Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Backdoor.Tidserv.I! virus


  • Please log in to reply

#1
Vickimorrison

Vickimorrison

    New Member

  • Member
  • Pip
  • 4 posts
Hello,

I've found a Backdoor.Tidserv.I! virus on my netbook. It started out as 3 cases, then 10, and this morning a norton scan revealed 22.

I've gone through the Malware/Spyware Cleaning guide. Posted below are my MBAM and OTL logs. I ran GMER as well, but it took almost 24 hours to complete the scan and the computer rebooted (overnight of course) when the scan completed. I can't find a log saved anywhere from it.

Any help would be greatly appreciated as I'm starting back at school tomorrow and will really need my netbook in top shape!

Thanks.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

07/05/2010 12:53:48 PM
mbam-log-2010-05-07 (12-53-48).txt

Scan type: Quick scan
Objects scanned: 125199
Time elapsed: 15 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


-------------------------------------------------------

OTL logfile created on: 09/05/2010 10:03:58 AM - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Vicki Morrison\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,015.00 Mb Total Physical Memory | 366.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 13.04 Gb Free Space | 17.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VICKI
Current User Name: Vicki Morrison
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/09 10:03:18 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vicki Morrison\My Documents\Downloads\OTL.exe
PRC - [2010/04/27 10:06:49 | 006,364,992 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2010/04/06 10:55:13 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/09 05:05:51 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccsvchst.exe
PRC - [2009/11/18 19:47:26 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2008/12/12 08:31:10 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/12/12 02:46:22 | 000,125,424 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
PRC - [2008/12/02 22:57:30 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/09/11 07:00:10 | 000,446,556 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\sttray.exe
PRC - [2008/09/11 07:00:10 | 000,446,556 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/09/11 07:00:10 | 000,237,650 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\WDM\stacsv.exe
PRC - [2008/08/02 18:38:03 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/05/29 12:49:50 | 001,085,440 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2008/05/20 14:26:36 | 000,835,584 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2008/04/15 00:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/31 17:27:04 | 000,118,784 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2007/10/11 19:03:10 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2007/03/16 04:23:20 | 000,983,040 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe


========== Modules (SafeList) ==========

MOD - [2010/05/09 10:03:18 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vicki Morrison\My Documents\Downloads\OTL.exe
MOD - [2008/04/15 00:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/27 10:06:49 | 006,364,992 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV - [2010/01/04 14:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/12/09 05:05:51 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe -- (NAV)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008/12/12 02:46:22 | 000,125,424 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2008/09/11 07:00:10 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2006/12/14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)


