Help: PC infected by Digital Protection virus !!!

View previous topic View next topic Go down

Help: PC infected by Digital Protection virus !!!

Post by aigles_verts on Tue Apr 13, 2010 8:01 pm

Hello,

My home PC has been infected by the digital protection virus. I use windows XP. Can I simply follow the instructions in some of the other posts with the same issue or is each case different ?

I wasn't able to load Spy Sweeper. I also have Norton 360. I unfortunately allowed the subscription to expire on those for just a couple of days. But even after renewing, it doesn't do anything. I can't even access taskbar to end the virus program because the virus has installed itself as administrator.

I really appreciate any help on this.

Thanks a lot.

aigles_verts
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-04-13
OS OS : Windows XP
Points Points : 24487
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help: PC infected by Digital Protection virus !!!

Post by Belahzur on Wed Apr 14, 2010 9:17 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Here is the OTL.txt log

Post by aigles_verts on Fri Apr 16, 2010 7:19 pm

thanks for helping me with this.

Here is OTL.txt

OTL logfile created on: 4/15/2010 8:06:37 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\SOA
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): c:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.25 Gb Total Space | 16.93 Gb Free Space | 44.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DHCVK541
Current User Name: mimi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/15 11:03:04 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\SOA\memechose.exe
PRC - [2010/04/14 22:36:52 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2010/04/14 22:36:16 | 004,048,240 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.1.0.32\ccsvchst.exe
PRC - [2009/08/31 10:16:14 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/25 01:25:00 | 000,161,024 | ---- | M] (Avanquest North America, Inc.) -- C:\Program Files\Avanquest\Fix-It\mxtask.exe
PRC - [2008/08/05 14:04:02 | 000,849,192 | ---- | M] (Sunbelt Software) -- C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 19:54:31 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2007/09/22 19:37:37 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/03/09 11:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2007/02/08 01:12:48 | 000,488,984 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/02/06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2005/03/11 17:17:08 | 000,114,688 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe


========== Modules (SafeList) ==========

MOD - [2010/04/15 11:03:04 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\SOA\memechose.exe
MOD - [2010/03/26 19:52:36 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.1.0.32\asoehook.dll
MOD - [2009/07/12 01:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 01:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2007/02/06 17:45:14 | 000,092,960 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MpfService)
SRV - File not found [Auto | Stopped] -- -- (MCVSRte)
SRV - File not found [On_Demand | Stopped] -- -- (mcupdmgr.exe)
SRV - File not found [On_Demand | Stopped] -- -- (McShield)
SRV - [2010/04/14 22:36:52 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/04/14 22:36:16 | 004,048,240 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe -- (N360)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/25 01:25:00 | 000,161,024 | ---- | M] (Avanquest North America, Inc.) [Auto | Running] -- C:\Program Files\Avanquest\Fix-It\mxtask.exe -- (Fix-It Task Manager)
SRV - [2008/08/05 14:04:02 | 000,849,192 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2007/09/22 19:37:37 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/02/06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/02/06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)


========== Driver Services (SafeList) ==========

DRV - [2010/04/14 22:36:19 | 000,176,752 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2010/04/14 22:36:19 | 000,029,808 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2010/04/14 22:36:19 | 000,023,152 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2010/04/13 22:30:00 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\qilophoe.sys -- (edef)
DRV - [2010/04/13 22:25:03 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\cchihlns.sys -- (dmaw)
DRV - [2010/04/06 23:11:36 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/04/06 01:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/04/06 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/04/06 01:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\NAVENG.SYS -- (NAVENG)
DRV - [2010/03/24 16:38:08 | 000,536,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/02/26 22:23:54 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0401000.020\Ironx86.SYS -- (SymIRON)
DRV - [2010/02/26 22:23:21 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0401000.020\SRTSP.SYS -- (SRTSP)
DRV - [2010/02/26 22:23:21 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0401000.020\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\N360\0401000.020\ccHPx86.sys -- (ccHP)
DRV - [2009/11/21 20:43:48 | 000,362,032 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0401000.020\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/11/16 20:51:14 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100402.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2009/08/26 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/07/18 01:26:32 | 000,068,912 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sbapifs.sys -- (sbapifs)
DRV - [2008/07/18 01:26:32 | 000,013,360 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sbaphd.sys -- (sbaphd)
DRV - [2008/04/13 14:45:32 | 000,059,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\gckernel.sys -- (GcKernel)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/06 10:00:58 | 000,087,848 | ---- | M] (Sunbelt Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SBREDrv.sys -- (SBRE)
DRV - [2007/02/06 17:45:04 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/02/06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Lvckap.sys -- (LVcKap)
DRV - [2007/02/03 14:32:34 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 14:27:27 | 000,938,272 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/02/03 14:27:15 | 000,014,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lv302af.sys -- (pepifilter)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys -- (Afc)
DRV - [2004/08/04 01:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/01/20 23:48:07 | 000,669,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2003/12/15 18:22:00 | 000,038,448 | ---- | M] (OLYMPUS OPTICAL CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\VNUSB.sys -- (VNUSB)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/08/14 12:58:12 | 001,296,384 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/07/16 12:42:39 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2003/07/16 12:41:17 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2003/07/16 12:41:16 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2003/07/16 12:41:16 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2003/07/16 12:41:16 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2003/07/16 12:40:06 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2003/07/16 12:36:08 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2003/07/16 12:36:07 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2003/07/16 12:36:06 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2003/07/16 12:29:06 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2003/07/16 12:21:40 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hidgame.sys -- (hidgame)
DRV - [2003/07/16 12:20:43 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2003/07/16 12:19:41 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2003/07/16 12:18:27 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2003/07/16 12:18:27 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2003/07/16 12:18:13 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2003/05/27 13:25:50 | 000,072,461 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFirewall.sys -- (MPFIREWL)
DRV - [2003/05/23 14:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/03/13 10:50:36 | 000,023,296 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NaiFiltr.sys -- (NaiFiltr)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HIDSwvd.sys -- (HIDSwvd)
DRV - [2001/08/17 14:02:40 | 000,035,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\msgame.sys -- (msgame)
DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)
DRV - [1999/12/17 03:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/04/06 23:22:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/04/06 23:22:35 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/04/14 22:47:06 | 000,001,270 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 viruslist.com
O1 - Hosts: 127.0.0.1 housecall.trendmicro.com
O1 - Hosts: 127.0.0.1 v4.windowsupdate.microsoft.com
O1 - Hosts: 127.0.0.1 v5.windowsupdate.microsoft.com
O1 - Hosts: 127.0.0.1 v5windowsupdate.microsoft.nsatc.net
O1 - Hosts: 127.0.0.1 viruslist.com
O1 - Hosts: 127.0.0.1 windowsupdate.microsoft.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 www3.ca.com
O1 - Hosts: 127.0.0.1 downloads-eu1.kaspersky-labs.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.1.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (no name) - {a298ed31-d405-40e2-880f-b7511948e582} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {a298ed31-d405-40e2-880f-b7511948e582} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} [You must be registered and logged in to see this link.] (Musicnotes Viewer)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} [You must be registered and logged in to see this link.] (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O21 - SSODL: FawsGCph - {48A61E7F-E20C-B4D5-F9EC-022E6DE91211} - CLSID or File not found.
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 15:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: ('autocheck autochk *') - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/14 22:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2010/04/14 22:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimi\Local Settings\Application Data\Help
[2010/04/14 22:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimi\Application Data\Help
[2010/04/14 22:25:05 | 000,000,000 | ---D | C] -- C:\connerie
[2010/04/14 20:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/13 22:54:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/13 22:54:17 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/13 22:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\mmmmmm
[2010/04/13 20:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Avanquest
[2010/04/13 19:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimi\Application Data\Malwarebytes
[2010/04/13 19:03:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/13 19:02:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimi\Application Data\Avanquest
[2010/04/13 07:09:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\mimi\PrivacIE
[2010/04/13 07:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimi\Local Settings\Application Data\Adobe
[2010/04/13 07:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimi\Application Data\Webroot
[2010/04/13 07:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimi\Application Data\Tific
[2010/04/13 07:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimi\Application Data\Adobe
[2010/04/13 07:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimi\Local Settings\Application Data\Symantec
[2010/04/13 07:08:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\mimi\IETldCache
[2010/04/13 07:07:27 | 000,000,000 | --SD | C] -- C:\Documents and Settings\mimi\Application Data\Microsoft
[2010/04/13 07:07:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mimi\SendTo
[2010/04/13 07:07:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mimi\Recent
[2010/04/13 07:07:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mimi\Application Data
[2010/04/13 07:07:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mimi\Start Menu
[2010/04/13 07:07:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mimi\My Documents\My Pictures
[2010/04/13 07:07:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mimi\My Documents\My Music
[2010/04/13 07:07:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mimi\My Documents
[2010/04/13 07:07:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mimi\Favorites
[2010/04/13 07:07:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\mimi\Cookies
[2010/04/13 07:07:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\mimi\Templates
[2010/04/13 07:07:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\mimi\PrintHood
[2010/04/13 07:07:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\mimi\NetHood
[2010/04/13 07:07:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\mimi\Local Settings
[2010/04/13 07:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimi\Application Data\Sun
[2010/04/13 07:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimi\Application Data\Sonic
[2010/04/13 07:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimi\Application Data\Real
[2010/04/13 07:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimi\My Documents\My Videos
[2010/04/13 07:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimi\My Documents\My PSP8 Files
[2010/04/13 07:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimi\Local Settings\Application Data\Microsoft
[2010/04/13 07:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimi\Application Data\Macromedia
[2010/04/13 07:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimi\Application Data\Jasc Software Inc
[2010/04/13 07:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimi\Application Data\Identities
[2010/04/13 07:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimi\Application Data\Gtek
[2010/04/13 07:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimi\Desktop
[2010/04/13 07:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimi\Local Settings\Application Data\ApplicationHistory
[2010/04/13 07:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimi\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142000}
[2010/04/11 17:30:07 | 000,000,000 | ---D | C] -- C:\crap
[2010/04/11 15:51:53 | 000,068,912 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2010/04/11 15:51:53 | 000,013,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2010/04/11 15:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/10 07:04:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\PRAGMAxgeraphpft
[2010/04/06 22:56:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2009/11/02 23:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/09/08 20:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Downloaded Installations
[2009/07/03 20:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/10/28 11:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/07/19 11:01:37 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/12/09 22:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2007/12/09 22:13:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/12/09 22:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2007/12/09 22:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
[2007/08/18 23:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/02/02 17:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2004/01/20 05:13:11 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2004/01/20 04:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/15 20:22:00 | 000,000,498 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (DHCVK541-Youssef).job
[2010/04/15 20:22:00 | 000,000,494 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (DHCVK541-Imane).job
[2010/04/15 20:20:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/04/15 20:18:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (DHCVK541-Riaz).job
[2010/04/15 20:11:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/04/15 20:04:44 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/04/15 20:00:44 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/04/15 20:00:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/15 19:46:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/15 19:11:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/15 19:10:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/04/15 19:10:49 | 2145,456,128 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/14 22:47:06 | 000,001,270 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2010/04/14 22:46:28 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/04/14 22:46:27 | 000,000,974 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/04/14 22:46:27 | 000,000,253 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/04/14 22:37:39 | 001,048,576 | ---- | M] () -- C:\Documents and Settings\mimi\ntuser.dat
[2010/04/14 22:36:52 | 000,775,168 | ---- | M] () -- C:\WINDOWS\is-SGKDV.exe
[2010/04/14 22:36:52 | 000,010,194 | ---- | M] () -- C:\WINDOWS\is-SGKDV.msg
[2010/04/14 22:36:52 | 000,001,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spy Sweeper.lnk
[2010/04/14 22:36:52 | 000,000,229 | ---- | M] () -- C:\WINDOWS\is-SGKDV.lst
[2010/04/14 22:36:19 | 000,176,752 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] -- C:\WINDOWS\System32\drivers\ssidrv.sys
[2010/04/14 22:36:19 | 000,029,808 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] -- C:\WINDOWS\System32\drivers\ssfs0bbc.sys
[2010/04/14 22:36:19 | 000,023,152 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] -- C:\WINDOWS\System32\drivers\sshrmd.sys
[2010/04/14 22:36:18 | 000,031,088 | ---- | M] () -- C:\WINDOWS\System32\wrLZMA.dll
[2010/04/14 22:36:18 | 000,016,240 | ---- | M] () -- C:\WINDOWS\System32\SsiEfr.exe
[2010/04/14 20:24:37 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/13 22:48:44 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/04/13 22:46:01 | 003,779,476 | -H-- | M] () -- C:\Documents and Settings\mimi\Local Settings\Application Data\IconCache.db
[2010/04/13 22:30:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\qilophoe.sys
[2010/04/13 22:25:03 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\cchihlns.sys
[2010/04/13 07:13:29 | 000,000,042 | -HS- | M] () -- C:\Documents and Settings\mimi\NTUSER.INI
[2010/04/13 07:08:45 | 000,000,127 | ---- | M] () -- C:\Documents and Settings\mimi\Local Settings\Application Data\fusioncache.dat
[2010/04/13 06:51:28 | 000,015,150 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\mE20
[2010/04/11 20:48:26 | 000,015,134 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4097701637
[2010/04/11 18:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Riaz.job
[2010/04/10 21:36:28 | 000,000,146 | ---- | M] () -- C:\WINDOWS\System32\PRAGMAwnsrsiopob.dat
[2010/04/10 09:47:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/09 22:00:00 | 000,001,642 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L3338A8B9E8554D19ADB40512F26E4D8B.job
[2010/04/09 21:31:18 | 000,001,165 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll
[2010/04/09 21:31:17 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\PRAGMAtblkwdqxns.dll
[2010/04/09 21:31:15 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\PRAGMAxyaqpxykmr.dll
[2010/04/09 21:31:12 | 000,029,696 | ---- | M] () -- C:\WINDOWS\System32\PRAGMAmpfmqptkya.dll
[2010/04/09 20:00:00 | 000,000,596 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[2010/04/08 19:01:03 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/04/08 18:59:57 | 000,782,738 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\Cat.DB
[2010/04/06 23:11:36 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/04/06 23:11:36 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/04/06 23:11:36 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/04/06 23:11:36 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/26 21:39:52 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\isolate.ini
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/14 22:38:31 | 2145,456,128 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/14 22:36:52 | 000,775,168 | ---- | C] () -- C:\WINDOWS\is-SGKDV.exe
[2010/04/14 22:36:52 | 000,010,194 | ---- | C] () -- C:\WINDOWS\is-SGKDV.msg
[2010/04/14 22:36:52 | 000,001,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spy Sweeper.lnk
[2010/04/14 22:36:52 | 000,000,229 | ---- | C] () -- C:\WINDOWS\is-SGKDV.lst
[2010/04/14 20:24:37 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/13 22:30:00 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\qilophoe.sys
[2010/04/13 22:25:03 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\cchihlns.sys
[2010/04/13 07:08:45 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\mimi\Local Settings\Application Data\fusioncache.dat
[2010/04/13 07:07:55 | 001,048,576 | ---- | C] () -- C:\Documents and Settings\mimi\ntuser.dat
[2010/04/13 07:07:55 | 000,028,672 | -H-- | C] () -- C:\Documents and Settings\mimi\ntuser.dat.LOG
[2010/04/13 07:07:27 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\mimi\NTUSER.INI
[2010/04/11 15:32:37 | 000,015,134 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4097701637
[2010/04/10 21:44:57 | 000,015,150 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mE20
[2010/04/09 21:31:18 | 000,001,165 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll
[2010/04/09 21:31:17 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\PRAGMAtblkwdqxns.dll
[2010/04/09 21:31:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\PRAGMAxyaqpxykmr.dll
[2010/04/09 21:31:13 | 000,000,146 | ---- | C] () -- C:\WINDOWS\System32\PRAGMAwnsrsiopob.dat
[2010/04/09 21:31:12 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\PRAGMAmpfmqptkya.dll
[2010/04/06 23:14:38 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/03/08 22:38:09 | 000,000,073 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2009/12/09 19:43:37 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/11/15 15:03:21 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/18 20:11:12 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/04/21 18:26:56 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/03/22 18:59:39 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2008/12/20 13:00:46 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/10/18 12:03:09 | 000,018,738 | ---- | C] () -- C:\Program Files\Common Files\odakeby.ban
[2008/10/18 12:03:08 | 000,014,240 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\peza._dl
[2008/10/16 23:18:34 | 000,013,549 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qadowisov.inf
[2008/10/16 23:18:34 | 000,010,585 | ---- | C] () -- C:\WINDOWS\System32\arohahab.dll
[2008/10/16 23:18:33 | 000,018,374 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hegoki.pif
[2008/10/16 23:18:33 | 000,017,871 | ---- | C] () -- C:\Program Files\Common Files\dixyhenis.bin
[2008/10/16 23:18:33 | 000,010,664 | ---- | C] () -- C:\WINDOWS\System32\zojujoxaju.sys
[2008/10/16 23:18:32 | 000,015,402 | ---- | C] () -- C:\Program Files\Common Files\qize.scr
[2008/10/16 23:18:32 | 000,013,957 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ajoledy.dat
[2008/10/16 23:18:32 | 000,011,907 | ---- | C] () -- C:\Program Files\Common Files\abyn.bat
[2007/10/14 12:02:26 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2007/10/14 12:02:26 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2007/10/14 12:02:26 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/10/14 12:02:18 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/10/14 12:02:18 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2007/10/14 12:02:18 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2007/10/14 12:02:12 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2040.INI
[2007/10/14 12:01:30 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/08/19 00:22:06 | 000,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/05/20 20:38:16 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2007/03/17 16:18:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/02/06 17:45:04 | 000,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/02/06 17:42:40 | 001,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2006/10/04 19:41:09 | 000,036,911 | ---- | C] () -- C:\WINDOWS\System32\pcimsg.dll
[2006/07/09 19:22:32 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/07/09 19:18:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4800.ini
[2006/04/08 10:31:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/02 11:59:51 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2006/04/02 11:59:51 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2006/03/06 11:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2005/08/16 23:16:19 | 000,000,062 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/07/10 17:46:57 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\papycpu2.sys
[2005/07/10 17:46:57 | 000,001,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\papyjoy.sys
[2005/07/10 17:45:53 | 000,000,132 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/04/24 14:58:27 | 000,000,035 | ---- | C] () -- C:\WINDOWS\WDIRECT.INI
[2005/02/05 23:59:25 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sw_app.sys
[2005/01/20 18:31:31 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/12/26 20:32:18 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\TTSServer.dll
[2004/12/26 20:30:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Setup32.INI
[2004/11/13 21:08:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/11/06 21:14:49 | 000,002,122 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2004/11/05 22:41:57 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/07/21 16:28:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2004/07/04 18:10:11 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Spiderman.INI
[2004/02/06 21:38:10 | 000,000,021 | ---- | C] () -- C:\WINDOWS\DVDSentry.ini
[2004/02/04 00:04:03 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2004/02/03 18:58:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/02 18:53:05 | 000,002,865 | ---- | C] () -- C:\WINDOWS\disney.ini
[2004/02/02 17:47:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MpfApi.dll
[2004/02/02 17:47:23 | 000,072,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\MpFirewall.sys
[2004/02/02 17:42:00 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2004/02/02 17:42:00 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2004/01/20 23:39:05 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/01/20 05:28:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/20 05:18:25 | 000,023,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\NaiFiltr.sys
[2004/01/20 05:17:38 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/01/20 05:13:38 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/01/20 05:13:12 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2004/01/20 05:13:12 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/01/20 05:13:11 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2004/01/20 05:13:11 | 000,002,572 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2004/01/20 05:13:11 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2004/01/20 05:12:27 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/01/20 05:10:49 | 000,003,759 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/01/20 04:55:15 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/20 04:39:34 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/10/16 17:50:50 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/05/30 11:00:02 | 001,962,496 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2003/03/28 14:31:52 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2002/09/29 07:24:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/09/29 07:23:16 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/09/29 07:23:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/09/29 07:23:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

========== Files - Unicode (All) ==========
[2004/06/04 18:01:18 | 000,002,804 | ---- | M] ()(C:\WINDOWS\System32\??E) -- C:\WINDOWS\System32\៦矵E
[2004/06/02 21:59:01 | 000,002,804 | ---- | C] ()(C:\WINDOWS\System32\??E) -- C:\WINDOWS\System32\៦矵E

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09CD1DC6
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6C0CA66
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D667795F
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BCA993F
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D431AA5F
< End of report >

aigles_verts
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-04-13
OS OS : Windows XP
Points Points : 24487
# Likes # Likes : 0

View user profile

Back to top Go down

and here is the Extras.txt log

Post by aigles_verts on Fri Apr 16, 2010 7:21 pm

OTL Extras logfile created on: 4/15/2010 8:06:37 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\SOA
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): c:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.25 Gb Total Space | 16.93 Gb Free Space | 44.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DHCVK541
Current User Name: mimi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 File not found
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 File not found
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- File not found
"C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe" = C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe:*:Disabled:svchost -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Documents and Settings\Riaz\Local Settings\Temp\7zSF.tmp\SymNRT.exe" = C:\Documents and Settings\Riaz\Local Settings\Temp\7zSF.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Camera Window
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{117CD9C0-0F15-4633-93D7-F957B50535A5}" = Popup Blocker (Windows Live Toolbar)
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1707BF02-0F5C-4A6C-8F17-053BB73E443F}" = Tabbed Browsing (Windows Live Toolbar)
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1C338B34-1BFB-4BAD-B4A3-7B71A2E221F6}" = GameTap Web Player
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{2156D454-7EBF-11D6-B2FB-0002A5E32BEF}" = Treasure Planet Preview Exclusive
"{25EF03E6-F17B-11D6-88EA-000476CD2443}" = Verizon Online Help & Support
"{2AAD0AD0-99DB-4C13-9796-D4205949B447}" = Scrabble 2
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3727B920-F5A3-46A4-AC02-94F421A039C7}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan
"{45D228AA-4284-467A-9DB6-942B92BFF656}" = DVDDec
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{5158974E-2D28-4018-9335-7694C2974746}" = Fix-It Utilities 9 Professional
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7D2370AC-D8E6-4996-986A-19824F8A167C}" = Logitech QuickCam
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.16
"{8C25E29E-FC5D-44CD-A58C-5746AF303CF2}" = Microsoft Office Outlook Connector
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{95FC661A-A0C5-4B18-92CE-90347DA79CC9}" = Smart Menus (Windows Live Toolbar)
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9B79DCB0-AAD7-456B-8D07-433C936FA24B}" = DS21Patch
"{9F31A1CD-57BC-47AD-B403-C6BD29FF1E2D}" = Sibelius Scorch (ActiveX Only)
"{9F7FC79B-3059-4264-9450-39EB368E3220}" = Microsoft Picture It! Library 9
"{A40D6757-B145-4FE7-B694-89180A9F3F64}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7DC0CAF-0D27-4ACE-8E34-8594C8D7C1DB}" = MMC86
"{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = RemoteCapture 2.7.0
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{C8B732D2-0203-425A-96F3-C8E841F73559}" = Brother HL-2040
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D21553E9-2EC5-4E8C-AB71-07AC07D50BBC}" = EPSON PhotoCenter
"{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}" = Windows Live Toolbar
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0900}" = Microsoft Picture It! Express 9
"{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}" = Windows Live Favorites for Windows Live Toolbar
"{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}" = Map Button (Windows Live Toolbar)
"{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = File Viewer Utility 1.2
"{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}" = Form Fill (Windows Live Toolbar)
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.2 Professional
"Adobe Acrobat Reader 3.0" = Adobe Acrobat Reader 3.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"ATI Display Driver" = ATI Display Driver
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"BFG-Alien Stars" = Alien Stars
"BFGC" = Big Fish Games Client
"BFG-Chicken Invaders 2" = Chicken Invaders 2
"BFG-Chicken Invaders 3" = Chicken Invaders 3
"BUST-A-MOVE 4 TRIAL" = BUST-A-MOVE 4 TRIAL
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DellSupport" = Dell Support 5.0.0 (766)
"ebateswebsavingsdr1.xml" = Web Savings from Ebates
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{45D228AA-4284-467A-9DB6-942B92BFF656}" = ATI DVD Decoder 2.2.0.0
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"InstallShield_{B7DC0CAF-0D27-4ACE-8E34-8594C8D7C1DB}" = ATI Multimedia Center 8.6.0.0
"InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = Canon Utilities File Viewer Utility 1.2
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSN Music Assistant" = MSN Music Assistant
"MSNINST" = MSN
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Musicnotes Player_is1" = Musicnotes Player V1.23.1
"N360" = Norton 360
"Neuratron PhotoScore" = Neuratron PhotoScore
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSSSetup.{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan (Symantec Corporation)
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"PhotoRecord" = Canon PhotoRecord
"PictureIt_POD_v9" = Microsoft Picture It! Library 9
"PictureIt_v9" = Microsoft Picture It! Express 9
"QcDrv" = Logitech® Camera Driver
"Quicken WillMaker Plus 2005" = Quicken WillMaker Plus 2005
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.3.21
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"Silent Package Run-Time Sample" = EPSON CX 4200 4800 Guide
"Star Wars Pit Droids Demo" = Star Wars Pit Droids Demo
"StreetPlugin" = Learn2 Player (Uninstall Only)
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"VZBB" = Verizon Broadband Toolbar
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/14/2010 8:18:49 PM | Computer Name = DHCVK541 | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 4/14/2010 10:07:49 PM | Computer Name = DHCVK541 | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 4/14/2010 10:27:31 PM | Computer Name = DHCVK541 | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 4/14/2010 10:29:41 PM | Computer Name = DHCVK541 | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 4/14/2010 10:40:59 PM | Computer Name = DHCVK541 | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 4/14/2010 10:43:58 PM | Computer Name = DHCVK541 | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 4/14/2010 10:46:09 PM | Computer Name = DHCVK541 | Source = Google Update | ID = 20
Description =

Error - 4/15/2010 7:12:52 PM | Computer Name = DHCVK541 | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 4/15/2010 7:46:05 PM | Computer Name = DHCVK541 | Source = Google Update | ID = 20
Description =

Error - 4/15/2010 8:04:03 PM | Computer Name = DHCVK541 | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

[ System Events ]
Error - 4/14/2010 10:24:55 PM | Computer Name = DHCVK541 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/14/2010 10:26:05 PM | Computer Name = DHCVK541 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/14/2010 10:28:44 PM | Computer Name = DHCVK541 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/14/2010 10:29:14 PM | Computer Name = DHCVK541 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/14/2010 10:30:01 PM | Computer Name = DHCVK541 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/14/2010 10:30:21 PM | Computer Name = DHCVK541 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/14/2010 10:30:27 PM | Computer Name = DHCVK541 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/14/2010 10:37:17 PM | Computer Name = DHCVK541 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/14/2010 10:37:21 PM | Computer Name = DHCVK541 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/14/2010 11:40:57 PM | Computer Name = DHCVK541 | Source = ssidrv | ID = 131098
Description = Failed to set monitor event rule.


< End of report >

thanks again.

aigles_verts
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-04-13
OS OS : Windows XP
Points Points : 24487
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help: PC infected by Digital Protection virus !!!

Post by Belahzur on Fri Apr 16, 2010 8:29 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help: PC infected by Digital Protection virus !!!

Post by aigles_verts on Tue Apr 20, 2010 4:42 pm

Hello.

Since the virus messed my internet connection, I downloaded ComboFix using another computer. When I ran it, I got this message:

"The following file(s) were trying to attach to ComboFix:

c:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll "

Anyway, I tried to run it and as you mentioned below, it couldn't find the XP recovery console and since I couldn't connect to the internet, I couldn't download it either. I tried to load the recovery console from the XP installation CD by entering the following command:

d:\i386\winnt32.exe /cmdcons

Unfortunately, I got a message that said that I was running an older version of windows and I couldn't even continue as the "continue" button was grayed out.

I tried to start the recovery console from c:\i386 but I got the same message.

Even the run command doesn't run from my user profile. It works from the profile created by the virus but limits what I can do.

That's where I am right now.

Thanks

aigles_verts
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-04-13
OS OS : Windows XP
Points Points : 24487
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help: PC infected by Digital Protection virus !!!

Post by Belahzur on Tue Apr 20, 2010 7:48 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help: PC infected by Digital Protection virus !!!

Post by aigles_verts on Wed Apr 21, 2010 5:27 pm

Hello,

I initially ran downloaded and ran Malwarebytes' Anti-Malware in safe mode with networking last week. The first 2 times, it found and deleted many infections. Subsequent runs revealed no infections but still the fact that I don't have control over certain functions of my computer probably says something.

Here are the first 2 logs. I also removed and re-installed Malwarebytes' Anti-Malware and ran it again last night. I have included the log from that run.

1st Log (4/13/2010 run)

Malwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 3930

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

4/13/2010 8:04:31 PM
mbam-log-2010-04-13 (20-04-31).txt

Scan type: Full scan (C:\|)
Objects scanned: 206674
Time elapsed: 47 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 1
Files Infected: 41

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\legacy_windev-45bd-1b5a (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Riaz\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\SYSTEM32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\GTDownDE_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\fiosejgfse.dll (Rogue.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Riaz\Local Settings\Temp\asd10.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Riaz\Local Settings\Temp\asd11.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Riaz\Local Settings\Temp\asd12.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Riaz\Local Settings\Temp\asd13.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Riaz\Local Settings\Temp\asd14.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Riaz\Local Settings\Temp\asd15.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Riaz\Local Settings\Temp\asd17.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Riaz\Local Settings\Temp\asd18.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Riaz\Local Settings\Temp\asd19.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Riaz\Local Settings\Temp\asd20.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Riaz\Local Settings\Temp\asd21.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Riaz\Local Settings\Temp\asd22.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Riaz\Local Settings\Temp\asd23.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\awtoolb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vx.tll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\windev-peers.ini (Trojan.Tibs) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Riaz\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\s32.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\winSystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ws386.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Riaz\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

====================================================

2nd Log (04/14/2010 run)

alwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 3930

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

4/14/2010 12:12:42 AM
mbam-log-2010-04-14 (00-12-42).txt

Scan type: Full scan (C:\|)
Objects scanned: 207146
Time elapsed: 47 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP317\A0218296.ocx (Adware.Gdown) -> Quarantined and deleted successfully.

====================================================
Last Log (4/21/2010 run)

Malwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/20/2010 8:35:16 PM
mbam-log-2010-04-20 (20-35-16).txt

Scan type: Quick scan
Objects scanned: 119734
Time elapsed: 15 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks

aigles_verts
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-04-13
OS OS : Windows XP
Points Points : 24487
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help: PC infected by Digital Protection virus !!!

Post by Belahzur on Wed Apr 21, 2010 9:16 pm

Okay, try Combofix now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help: PC infected by Digital Protection virus !!!

Post by aigles_verts on Fri Apr 23, 2010 2:16 pm

Hello.

I ran Combo Fix last night. Here is the log:

ComboFix 10-04-17.07 - mimi 04/22/2010 19:10:51.1.1 - x86
Running from: c:\soa\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.\documents\settings
c:\documents and settings\All Users.\documents\settings\desktop.ini
c:\documents and settings\All Users\Application Data\pragmamfeklnmal.dll
c:\documents and settings\All Users\Documents\Settings\desktop.ini
c:\documents and settings\All Users\Favorites\_favdata.dat
c:\documents and settings\Riaz\Application Data\Install.dat
c:\documents and settings\Riaz\Application Data\Microsoft\Internet Explorer\Quick Launch\Digital Protection.lnk
c:\documents and settings\Riaz\err.log
c:\documents and settings\Riaz\Start Menu\Programs\Digital Protection
c:\documents and settings\Riaz\Start Menu\Programs\Digital Protection\About.lnk
c:\documents and settings\Riaz\Start Menu\Programs\Digital Protection\Activate.lnk
c:\documents and settings\Riaz\Start Menu\Programs\Digital Protection\Buy.lnk
c:\documents and settings\Riaz\Start Menu\Programs\Digital Protection\Digital Protection Support.lnk
c:\documents and settings\Riaz\Start Menu\Programs\Digital Protection\Digital Protection.lnk
c:\documents and settings\Riaz\Start Menu\Programs\Digital Protection\Scan.lnk
c:\documents and settings\Riaz\Start Menu\Programs\Digital Protection\Settings.lnk
c:\documents and settings\Riaz\Start Menu\Programs\Digital Protection\Update.lnk
c:\windows\g32.txt
c:\windows\gs32.txt
c:\windows\lynago.exe
c:\windows\PRAGMAxgeraphpft
c:\windows\PRAGMAxgeraphpft\PRAGMAd.sys
c:\windows\search_res.txt
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\Data
c:\windows\system32\drivers\cchihlns.sys
c:\windows\system32\drivers\fad.sys
c:\windows\system32\drivers\qilophoe.sys
c:\windows\system32\PRAGMAmpfmqptkya.dll
c:\windows\system32\PRAGMAsewsrsnoxt.log
c:\windows\system32\PRAGMAtblkwdqxns.dll
c:\windows\system32\PRAGMAwnsrsiopob.dat
c:\windows\system32\PRAGMAxyaqpxykmr.dll
c:\windows\system32\temp#01.exe
c:\windows\trace

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PRAGMAd.sys
-------\Legacy_PRAGMAXGERAPHPFT
-------\Service_PRAGMAd.sys
-------\Service_PRAGMAxgeraphpft
-------\Service_windev-45bd-1b5a
-------\Legacy_dmaw
-------\Legacy_edef
-------\Service_dmaw
-------\Service_edef


((((((((((((((((((((((((( Files Created from 2010-03-22 to 2010-04-22 )))))))))))))))))))))))))))))))
.

2010-04-21 00:57 . 2010-04-21 00:57 -------- d-----w- c:\documents and settings\mimi\Application Data\Office Genuine Advantage
2010-04-21 00:18 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-21 00:18 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 00:18 . 2010-04-21 00:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 01:30 . 2002-01-08 21:00 176128 ----a-w- c:\windows\system32\RcdScan.dll
2010-04-19 01:30 . 2000-03-23 16:50 446464 ----a-r- c:\windows\system32\hhactivex.dll
2010-04-19 01:30 . 1998-06-18 03:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2010-04-19 00:56 . 2010-04-19 00:56 -------- d-----w- c:\documents and settings\mimi\Application Data\MSNInstaller
2010-04-15 02:36 . 2010-04-15 02:36 775168 ----a-w- c:\windows\is-SGKDV.exe
2010-04-15 02:36 . 2010-04-15 02:36 -------- d-----w- c:\program files\Webroot
2010-04-15 02:32 . 2010-04-15 02:32 -------- d-----w- c:\documents and settings\mimi\Local Settings\Application Data\Help
2010-04-15 02:25 . 2010-04-15 02:30 -------- d-----w- C:\connerie
2010-04-15 00:37 . 2010-04-15 00:37 -------- d-----w- c:\temp\Webroot
2010-04-14 02:54 . 2010-04-14 10:43 -------- d-----w- c:\program files\mmmmmm
2010-04-14 00:10 . 2010-04-14 00:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avanquest
2010-04-13 23:03 . 2010-04-13 23:03 -------- d-----w- c:\documents and settings\mimi\Application Data\Malwarebytes
2010-04-13 23:03 . 2010-04-13 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-13 23:02 . 2010-04-18 22:43 -------- d-----w- c:\documents and settings\mimi\Application Data\Avanquest
2010-04-13 11:09 . 2010-04-13 11:09 -------- d-sh--w- c:\documents and settings\mimi\PrivacIE
2010-04-13 11:08 . 2010-04-13 11:08 -------- d-----w- c:\documents and settings\mimi\Local Settings\Application Data\Adobe
2010-04-13 11:08 . 2010-04-13 11:08 -------- d-----w- c:\documents and settings\mimi\Application Data\Webroot
2010-04-13 11:08 . 2010-04-13 11:08 127 ----a-w- c:\documents and settings\mimi\Local Settings\Application Data\fusioncache.dat
2010-04-13 11:08 . 2010-04-13 11:08 -------- d-----w- c:\documents and settings\mimi\Application Data\Tific
2010-04-11 21:30 . 2010-04-11 21:30 -------- d-----w- C:\crap
2010-04-10 11:06 . 2010-04-10 11:06 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-04-07 03:23 . 2010-04-07 03:23 -------- d-----w- c:\documents and settings\Riaz\Application Data\Tific

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 01:30 . 2004-01-20 09:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-19 01:08 . 2010-04-13 11:07 89488 ----a-w- c:\documents and settings\mimi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-18 22:58 . 2009-05-05 01:26 -------- d-----w- c:\program files\Common Files\AntiVirus
2010-04-18 22:50 . 2009-05-05 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2010-04-15 02:36 . 2009-04-21 22:27 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2010-04-15 02:36 . 2009-04-21 22:27 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2010-04-15 02:36 . 2009-04-21 22:27 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2010-04-15 02:32 . 2007-10-14 16:02 -------- d-----w- c:\program files\Brownie
2010-04-13 11:13 . 2009-12-09 03:23 -------- d-----w- c:\documents and settings\Riaz\Application Data\Skype
2010-04-10 21:22 . 2010-04-07 03:08 1122672 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\hsplayer.dll
2010-04-10 03:18 . 2010-04-10 11:23 46952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\Download\.hsie2010.exe
2010-04-10 03:18 . 2010-04-10 11:23 24952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\Download\.CLT2010.exe
2010-04-07 03:20 . 2009-03-06 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-07 03:11 . 2009-07-22 01:40 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-07 03:11 . 2009-07-22 01:40 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-07 03:11 . 2009-07-22 01:40 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-07 03:11 . 2009-07-22 01:40 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-07 03:11 . 2004-05-08 01:43 -------- d-----w- c:\program files\Symantec
2010-04-06 05:00 . 2010-04-11 01:43 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\NAVENG.SYS
2010-04-06 05:00 . 2010-04-11 01:43 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\NAVENG32.DLL
2010-04-06 05:00 . 2010-04-11 01:43 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\NAVEX32A.DLL
2010-04-06 05:00 . 2010-04-11 01:43 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\NAVEX15.SYS
2010-04-06 05:00 . 2010-04-11 01:43 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\EECTRL.SYS
2010-04-06 05:00 . 2010-04-11 01:43 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\CCERASER.DLL
2010-04-06 05:00 . 2010-04-11 01:43 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\ECMSVR32.DLL
2010-04-06 05:00 . 2010-04-11 01:43 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\ERASER.SYS
2010-04-01 16:59 . 2006-08-21 03:44 -------- d-----w- c:\documents and settings\Riaz\Application Data\U3
2010-03-25 23:29 . 2010-04-07 03:22 786800 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
2010-03-24 20:38 . 2010-03-24 20:38 536112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
2010-03-24 20:38 . 2010-03-24 20:38 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHRules.dll
2010-03-24 20:38 . 2010-03-24 20:38 1407888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHEngine.dll
2010-03-24 20:38 . 2010-03-24 20:38 678960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx64.sys
2010-03-24 20:38 . 2010-03-24 20:38 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\bbRGen.dll
2010-03-15 20:02 . 2009-12-09 03:28 -------- d-----w- c:\documents and settings\Riaz\Application Data\skypePM
2010-03-10 17:20 . 2007-09-22 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-09 02:38 . 2010-03-15 00:43 10296 ----a-w- C:\mediamp3.dat
2010-03-07 17:39 . 2010-03-07 17:39 766 ----a-r- c:\documents and settings\Riaz\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_6FEFF9B68218417F98F549.exe
2010-03-07 17:39 . 2010-03-07 17:39 2550 ----a-r- c:\documents and settings\Riaz\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_4B398558D64BEDAAA96B4D.exe
2010-03-07 17:39 . 2010-03-07 17:39 1518 ----a-r- c:\documents and settings\Riaz\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_F98765C48A5FB4FED78F81.exe
2010-03-07 17:39 . 2010-03-07 17:39 1078 ----a-r- c:\documents and settings\Riaz\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_E0A372A76FA6D81607D448.exe
2010-03-07 17:39 . 2010-03-07 17:39 1078 ----a-r- c:\documents and settings\Riaz\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_137E768C7DEF57592E29A1.exe
2010-03-07 17:39 . 2010-03-07 17:39 10134 ----a-r- c:\documents and settings\Riaz\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_F62C419210FAA52BE0D7C7.exe
2010-03-07 17:36 . 2010-03-07 17:36 -------- d-----w- c:\program files\MP3 Player Utilities 4.16
2010-02-25 06:24 . 2007-05-21 17:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-22 22:25 . 2004-01-20 09:28 89488 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-11 17:12 . 2010-02-11 17:12 593920 ----a-w- c:\documents and settings\Riaz\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-02-04 02:55 . 2004-08-18 21:57 1140 -c--a-w- c:\windows\eReg.dat
2010-02-04 01:14 . 2009-11-27 02:28 52224 ----a-w- c:\windows\ipuninst.exe
2008-10-18 16:03 . 2008-10-18 16:03 18738 -c--a-w- c:\program files\Common Files\odakeby.ban
2008-10-17 03:18 . 2008-10-17 03:18 17871 -c--a-w- c:\program files\Common Files\dixyhenis.bin
2008-10-17 03:18 . 2008-10-17 03:18 15402 -c--a-w- c:\program files\Common Files\qize.scr
2008-10-17 03:18 . 2008-10-17 03:18 11907 -c--a-w- c:\program files\Common Files\abyn.bat
2004-05-08 01:44 . 2004-05-08 01:44 32 -csha-w- c:\windows\{6919A116-E0A2-4C71-9F7F-857044679B8C}.dat
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-06-07 03:46 . 2005-06-07 03:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe

2004-07-04 16:54 . 2004-01-21 01:10 335872 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

2004-01-20 09:15 . 2006-04-27 01:52 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

2003-02-13 05:01 . 2003-02-13 05:01 155648 c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe

2004-01-20 09:12 . 2002-04-03 07:01 135264 c:\program files\Creative\SBLive\Diagnostics\bak\diagent.exe

2006-04-08 14:21 . 2004-07-19 12:51 306688 c:\program files\Dell Support\bak\DSAgnt.exe

2004-08-29 22:20 . 1999-07-04 03:37 24650 c:\program files\Microsoft Hardware\Game Controllers\Common\bak\swtrayv4.exe

2003-06-18 18:00 . 2003-06-18 18:00 200704 c:\program files\Microsoft Money\System\bak\mnyexpr.exe

2004-01-20 09:22 . 2006-01-17 17:03 53248 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\bak\mmtask.exe

2004-01-20 09:22 . 2006-01-17 17:03 135168 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe

2004-01-20 09:15 . 2006-07-26 02:59 98304 c:\program files\QuickTime\bak\qttask.exe

2006-04-05 20:19 . 2006-02-01 22:33 1880064 c:\program files\verizon\Servicepoint\bak\VerizonServicepoint.exe

2006-04-05 20:16 . 2005-05-23 17:20 50744 c:\program files\Verizon Online\Help Support\bak\VERIZO~1.EXE

2006-04-05 20:17 . 2005-04-13 23:51 385024 c:\program files\Verizon Online\Help Support\SmartBridge\bak\MotiveSB.exe

2004-01-20 09:13 . 2000-05-11 07:00 90112 c:\windows\bak\UpdReg.EXE

2002-08-29 11:00 . 2002-08-29 11:00 13312 c:\windows\SYSTEM32\bak\ctfmon.exe
2003-07-16 16:20 . 2008-04-14 00:12 15360 c:\windows\SYSTEM32\ctfmon.exe

2003-08-13 16:27 . 2003-08-13 16:27 28672 c:\windows\SYSTEM32\bak\DSentry.exe

1980-01-01 06:00 . 2003-04-07 06:07 114688 c:\windows\SYSTEM32\bak\hkcmd.exe
2003-04-07 06:07 . 2003-04-07 06:07 114688 c:\windows\SYSTEM32\hkcmd.exe

1980-01-01 06:00 . 2003-04-07 06:19 155648 c:\windows\SYSTEM32\bak\igfxtray.exe
2003-04-07 06:19 . 2003-04-07 06:19 155648 c:\windows\SYSTEM32\igfxtray.exe

2006-07-09 23:19 . 2005-02-01 19:00 98304 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\E_FATIADA.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
2007-01-11 03:22 73728 ------w- c:\windows\SYSTEM32\VirtualExpander\VEShellExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"BCMSMMSG"="c:\windows\BCMSMMSG.exe" [2003-08-29 122880]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-30 1086856]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-08-31 6515784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

c:\documents and settings\Riaz\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2010-2-6 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2006-4-2 114688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4800 Series
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-02-08 05:13 774168 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-01-19 16:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vspxgen.dll]
c:\documents and settings\Riaz\Local Settings\Application Data\vspxgen.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0401000.020\ccHPx86.sys [2010-02-25 501888]
R2 gupdate1c9fc3ee9518318;Google Update Service (gupdate1c9fc3ee9518318);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-04 133104]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\DRIVERS\NaiFiltr.sys [2002-03-13 23296]
R3 SBRE;SBRE;c:\windows\System32\drivers\SBREdrv.sys [x]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2010-04-15 29808]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [2010-03-24 536112]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.020\Ironx86.SYS [2010-02-27 116784]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe [2010-02-25 126392]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2010-04-15 1201640]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-04-06 102448]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100402.001\IDSxpx86.sys [2009-11-17 329592]


--- Other Services/Drivers In Memory ---

*Deregistered* - SymDS
*Deregistered* - SymEFA
.
Contents of the 'Scheduled Tasks' folder

2010-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 02:56]

2010-04-22 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 21:39]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-04 00:31]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-04 00:31]

2010-04-10 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\program files\Norton 360\Engine\4.1.0.32\navw32.exe [2010-04-07 23:51]

2010-04-11 c:\windows\Tasks\Norton Security Scan for Riaz.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 00:20]

2010-04-22 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2010-04-10 c:\windows\Tasks\wrSpySweeper_L3338A8B9E8554D19ADB40512F26E4D8B.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-04-15 14:16]

2010-04-10 c:\windows\Tasks\wrSpySweeper_L3338A8B9E8554D19ADB40512F26E4D8B.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-04-15 14:16]
.
.
------- Supplementary Scan -------
.
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

BHO-{a298ed31-d405-40e2-880f-b7511948e582} - (no file)
Toolbar-{a298ed31-d405-40e2-880f-b7511948e582} - (no file)
SSODL-FawsGCph-{48A61E7F-E20C-B4D5-F9EC-022E6DE91211} - (no file)
AddRemove-BUST-A-MOVE 4 TRIAL - c:\cyberfront\BUST-A-MOVE 4 TRIAL\Uninst.isu
AddRemove-Star Wars Pit Droids Demo - c:\program files\Lucas Learning\Star Wars Pit Droids Demo\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-04-22 19:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.1.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL

- - - - - - - > 'explorer.exe'(6416)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\VirtualExpander\VEShellExt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\wdfmgr.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Webroot\WebrootSecurity\SSU.EXE
.
**************************************************************************
.
Completion time: 2010-04-22 19:48:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-22 23:47

Pre-Run: 18,182,864,896 bytes free
Post-Run: 18,363,392,000 bytes free

- - End Of File - - ADB3EAC4CC479754216FC70B588E7EF4

Thanks for everything.

aigles_verts
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-04-13
OS OS : Windows XP
Points Points : 24487
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help: PC infected by Digital Protection virus !!!

Post by Belahzur on Fri Apr 23, 2010 3:56 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    File::
    c:\program files\Common Files\odakeby.ban
    c:\program files\Common Files\dixyhenis.bin
    c:\program files\Common Files\qize.scr
    c:\program files\Common Files\abyn.bat
    c:\windows\{6919A116-E0A2-4C71-9F7F-857044679B8C}.dat

    AWF::
    c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe
    c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
    c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
    c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe
    c:\program files\Creative\SBLive\Diagnostics\bak\diagent.exe
    c:\program files\Dell Support\bak\DSAgnt.exe
    c:\program files\Microsoft Hardware\Game Controllers\Common\bak\swtrayv4.exe
    c:\program files\Microsoft Money\System\bak\mnyexpr.exe
    c:\program files\MUSICMATCH\MUSICMATCH Jukebox\bak\mmtask.exe
    c:\program files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe
    c:\program files\QuickTime\bak\qttask.exe
    c:\program files\verizon\Servicepoint\bak\VerizonServicepoint.exe
    c:\program files\Verizon Online\Help Support\bak\VERIZO~1.EXE
    c:\program files\Verizon Online\Help Support\SmartBridge\bak\MotiveSB.exe
    c:\windows\bak\UpdReg.EXE
    c:\windows\SYSTEM32\bak\ctfmon.exe
    c:\windows\SYSTEM32\bak\DSentry.exe
    c:\windows\SYSTEM32\bak\hkcmd.exe
    c:\windows\SYSTEM32\bak\igfxtray.exe
    c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\E_FATIADA.EXE

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vspxgen.dll]

    Reboot::
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help: PC infected by Digital Protection virus !!!

Post by aigles_verts on Sat Apr 24, 2010 6:24 pm

Hello

Here is the ComboFix.txt log.

Thanks

ComboFix 10-04-17.07 - mimi 04/23/2010 20:07:49.2.1 - x86
Running from: c:\soa\Combo-Fix.exe
Command switches used :: c:\soa\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\program files\Common Files\abyn.bat"
"c:\program files\Common Files\dixyhenis.bin"
"c:\program files\Common Files\odakeby.ban"
"c:\program files\Common Files\qize.scr"
"c:\windows\{6919A116-E0A2-4C71-9F7F-857044679B8C}.dat"
.
The following files were disabled during the run:
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\abyn.bat
c:\program files\Common Files\dixyhenis.bin
c:\program files\Common Files\odakeby.ban
c:\program files\Common Files\qize.scr
c:\windows\{6919A116-E0A2-4C71-9F7F-857044679B8C}.dat

.
((((((((((((((((((((((((( Files Created from 2010-03-24 to 2010-04-24 )))))))))))))))))))))))))))))))
.

2010-04-21 00:57 . 2010-04-21 00:57 -------- d-----w- c:\documents and settings\mimi\Application Data\Office Genuine Advantage
2010-04-21 00:18 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-21 00:18 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 00:18 . 2010-04-21 00:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 01:30 . 2002-01-08 21:00 176128 ----a-w- c:\windows\system32\RcdScan.dll
2010-04-19 01:30 . 2000-03-23 16:50 446464 ----a-r- c:\windows\system32\hhactivex.dll
2010-04-19 01:30 . 1998-06-18 03:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2010-04-19 00:56 . 2010-04-19 00:56 -------- d-----w- c:\documents and settings\mimi\Application Data\MSNInstaller
2010-04-15 02:36 . 2010-04-15 02:36 775168 ----a-w- c:\windows\is-SGKDV.exe
2010-04-15 02:36 . 2010-04-15 02:36 -------- d-----w- c:\program files\Webroot
2010-04-15 02:32 . 2010-04-15 02:32 -------- d-----w- c:\documents and settings\mimi\Local Settings\Application Data\Help
2010-04-15 02:25 . 2010-04-15 02:30 -------- d-----w- C:\connerie
2010-04-15 00:37 . 2010-04-15 00:37 -------- d-----w- c:\temp\Webroot
2010-04-14 02:54 . 2010-04-14 10:43 -------- d-----w- c:\program files\mmmmmm
2010-04-14 00:10 . 2010-04-14 00:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avanquest
2010-04-13 23:03 . 2010-04-13 23:03 -------- d-----w- c:\documents and settings\mimi\Application Data\Malwarebytes
2010-04-13 23:03 . 2010-04-13 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-13 23:02 . 2010-04-18 22:43 -------- d-----w- c:\documents and settings\mimi\Application Data\Avanquest
2010-04-13 11:09 . 2010-04-13 11:09 -------- d-sh--w- c:\documents and settings\mimi\PrivacIE
2010-04-13 11:08 . 2010-04-13 11:08 -------- d-----w- c:\documents and settings\mimi\Local Settings\Application Data\Adobe
2010-04-13 11:08 . 2010-04-13 11:08 -------- d-----w- c:\documents and settings\mimi\Application Data\Webroot
2010-04-13 11:08 . 2010-04-13 11:08 127 ----a-w- c:\documents and settings\mimi\Local Settings\Application Data\fusioncache.dat
2010-04-13 11:08 . 2010-04-13 11:08 -------- d-----w- c:\documents and settings\mimi\Application Data\Tific
2010-04-11 21:30 . 2010-04-11 21:30 -------- d-----w- C:\crap
2010-04-10 11:06 . 2010-04-10 11:06 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-04-07 03:23 . 2010-04-07 03:23 -------- d-----w- c:\documents and settings\Riaz\Application Data\Tific

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 01:05 . 2004-01-20 09:15 -------- d-----w- c:\program files\QuickTime
2010-04-24 01:05 . 2006-04-08 14:21 -------- d-----w- c:\program files\Dell Support
2010-04-19 01:30 . 2004-01-20 09:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-19 01:08 . 2010-04-13 11:07 89488 ----a-w- c:\documents and settings\mimi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-18 22:58 . 2009-05-05 01:26 -------- d-----w- c:\program files\Common Files\AntiVirus
2010-04-18 22:50 . 2009-05-05 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2010-04-15 02:36 . 2009-04-21 22:27 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2010-04-15 02:36 . 2009-04-21 22:27 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2010-04-15 02:36 . 2009-04-21 22:27 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2010-04-15 02:32 . 2007-10-14 16:02 -------- d-----w- c:\program files\Brownie
2010-04-13 11:13 . 2009-12-09 03:23 -------- d-----w- c:\documents and settings\Riaz\Application Data\Skype
2010-04-10 21:22 . 2010-04-07 03:08 1122672 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\hsplayer.dll
2010-04-10 03:18 . 2010-04-10 11:23 46952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\Download\.hsie2010.exe
2010-04-10 03:18 . 2010-04-10 11:23 24952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\Download\.CLT2010.exe
2010-04-07 03:20 . 2009-03-06 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-07 03:11 . 2009-07-22 01:40 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-07 03:11 . 2009-07-22 01:40 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-07 03:11 . 2009-07-22 01:40 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-07 03:11 . 2009-07-22 01:40 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-07 03:11 . 2004-05-08 01:43 -------- d-----w- c:\program files\Symantec
2010-04-06 05:00 . 2010-04-11 01:43 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\NAVENG.SYS
2010-04-06 05:00 . 2010-04-11 01:43 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\NAVENG32.DLL
2010-04-06 05:00 . 2010-04-11 01:43 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\NAVEX32A.DLL
2010-04-06 05:00 . 2010-04-11 01:43 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\NAVEX15.SYS
2010-04-06 05:00 . 2010-04-11 01:43 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\EECTRL.SYS
2010-04-06 05:00 . 2010-04-11 01:43 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\CCERASER.DLL
2010-04-06 05:00 . 2010-04-11 01:43 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\ECMSVR32.DLL
2010-04-06 05:00 . 2010-04-11 01:43 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\ERASER.SYS
2010-04-01 16:59 . 2006-08-21 03:44 -------- d-----w- c:\documents and settings\Riaz\Application Data\U3
2010-03-25 23:29 . 2010-04-07 03:22 786800 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
2010-03-24 20:38 . 2010-03-24 20:38 536112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
2010-03-24 20:38 . 2010-03-24 20:38 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHRules.dll
2010-03-24 20:38 . 2010-03-24 20:38 1407888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHEngine.dll
2010-03-24 20:38 . 2010-03-24 20:38 678960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx64.sys
2010-03-24 20:38 . 2010-03-24 20:38 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\bbRGen.dll
2010-03-15 20:02 . 2009-12-09 03:28 -------- d-----w- c:\documents and settings\Riaz\Application Data\skypePM
2010-03-10 17:20 . 2007-09-22 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-09 02:38 . 2010-03-15 00:43 10296 ----a-w- C:\mediamp3.dat
2010-03-07 17:39 . 2010-03-07 17:39 766 ----a-r- c:\documents and settings\Riaz\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_6FEFF9B68218417F98F549.exe
2010-03-07 17:39 . 2010-03-07 17:39 2550 ----a-r- c:\documents and settings\Riaz\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_4B398558D64BEDAAA96B4D.exe
2010-03-07 17:39 . 2010-03-07 17:39 1518 ----a-r- c:\documents and settings\Riaz\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_F98765C48A5FB4FED78F81.exe
2010-03-07 17:39 . 2010-03-07 17:39 1078 ----a-r- c:\documents and settings\Riaz\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_E0A372A76FA6D81607D448.exe
2010-03-07 17:39 . 2010-03-07 17:39 1078 ----a-r- c:\documents and settings\Riaz\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_137E768C7DEF57592E29A1.exe
2010-03-07 17:39 . 2010-03-07 17:39 10134 ----a-r- c:\documents and settings\Riaz\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_F62C419210FAA52BE0D7C7.exe
2010-03-07 17:36 . 2010-03-07 17:36 -------- d-----w- c:\program files\MP3 Player Utilities 4.16
2010-02-25 06:24 . 2007-05-21 17:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-22 22:25 . 2004-01-20 09:28 89488 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-11 17:12 . 2010-02-11 17:12 593920 ----a-w- c:\documents and settings\Riaz\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-02-04 02:55 . 2004-08-18 21:57 1140 -c--a-w- c:\windows\eReg.dat
2010-02-04 01:14 . 2009-11-27 02:28 52224 ----a-w- c:\windows\ipuninst.exe
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
1980-01-01 06:00 . 2003-04-07 06:07 114688 c:\windows\SYSTEM32\bak\hkcmd.exe
2003-04-07 06:07 . 2003-04-07 06:07 114688 c:\windows\SYSTEM32\hkcmd.exe

1980-01-01 06:00 . 2003-04-07 06:19 155648 c:\windows\SYSTEM32\bak\igfxtray.exe
2003-04-07 06:19 . 2003-04-07 06:19 155648 c:\windows\SYSTEM32\igfxtray.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
2007-01-11 03:22 73728 ------w- c:\windows\SYSTEM32\VirtualExpander\VEShellExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"BCMSMMSG"="c:\windows\BCMSMMSG.exe" [2003-08-29 122880]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-30 1086856]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-08-31 6515784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

c:\documents and settings\Riaz\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2010-2-6 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2006-4-2 114688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-02-08 05:13 774168 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-01-19 16:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0401000.020\ccHPx86.sys [2010-02-25 501888]
R2 gupdate1c9fc3ee9518318;Google Update Service (gupdate1c9fc3ee9518318);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-04 133104]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\DRIVERS\NaiFiltr.sys [2002-03-13 23296]
R3 SBRE;SBRE;c:\windows\System32\drivers\SBREdrv.sys [x]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2010-04-15 29808]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [2010-03-24 536112]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.020\Ironx86.SYS [2010-02-27 116784]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe [2010-02-25 126392]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2010-04-15 1201640]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-04-06 102448]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100402.001\IDSxpx86.sys [2009-11-17 329592]


--- Other Services/Drivers In Memory ---

*Deregistered* - SymDS
*Deregistered* - SymEFA
.
Contents of the 'Scheduled Tasks' folder

2010-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 02:56]

2010-04-24 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 21:39]

2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-04 00:31]

2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-04 00:31]

2010-04-24 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\program files\Norton 360\Engine\4.1.0.32\navw32.exe [2010-04-07 23:51]

2010-04-11 c:\windows\Tasks\Norton Security Scan for Riaz.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 00:20]

2010-04-24 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-04-23 21:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.1.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL

- - - - - - - > 'explorer.exe'(7040)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\VirtualExpander\VEShellExt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\wdfmgr.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Webroot\WebrootSecurity\SSU.EXE
.
**************************************************************************
.
Completion time: 2010-04-23 21:19:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-24 01:19
ComboFix2.txt 2010-04-22 23:48

Pre-Run: 18,396,774,400 bytes free
Post-Run: 18,329,858,048 bytes free

- - End Of File - - 429F0C3471EE52EEABC68B35EA1D2F00

aigles_verts
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-04-13
OS OS : Windows XP
Points Points : 24487
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help: PC infected by Digital Protection virus !!!

Post by Belahzur on Sat Apr 24, 2010 7:11 pm

Hello.

Please allow Combofix to install thge Recovery Console.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    AWF::
    c:\windows\SYSTEM32\bak\hkcmd.exe
    c:\windows\SYSTEM32\bak\igfxtray.exe

    Folder::
    c:\windows\SYSTEM32\bak

    Reboot::
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help: PC infected by Digital Protection virus !!!

Post by aigles_verts on Sat Apr 24, 2010 8:42 pm

Hello.

I will try to do that. The problem I have been having also is that I think the virus disabled or messed up my internet connection or the internet.exe file. Everytime I double click on the internet icon, a window pops up with a list of other programs with which to open internet explorer.

I will try to rerun the installation CD from the service provider and see if I can re-establish my connection. And I will rerun ComboFix.

Thanks

aigles_verts
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-04-13
OS OS : Windows XP
Points Points : 24487
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help: PC infected by Digital Protection virus !!!

Post by Belahzur on Sat Apr 24, 2010 8:43 pm

Hello.
Don't worry about that error, this should fix it.

Please download exeHelper from one of the two links.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help: PC infected by Digital Protection virus !!!

Post by aigles_verts on Sun Apr 25, 2010 3:17 pm

Hello

I ran exeHelper under my user profile and cmd function worked this time. Although my internet explorer was still not working, I did have an active internet connection and ComboFix was able to download and install the recovery console.

I am posting the log from exeHelper as well as the log from ComboFix.

Here is log.txt from exeHelper:

exeHelper by Raktor
Build 20100414
Run at 23:39:17 on 04/24/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Removing HKCR\secfile
Resetting filetype association for .com
Removing HKCR\secfile
Resetting userinit and shell values...
Resetting policies...
--Finished--

==============================================

Here is the log from ComboFix:

ComboFix 10-04-17.07 - Riaz 04/25/2010 0:00.3.1 - x86
Running from: c:\soa\Combo-Fix.exe
Command switches used :: c:\soa\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SYSTEM32\bak
c:\windows\SYSTEM32\bak\hkcmd.exe
c:\windows\SYSTEM32\bak\igfxtray.exe

.
((((((((((((((((((((((((( Files Created from 2010-03-25 to 2010-04-25 )))))))))))))))))))))))))))))))
.

2010-04-25 04:14 . 2010-04-25 04:14 -------- d-----w- c:\documents and settings\Riaz\Application Data\Malwarebytes
2010-04-21 00:57 . 2010-04-21 00:57 -------- d-----w- c:\documents and settings\mimi\Application Data\Office Genuine Advantage
2010-04-19 00:56 . 2010-04-19 00:56 -------- d-----w- c:\documents and settings\mimi\Application Data\MSNInstaller
2010-04-14 00:10 . 2010-04-14 00:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avanquest
2010-04-13 23:03 . 2010-04-13 23:03 -------- d-----w- c:\documents and settings\mimi\Application Data\Malwarebytes
2010-04-13 23:03 . 2010-04-13 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-13 23:02 . 2010-04-18 22:43 -------- d-----w- c:\documents and settings\mimi\Application Data\Avanquest
2010-04-13 11:08 . 2010-04-13 11:08 -------- d-----w- c:\documents and settings\mimi\Application Data\Webroot
2010-04-13 11:08 . 2010-04-13 11:08 -------- d-----w- c:\documents and settings\mimi\Application Data\Tific
2010-04-13 11:07 . 2006-04-08 14:22 -------- d-----w- c:\documents and settings\mimi\Application Data\Gtek
2010-04-13 11:07 . 2004-01-20 09:25 -------- d-----w- c:\documents and settings\mimi\Application Data\Jasc Software Inc
2010-04-13 11:07 . 2004-01-20 09:21 -------- d-----w- c:\documents and settings\mimi\Application Data\Sonic
2010-04-07 03:23 . 2010-04-07 03:23 -------- d-----w- c:\documents and settings\Riaz\Application Data\Tific

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 01:05 . 2004-01-20 09:15 -------- d-----w- c:\program files\QuickTime
2010-04-24 01:05 . 2006-04-08 14:21 -------- d-----w- c:\program files\Dell Support
2010-04-21 00:18 . 2010-04-21 00:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 01:30 . 2004-01-20 09:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-19 01:08 . 2010-04-13 11:07 89488 ----a-w- c:\documents and settings\mimi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-18 22:58 . 2009-05-05 01:26 -------- d-----w- c:\program files\Common Files\AntiVirus
2010-04-18 22:50 . 2009-05-05 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2010-04-15 02:36 . 2010-04-15 02:36 775168 ----a-w- c:\windows\is-SGKDV.exe
2010-04-15 02:36 . 2009-04-21 22:27 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2010-04-15 02:36 . 2009-04-21 22:27 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2010-04-15 02:36 . 2009-04-21 22:27 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2010-04-15 02:36 . 2010-04-15 02:36 -------- d-----w- c:\program files\Webroot
2010-04-15 02:32 . 2007-10-14 16:02 -------- d-----w- c:\program files\Brownie
2010-04-14 10:43 . 2010-04-14 02:54 -------- d-----w- c:\program files\mmmmmm
2010-04-13 11:13 . 2009-12-09 03:23 -------- d-----w- c:\documents and settings\Riaz\Application Data\Skype
2010-04-13 11:08 . 2010-04-13 11:08 127 ----a-w- c:\documents and settings\mimi\Local Settings\Application Data\fusioncache.dat
2010-04-10 21:22 . 2010-04-07 03:08 1122672 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\hsplayer.dll
2010-04-10 03:18 . 2010-04-10 11:23 46952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\Download\.hsie2010.exe
2010-04-10 03:18 . 2010-04-10 11:23 24952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\Download\.CLT2010.exe
2010-04-07 03:20 . 2009-03-06 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-07 03:11 . 2009-07-22 01:40 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-07 03:11 . 2009-07-22 01:40 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-07 03:11 . 2009-07-22 01:40 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-07 03:11 . 2009-07-22 01:40 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-07 03:11 . 2004-05-08 01:43 -------- d-----w- c:\program files\Symantec
2010-04-06 05:00 . 2010-04-11 01:43 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\NAVENG.SYS
2010-04-06 05:00 . 2010-04-11 01:43 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\NAVENG32.DLL
2010-04-06 05:00 . 2010-04-11 01:43 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\NAVEX32A.DLL
2010-04-06 05:00 . 2010-04-11 01:43 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\NAVEX15.SYS
2010-04-06 05:00 . 2010-04-11 01:43 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\EECTRL.SYS
2010-04-06 05:00 . 2010-04-11 01:43 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\CCERASER.DLL
2010-04-06 05:00 . 2010-04-11 01:43 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\ECMSVR32.DLL
2010-04-06 05:00 . 2010-04-11 01:43 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100410.020\ERASER.SYS
2010-04-01 16:59 . 2006-08-21 03:44 -------- d-----w- c:\documents and settings\Riaz\Application Data\U3
2010-03-30 04:46 . 2010-04-21 00:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2010-04-21 00:18 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 23:29 . 2010-04-07 03:22 786800 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
2010-03-24 20:38 . 2010-03-24 20:38 536112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
2010-03-24 20:38 . 2010-03-24 20:38 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHRules.dll
2010-03-24 20:38 . 2010-03-24 20:38 1407888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHEngine.dll
2010-03-24 20:38 . 2010-03-24 20:38 678960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx64.sys
2010-03-24 20:38 . 2010-03-24 20:38 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\bbRGen.dll
2010-03-15 20:02 . 2009-12-09 03:28 -------- d-----w- c:\documents and settings\Riaz\Application Data\skypePM
2010-03-10 17:20 . 2007-09-22 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-09 02:38 . 2010-03-15 00:43 10296 ----a-w- C:\mediamp3.dat
2010-03-07 17:39 . 2010-03-07 17:39 766 ----a-r- c:\documents and settings\Riaz\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_6FEFF9B68218417F98F549.exe
2010-03-07 17:39 . 2010-03-07 17:39 2550 ----a-r- c:\documents and settings\Riaz\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_4B398558D64BEDAAA96B4D.exe
2010-03-07 17:39 . 2010-03-07 17:39 1518 ----a-r- c:\documents and settings\Riaz\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_F98765C48A5FB4FED78F81.exe
2010-03-07 17:39 . 2010-03-07 17:39 1078 ----a-r- c:\documents and settings\Riaz\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_E0A372A76FA6D81607D448.exe
2010-03-07 17:39 . 2010-03-07 17:39 1078 ----a-r- c:\documents and settings\Riaz\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_137E768C7DEF57592E29A1.exe
2010-03-07 17:39 . 2010-03-07 17:39 10134 ----a-r- c:\documents and settings\Riaz\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_F62C419210FAA52BE0D7C7.exe
2010-03-07 17:36 . 2010-03-07 17:36 -------- d-----w- c:\program files\MP3 Player Utilities 4.16
2010-02-25 06:24 . 2007-05-21 17:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-22 22:25 . 2004-01-20 09:28 89488 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-11 17:12 . 2010-02-11 17:12 593920 ----a-w- c:\documents and settings\Riaz\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-02-04 02:55 . 2004-08-18 21:57 1140 -c--a-w- c:\windows\eReg.dat
2010-02-04 01:14 . 2009-11-27 02:28 52224 ----a-w- c:\windows\ipuninst.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
2007-01-11 03:22 73728 ------w- c:\windows\SYSTEM32\VirtualExpander\VEShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"BCMSMMSG"="c:\windows\BCMSMMSG.exe" [2003-08-29 122880]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-30 1086856]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-08-31 6515784]

c:\documents and settings\Riaz\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2010-2-6 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2006-4-2 114688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-02-08 05:13 774168 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-01-19 16:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0401000.020\ccHPx86.sys [2010-02-25 501888]
R2 gupdate1c9fc3ee9518318;Google Update Service (gupdate1c9fc3ee9518318);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-04 133104]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\DRIVERS\NaiFiltr.sys [2002-03-13 23296]
R3 SBRE;SBRE;c:\windows\System32\drivers\SBREdrv.sys [x]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2010-04-15 29808]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [2010-03-24 536112]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.020\Ironx86.SYS [2010-02-27 116784]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe [2010-02-25 126392]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2010-04-15 1201640]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-04-06 102448]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100402.001\IDSxpx86.sys [2009-11-17 329592]


--- Other Services/Drivers In Memory ---

*Deregistered* - SymDS
*Deregistered* - SymEFA
.
Contents of the 'Scheduled Tasks' folder

2010-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 02:56]

2010-04-25 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 21:39]

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-04 00:31]

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-04 00:31]

2010-04-24 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\program files\Norton 360\Engine\4.1.0.32\navw32.exe [2010-04-07 23:51]

2010-04-11 c:\windows\Tasks\Norton Security Scan for Riaz.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 00:20]

2010-04-25 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.16\AMVConverter\grab.html
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?4c1f092854ab45069a57e8e309688a1d
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?4c1f092854ab45069a57e8e309688a1d
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-gvagfxj - (no file)
HKCU-Run-SysOps - (no file)
HKCU-Run-Service - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-04-25 00:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.1.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(7632)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\VirtualExpander\VEShellExt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\windows\System32\CTsvcCDA.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\wdfmgr.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Webroot\WebrootSecurity\SSU.EXE
.
**************************************************************************
.
Completion time: 2010-04-25 00:29:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-25 04:29
ComboFix2.txt 2010-04-24 01:19
ComboFix3.txt 2010-04-22 23:48

Pre-Run: 18,321,248,256 bytes free
Post-Run: 18,228,207,616 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 8E75417F378BC0A125306A0BA21F7D11

aigles_verts
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-04-13
OS OS : Windows XP
Points Points : 24487
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help: PC infected by Digital Protection virus !!!

Post by Belahzur on Sun Apr 25, 2010 9:12 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help: PC infected by Digital Protection virus !!!

Post by aigles_verts on Sun Apr 25, 2010 9:30 pm

The digital protection icon in the task bar as well as those adult sites icons are gone for good. The only problem that I have been having thus far is running internet explorer. When I click on the icon, it just opens a window showing programs with which to open the application (none of which have anything to do with internet explorer). I am guessing during the infection, the internet explorer exe file must have been moved somewhere else. I might use the provider's installation CD to see if it might work that way. Any suggestions on that problem ?

Otherwise, it looks like it's working fine. Once I have internet explorer working, I'll need to update Norton 360 and SpySweeper since they have been out of commission for a while.

I will let you know how everything turns out once I uninstall ComboFix.

Thanks

aigles_verts
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-04-13
OS OS : Windows XP
Points Points : 24487
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help: PC infected by Digital Protection virus !!!

Post by Belahzur on Mon Apr 26, 2010 12:16 am

Hello.
Run exeHelper again, see if that helps at all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help: PC infected by Digital Protection virus !!!

Post by aigles_verts on Fri Apr 30, 2010 4:51 pm

Hello,

Looks like things are back to normal again.

Thank you so much.

aigles_verts
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-04-13
OS OS : Windows XP
Points Points : 24487
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help: PC infected by Digital Protection virus !!!

Post by Belahzur on Fri Apr 30, 2010 7:07 pm

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help: PC infected by Digital Protection virus !!!

Post by aigles_verts on Tue May 04, 2010 3:16 am

Hello,

I ran the ESET Online Scanner. Here is the log file:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=65412541baa72f41b44e1bc14336d3e3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-04 02:40:25
# local_time=2010-05-03 10:40:25 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=93536
# found=1
# cleaned=1
# scan_time=11492
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP317\A0218320.exe a variant of Win32/Kryptik.EAL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

During the scan, my other anti virus programs blocked and removed 3 trojan virus and 2 other threats (backdoor.tidserv...).

That's it for now.

Thanks again.

aigles_verts
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-04-13
OS OS : Windows XP
Points Points : 24487
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help: PC infected by Digital Protection virus !!!

Post by Belahzur on Tue May 04, 2010 10:44 pm

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum