12:21:28 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Vicki Morrison\ntuser.ini
[2010/05/06 09:51:26 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 10:06:51 | 000,060,928 | ---- | M] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll
[2010/04/27 10:06:50 | 000,054,920 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/04/27 10:06:50 | 000,030,320 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/04/27 10:06:49 | 000,024,400 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/04/27 10:06:38 | 000,000,171 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/04/23 09:39:54 | 000,551,806 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/23 09:39:54 | 000,462,426 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/23 09:39:54 | 000,079,956 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/20 23:44:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Sampler.INI
[2010/04/20 23:41:01 | 000,000,028 | ---- | M] () -- C:\WINDOWS\Robota.INI
[2010/04/20 23:40:58 | 000,000,411 | ---- | M] () -- C:\WINDOWS\BeatBox.INI
[2010/04/20 23:19:14 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\00000579.LCS
[2010/04/20 23:17:31 | 000,110,304 | ---- | M] (Protect Software GmbH) -- C:\WINDOWS\System32\drivers\ACEDRV09.sys
[2010/04/20 20:11:47 | 000,005,937 | ---- | M] () -- C:\WINDOWS\mgxoschk.ini
[2010/04/20 17:38:55 | 000,416,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/19 12:06:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/08 02:04:09 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Videora iPhone 3GS Converter.lnk
[2010/04/07 00:00:10 | 000,125,096 | ---- | M] () -- C:\Documents and Settings\Vicki Morrison\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/26 23:30:16 | 000,061,065 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\symtdiv.sys.ptx
[2010/03/26 23:30:16 | 000,057,737 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\symtdi.sys.ptx
[2010/03/26 23:30:15 | 000,045,570 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\symefa.sys.ptx
[2010/03/26 23:30:15 | 000,003,166 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\symnetv.cat.ptx
[2010/03/26 23:30:15 | 000,003,082 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\symnet.cat.ptx
[2010/03/26 23:30:15 | 000,000,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\symnetv.inf.ptx
[2010/03/26 23:30:15 | 000,000,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\symnet.inf.ptx
[2010/03/26 23:30:14 | 000,036,057 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtsp.sys.ptx
[2010/03/26 23:30:14 | 000,023,591 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\ironx86.sys.ptx
[2010/03/26 23:30:14 | 000,004,121 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtsp.cat.ptx
[2010/03/26 23:30:14 | 000,003,563 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtspx.cat.ptx
[2010/03/26 23:30:14 | 000,003,062 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\symefa.cat.ptx
[2010/03/26 23:30:14 | 000,001,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtspx.sys.ptx
[2010/03/26 23:30:14 | 000,000,349 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\symds.cat.ptx
[2010/03/26 23:30:14 | 000,000,178 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\symefa.inf.ptx
[2010/03/26 23:30:14 | 000,000,171 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtspx.inf.ptx
[2010/03/26 23:30:14 | 000,000,171 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtsp.inf.ptx
[2010/03/26 23:30:13 | 000,030,458 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\cchpx86.sys.ptx
[2010/03/26 23:30:13 | 000,004,209 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\iron.cat.ptx
[2010/03/26 23:30:13 | 000,000,173 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\iron.inf.ptx
[2010/03/26 23:30:12 | 000,001,473 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\cchpx86.cat.ptx
[2010/03/26 23:30:12 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\cchpx86.inf.ptx
[2010/03/26 21:15:54 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\isolate.ini
[2010/03/25 19:26:16 | 000,000,654 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/25 00:28:22 | 000,000,011 | ---- | M] () -- C:\trace.ini
[2010/02/25 00:27:48 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Vicki Morrison\Desktop\Windows Media Player.lnk
[2010/02/25 00:27:38 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/25 00:27:38 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/25 00:26:16 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Talk to Me 7.0.lnk
[2010/02/14 13:20:14 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\Vicki Morrison\.recently-used.xbel
[2010/02/12 12:03:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/10 12:02:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/09 23:48:53 | 000,069,508 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2 C:\Documents and Settings\Vicki Morrison\*.tmp files -> C:\Documents and Settings\Vicki Morrison\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/04/20 23:41:01 | 000,000,412 | ---- | C] () -- C:\WINDOWS\Sampler.INI
[2010/04/20 23:41:01 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2010/04/20 23:40:58 | 000,000,411 | ---- | C] () -- C:\WINDOWS\BeatBox.INI
[2010/04/20 23:17:36 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\00000579.LCS
[2010/04/20 20:11:47 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2010/04/20 19:40:41 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2010/04/08 02:04:09 | 000,001,855 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Videora iPhone 3GS Converter.lnk
[2010/02/25 00:27:14 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010/02/25 00:27:14 | 000,005,672 | ---- | C] () -- C:\WINDOWS\System32\quartz.vxd
[2010/02/25 00:26:21 | 000,000,011 | ---- | C] () -- C:\trace.ini
[2010/02/25 00:26:16 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Talk to Me 7.0.lnk
[2010/02/14 13:20:14 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\Vicki Morrison\.recently-used.xbel
[2010/02/09 23:48:53 | 000,069,508 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/19 14:22:04 | 000,000,171 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/11 19:13:12 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/08/11 19:13:12 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/08/11 19:12:56 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/08/11 19:12:56 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/08/11 19:11:23 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/08/11 19:11:16 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/08/11 19:04:40 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/05/15 17:57:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/05/15 01:12:10 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/14 21:51:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/05 02:45:26 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/03/05 02:22:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/06/24 13:48:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/04/27 09:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2005/10/14 05:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 05:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 05:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 05:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 05:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2009/12/21 07:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2010/04/20 20:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010/04/06 23:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Magix Shared
[2009/11/20 18:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/10/22 00:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/05/28 16:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/05/08 09:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2009/08/11 19:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/01/19 19:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2009/10/22 00:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/05 02:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/03/05 02:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/05/28 23:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/05/30 15:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/01/25 18:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/14 17:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/02/21 01:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\AnvSoft
[2009/07/20 12:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\Audacity
[2010/04/08 07:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\BitTorrent
[2010/05/09 10:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\DNA
[2010/02/14 13:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\gtk-2.0
[2010/05/02 12:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\LimeWire
[2010/04/06 23:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\MAGIX
[2009/05/13 22:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\MigoMobile
[2009/10/22 00:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\PlayFirst
[2010/01/19 23:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\Teleca
[2009/03/05 02:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\TMP
[2009/05/27 17:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\WildTangent
[2010/05/09 10:08:30 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\BackOnTrack Instant Restore Idle.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/11/21 13:31:53 | 000,001,788 | ---- | M] () -- C:\avenger.txt
[2009/11/20 19:26:48 | 000,266,752 | RHS- | M] (Microsoft Corporation) -- C:\BCDEDIT.EXE
[2009/05/14 06:50:34 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2009/11/21 19:21:06 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/14 06:54:24 | 003,170,304 | RHS- | M] () -- C:\Boot.sdi
[2009/05/14 06:54:24 | 183,560,527 | RHS- | M] () -- C:\BootENU.wim
[2009/05/14 06:54:24 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2009/11/20 19:26:52 | 000,109,568 | RHS- | M] (Microsoft Corporation) -- C:\bootsect.exe
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2009/11/21 19:47:49 | 000,024,804 | ---- | M] () -- C:\ComboFix.txt
[2010/05/09 09:56:10 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/21 10:01:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/03/05 02:42:50 | 000,000,442 | -H-- | M] () -- C:\IPH.PH
[2010/05/07 12:37:21 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/11/21 10:01:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/15 00:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2008/04/15 00:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/09 09:56:08 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/02/12 18:54:02 | 000,019,764 | ---- | M] () -- C:\TDSSKiller.2.2.3_12.02.2010_17.53.59_log.txt
[2010/02/12 18:54:45 | 000,019,764 | ---- | M] () -- C:\TDSSKiller.2.2.3_12.02.2010_17.54.43_log.txt
[2010/02/25 00:28:22 | 000,000,011 | ---- | M] () -- C:\trace.ini
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008/06/24 06:05:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/06/24 06:05:34 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/06/24 06:05:32 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/20 23:17:31 | 000,110,304 | ---- | M] (Protect Software GmbH) -- C:\WINDOWS\system32\drivers\ACEDRV09.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/04/27 10:06:49 | 000,024,400 | ---- | M] (Prevx) -- C:\WINDOWS\system32\drivers\pxkbf.sys
[2010/04/27 10:06:50 | 000,054,920 | ---- | M] (Prevx) -- C:\WINDOWS\system32\drivers\pxrts.sys
[2010/04/27 10:06:50 | 000,030,320 | ---- | M] (Prevx) -- C:\WINDOWS\system32\drivers\pxscan.sys
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23
< End of report >