========== Driver Services (SafeList) ==========

DRV - [2010/04/29 13:44:04 | 000,537,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\BASHDefs\20100429.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/04/27 10:06:50 | 000,054,920 | ---- | M] (Prevx) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pxrts.sys -- (pxrts)
DRV - [2010/04/27 10:06:50 | 000,030,320 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2010/04/27 10:06:49 | 000,024,400 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pxkbf.sys -- (pxkbf)
DRV - [2010/04/20 23:17:31 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2010/02/03 20:00:05 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100508.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/03 20:00:04 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100508.019\NAVENG.SYS -- (NAVENG)
DRV - [2009/12/09 05:06:51 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1105000.07F\ccHPx86.sys -- (ccHP)
DRV - [2009/12/03 02:08:32 | 000,325,168 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1105000.07F\SRTSP.SYS -- (SRTSP)
DRV - [2009/12/03 02:08:32 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1105000.07F\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/11/26 02:41:48 | 000,172,592 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1105000.07F\SYMEFA.SYS -- (SymEFA)
DRV - [2009/11/26 02:41:22 | 000,116,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1105000.07F\Ironx86.SYS -- (SymIRON)
DRV - [2009/11/21 20:43:48 | 000,362,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1105000.07F\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/11/20 18:50:24 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/11/20 02:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/11/20 02:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/11/11 11:44:50 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasenum.sys -- (SASENUM)
DRV - [2009/11/11 11:44:48 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/11 11:44:46 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/11/05 18:06:13 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1105000.07F\SYMDS.SYS -- (SymDS)
DRV - [2009/10/28 18:37:22 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\IPSDefs\20100505.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2009/03/05 02:35:56 | 001,294,200 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/12/11 05:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SaibVd32.sys -- (SaibVd32)
DRV - [2008/12/11 05:00:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SahdIa32.sys -- (SahdIa32)
DRV - [2008/12/11 05:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SaibIa32.sys -- (SaibIa32)
DRV - [2008/12/04 18:55:14 | 000,204,976 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/12/02 22:57:32 | 000,112,128 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/09/25 02:09:40 | 000,103,792 | ---- | M] (Sonic Solutions) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\syscow32x.sys -- (SysCow)
DRV - [2008/09/11 07:00:10 | 001,390,323 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/06/27 14:02:00 | 000,289,024 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/04/15 00:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 11:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 11:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2008/04/14 00:10:28 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008/02/15 10:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/04/24 12:33:46 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/24 12:33:46 | 000,098,696 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125obex.sys -- (s125obex)
DRV - [2007/04/24 12:33:44 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007/04/24 12:33:42 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007/04/24 12:33:34 | 000,083,336 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)
DRV - [2001/08/18 01:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 01:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 01:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 01:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 01:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/18 00:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 00:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 00:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 00:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 00:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 00:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 00:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 00:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 00:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 00:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {c1b73280-1b40-4d1a-921d-11c56d7670f7}:1.300.244
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..keyword.URL: "http://ca.search.yah...-caam&slv8-&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\IPSFFPlgn\ [2009/11/20 18:52:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/07 09:55:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/06 10:55:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010/01/25 17:49:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2010/01/25 17:49:06 | 000,000,000 | ---D | M]

[2009/07/02 18:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\Mozilla\Extensions
[2009/07/02 18:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\Mozilla\Extensions\[email protected]
[2010/05/09 10:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\Mozilla\Firefox\Profiles\74xb8c1m.default\extensions
[2009/09/02 09:26:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Vicki Morrison\Application Data\Mozilla\Firefox\Profiles\74xb8c1m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/13 23:32:11 | 000,000,000 | ---D | M] (AIR MILES TOOLBAR) -- C:\Documents and Settings\Vicki Morrison\Application Data\Mozilla\Firefox\Profiles\74xb8c1m.default\extensions\{c1b73280-1b40-4d1a-921d-11c56d7670f7}
[2009/05/14 00:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\Mozilla\Sunbird\Profiles\s632wlod.default\extensions
[2009/05/14 00:05:04 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Vicki Morrison\Application Data\Mozilla\Firefox\Profiles\74xb8c1m.default\searchplugins\ask.xml
[2009/05/13 23:32:27 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\Vicki Morrison\Application Data\Mozilla\Firefox\Profiles\74xb8c1m.default\searchplugins\search-the-web.xml
[2009/11/20 21:14:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/05/28 16:56:17 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
[2009/03/03 10:51:42 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2008/04/15 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SafeOnline BHO) - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll (Prevx)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} http://pogo.oberon-m...eb.1.0.0.10.cab (CPlayFirstzenerchiControl Object)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} http://pogo.oberon-m...sh.1.0.0.47.cab (CPlayFirstWeddingDashControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Tempest.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Tempest.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3da8de2a-40af-11de-815a-00248161045b}\Shell - "" = AutoRun
O33 - MountPoints2\{3da8de2a-40af-11de-815a-00248161045b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3da8de2a-40af-11de-815a-00248161045b}\Shell\AutoRun\command - "" = D:\start.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/03/05 01:52:01 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/05/09 04:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/07 12:37:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/07 12:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/20 23:17:31 | 000,110,304 | ---- | C] (Protect Software GmbH) -- C:\WINDOWS\System32\drivers\ACEDRV09.sys
[2010/04/20 20:09:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Shared
[2010/04/20 20:06:11 | 001,089,536 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\ROBOEX32.DLL
[2010/04/20 20:06:11 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\INETWH32.dll
[2010/04/20 20:06:10 | 000,085,504 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\HtmlWH.dll
[2010/04/20 17:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/20 17:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/08 02:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki Morrison\My Documents\itunes ready videos
[2010/04/08 02:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki Morrison\Local Settings\Application Data\Geckofx
[2010/04/08 02:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/04/08 02:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\Red Kawa
[2010/04/06 23:43:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MAGIX
[2010/04/06 23:43:02 | 000,700,416 | ---- | C] (MAGIX AG) -- C:\WINDOWS\System32\mgxoschk.dll
[2010/04/06 23:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Magix Shared
[2010/04/06 23:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki Morrison\My Documents\MAGIX downloads
[2010/04/06 23:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki Morrison\My Documents\MAGIX_Music_Maker_16
[2010/04/06 23:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki Morrison\Application Data\MAGIX
[2010/04/06 23:17:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki Morrison\My Documents\MAGIX_Screenshare
[2010/04/06 23:15:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\MAGIX_Speed2_burnR_mxcdr_MSI
[2010/04/06 23:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2010/04/06 23:14:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010/04/06 23:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2010/04/05 13:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki Morrison\My Documents\Italy Program
[2010/02/25 00:27:57 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\WINDOWS\System32\tm20dec.ax
[2010/02/25 00:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Auralog
[2010/02/21 01:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki Morrison\My Documents\Any Video Converter
[2010/02/21 01:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki Morrison\Application Data\AnvSoft
[2010/02/21 01:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki Morrison\Application Data\AVS4YOU
[2010/02/21 01:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/02/21 01:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/02/21 01:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/02/09 17:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki Morrison\My Documents\Cakes and Catering
[2 C:\Documents and Settings\Vicki Morrison\*.tmp files -> C:\Documents and Settings\Vicki Morrison\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/09 10:08:30 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
[2010/05/09 09:56:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/09 09:56:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/09 09:56:10 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/07 12:21:28 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Vicki Morrison\NTUSER.DAT
[2010/05/07 12:21:28 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Vicki Morrison\ntuser.ini
[2010/05/06 09:51:26 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 10:06:51 | 000,060,928 | ---- | M] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll
[2010/04/27 10:06:50 | 000,054,920 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/04/27 10:06:50 | 000,030,320 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/04/27 10:06:49 | 000,024,400 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/04/27 10:06:38 | 000,000,171 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/04/23 09:39:54 | 000,551,806 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/23 09:39:54 | 000,462,426 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/23 09:39:54 | 000,079,956 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/20 23:44:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Sampler.INI
[2010/04/20 23:41:01 | 000,000,028 | ---- | M] () -- C:\WINDOWS\Robota.INI
[2010/04/20 23:40:58 | 000,000,411 | ---- | M] () -- C:\WINDOWS\BeatBox.INI
[2010/04/20 23:19:14 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\00000579.LCS
[2010/04/20 23:17:31 | 000,110,304 | ---- | M] (Protect Software GmbH) -- C:\WINDOWS\System32\drivers\ACEDRV09.sys
[2010/04/20 20:11:47 | 000,005,937 | ---- | M] () -- C:\WINDOWS\mgxoschk.ini
[2010/04/20 17:38:55 | 000,416,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/19 12:06:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/08 02:04:09 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Videora iPhone 3GS Converter.lnk
[2010/04/07 00:00:10 | 000,125,096 | ---- | M] () -- C:\Documents and Settings\Vicki Morrison\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/26 23:30:16 | 000,061,065 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\symtdiv.sys.ptx
[2010/03/26 23:30:16 | 000,057,737 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\symtdi.sys.ptx
[2010/03/26 23:30:15 | 000,045,570 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\symefa.sys.ptx
[2010/03/26 23:30:15 | 000,003,166 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\symnetv.cat.ptx
[2010/03/26 23:30:15 | 000,003,082 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\symnet.cat.ptx
[2010/03/26 23:30:15 | 000,000,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\symnetv.inf.ptx
[2010/03/26 23:30:15 | 000,000,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\symnet.inf.ptx
[2010/03/26 23:30:14 | 000,036,057 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtsp.sys.ptx
[2010/03/26 23:30:14 | 000,023,591 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\ironx86.sys.ptx
[2010/03/26 23:30:14 | 000,004,121 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtsp.cat.ptx
[2010/03/26 23:30:14 | 000,003,563 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtspx.cat.ptx
[2010/03/26 23:30:14 | 000,003,062 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\symefa.cat.ptx
[2010/03/26 23:30:14 | 000,001,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtspx.sys.ptx
[2010/03/26 23:30:14 | 000,000,349 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\symds.cat.ptx
[2010/03/26 23:30:14 | 000,000,178 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\symefa.inf.ptx
[2010/03/26 23:30:14 | 000,000,171 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtspx.inf.ptx
[2010/03/26 23:30:14 | 000,000,171 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtsp.inf.ptx
[2010/03/26 23:30:13 | 000,030,458 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\cchpx86.sys.ptx
[2010/03/26 23:30:13 | 000,004,209 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\iron.cat.ptx
[2010/03/26 23:30:13 | 000,000,173 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\iron.inf.ptx
[2010/03/26 23:30:12 | 000,001,473 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\cchpx86.cat.ptx
[2010/03/26 23:30:12 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\cchpx86.inf.ptx
[2010/03/26 21:15:54 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\isolate.ini
[2010/03/25 19:26:16 | 000,000,654 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/25 00:28:22 | 000,000,011 | ---- | M] () -- C:\trace.ini
[2010/02/25 00:27:48 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Vicki Morrison\Desktop\Windows Media Player.lnk
[2010/02/25 00:27:38 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/25 00:27:38 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/25 00:26:16 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Talk to Me 7.0.lnk
[2010/02/14 13:20:14 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\Vicki Morrison\.recently-used.xbel
[2010/02/12 12:03:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/10 12:02:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/09 23:48:53 | 000,069,508 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2 C:\Documents and Settings\Vicki Morrison\*.tmp files -> C:\Documents and Settings\Vicki Morrison\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/20 23:41:01 | 000,000,412 | ---- | C] () -- C:\WINDOWS\Sampler.INI
[2010/04/20 23:41:01 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2010/04/20 23:40:58 | 000,000,411 | ---- | C] () -- C:\WINDOWS\BeatBox.INI
[2010/04/20 23:17:36 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\00000579.LCS
[2010/04/20 20:11:47 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2010/04/20 19:40:41 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2010/04/08 02:04:09 | 000,001,855 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Videora iPhone 3GS Converter.lnk
[2010/02/25 00:27:14 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010/02/25 00:27:14 | 000,005,672 | ---- | C] () -- C:\WINDOWS\System32\quartz.vxd
[2010/02/25 00:26:21 | 000,000,011 | ---- | C] () -- C:\trace.ini
[2010/02/25 00:26:16 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Talk to Me 7.0.lnk
[2010/02/14 13:20:14 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\Vicki Morrison\.recently-used.xbel
[2010/02/09 23:48:53 | 000,069,508 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/19 14:22:04 | 000,000,171 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/11 19:13:12 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/08/11 19:13:12 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/08/11 19:12:56 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/08/11 19:12:56 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/08/11 19:11:23 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/08/11 19:11:16 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/08/11 19:04:40 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/05/15 17:57:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/05/15 01:12:10 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/14 21:51:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/05 02:45:26 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/03/05 02:22:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/06/24 13:48:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/04/27 09:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2005/10/14 05:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 05:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 05:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 05:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 05:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/12/21 07:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2010/04/20 20:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010/04/06 23:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Magix Shared
[2009/11/20 18:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/10/22 00:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/05/28 16:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/05/08 09:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2009/08/11 19:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/01/19 19:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2009/10/22 00:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/05 02:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/03/05 02:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/05/28 23:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/05/30 15:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/01/25 18:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/14 17:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/02/21 01:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\AnvSoft
[2009/07/20 12:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\Audacity
[2010/04/08 07:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\BitTorrent
[2010/05/09 10:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\DNA
[2010/02/14 13:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\gtk-2.0
[2010/05/02 12:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\LimeWire
[2010/04/06 23:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\MAGIX
[2009/05/13 22:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\MigoMobile
[2009/10/22 00:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\PlayFirst
[2010/01/19 23:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\Teleca
[2009/03/05 02:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\TMP
[2009/05/27 17:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki Morrison\Application Data\WildTangent
[2010/05/09 10:08:30 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\BackOnTrack Instant Restore Idle.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/11/21 13:31:53 | 000,001,788 | ---- | M] () -- C:\avenger.txt
[2009/11/20 19:26:48 | 000,266,752 | RHS- | M] (Microsoft Corporation) -- C:\BCDEDIT.EXE
[2009/05/14 06:50:34 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2009/11/21 19:21:06 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/14 06:54:24 | 003,170,304 | RHS- | M] () -- C:\Boot.sdi
[2009/05/14 06:54:24 | 183,560,527 | RHS- | M] () -- C:\BootENU.wim
[2009/05/14 06:54:24 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2009/11/20 19:26:52 | 000,109,568 | RHS- | M] (Microsoft Corporation) -- C:\bootsect.exe
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2009/11/21 19:47:49 | 000,024,804 | ---- | M] () -- C:\ComboFix.txt
[2010/05/09 09:56:10 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/21 10:01:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/03/05 02:42:50 | 000,000,442 | -H-- | M] () -- C:\IPH.PH
[2010/05/07 12:37:21 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/11/21 10:01:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/15 00:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2008/04/15 00:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/09 09:56:08 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/02/12 18:54:02 | 000,019,764 | ---- | M] () -- C:\TDSSKiller.2.2.3_12.02.2010_17.53.59_log.txt
[2010/02/12 18:54:45 | 000,019,764 | ---- | M] () -- C:\TDSSKiller.2.2.3_12.02.2010_17.54.43_log.txt
[2010/02/25 00:28:22 | 000,000,011 | ---- | M] () -- C:\trace.ini

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/06/24 06:05:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/06/24 06:05:34 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/06/24 06:05:32 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/20 23:17:31 | 000,110,304 | ---- | M] (Protect Software GmbH) -- C:\WINDOWS\system32\drivers\ACEDRV09.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/04/27 10:06:49 | 000,024,400 | ---- | M] (Prevx) -- C:\WINDOWS\system32\drivers\pxkbf.sys
[2010/04/27 10:06:50 | 000,054,920 | ---- | M] (Prevx) -- C:\WINDOWS\system32\drivers\pxrts.sys
[2010/04/27 10:06:50 | 000,030,320 | ---- | M] (Prevx) -- C:\WINDOWS\system32\drivers\pxscan.sys
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23
< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,194 posts
  • MVP
Did you get an Extras log when you ran OTL? If so I'd like to see it.

You should uninstall that worthless Ask toolbar.

Then run Combofix:

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:


Ron
  • 0

#3
Vickimorrison

Vickimorrison

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hello,

OTL did not open an Extras.txt file. I could run the scan again if you'd like and see if one opens.

I ran Combofix last night. It ran for 2 1/2 hours until the battery on my computer died (I didn't have it plugged in because I thought Combofix would take much less time to run.) Should I try to run it again? I did have all programs closed, but "Just In Time Debugging" keeps popping up so I'm not sure if that caused a problem. Is there anyway to disable the debugging prompt? It has only recently been popping up, and doesn't go away unless I click yes (which opens a debuggin program that I promptly just close).

Thanks for your help.
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,194 posts
  • MVP
I assume this is what you are asking about:

http://msdn.microsof...y/k8kf6y2a.aspx



Go ahead and run combofix again after you disable JIT and plug the laptop into power. Normally Combofix only takes about 15 minutes so make sure you have your antivirus turned off. It will also run faster with the laptop plugged in. (They slow down the CPU to save power when on battery.)

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP