Backdoor.Tidserv virus (windows/system32/drivers/omci.sys)

View previous topic View next topic Go down

Backdoor.Tidserv virus (windows/system32/drivers/omci.sys)

Post by maobtrg on 4th July 2010, 5:46 pm

Hi could you please help me remove a Backdoor.Tidserv virus located in(windows/system32/drivers/omci.sys) it was found by Symantec and sent to quarantine but it will not allow me to delete it .... please help.

THANKS !!!!!


Last edited by maobtrg on 4th July 2010, 5:48 pm; edited 1 time in total

maobtrg
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-07-03
Gender Gender : Male
OS OS : windows XP
Protection Protection : Symantec
Points Points : 23546
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv virus (windows/system32/drivers/omci.sys)

Post by Sneakyone on 4th July 2010, 5:47 pm

Hi, Welcome to GeekPolice.net! Smile

Download [You must be registered and logged in to see this link.] to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    nvstor32.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    nvrd32.sys
    /md5stop
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time



Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv virus (windows/system32/drivers/omci.sys)

Post by maobtrg on 4th July 2010, 6:09 pm

Hello Sneakyone, there was only one report generated here it is:

OTL logfile created on: 7/4/2010 10:49:51 AM - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Patricia\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 112.00 Mb Available Physical Memory | 22.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 7.26 Gb Free Space | 12.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAXVENTASPC
Current User Name: Mauricio Buitrago
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/04 10:49:06 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patricia\Desktop\OTL.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/22 04:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2007/08/07 09:46:02 | 000,077,824 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\Unicenter Software Delivery\BIN\TRIGGAG.exe
PRC - [2007/08/07 09:46:01 | 000,032,768 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\Unicenter Software Delivery\BIN\SDServ.exe
PRC - [2007/05/24 10:13:54 | 002,691,158 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
PRC - [2007/05/24 10:13:50 | 000,036,955 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
PRC - [2007/05/24 10:13:48 | 000,106,586 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
PRC - [2006/08/09 14:59:34 | 000,139,264 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Sprint\AirCard 580\Sprint PCS Connection Manager\SPCSUtilityService.exe
PRC - [2006/08/09 14:58:22 | 000,221,184 | ---- | M] () -- C:\Program Files\Sprint\AirCard 580\Sprint PCS Connection Manager\SPCSCM.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/06/23 19:27:36 | 000,085,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2005/06/23 19:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/06/23 19:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/06/02 09:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/06/02 09:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/06/02 09:21:38 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/10/30 14:59:54 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/09/08 11:15:58 | 000,241,664 | ---- | M] (Computer Associates International, Inc.) -- C:\SxpInst\sxplog32.exe
PRC - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004/09/07 16:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/09/07 16:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/09/07 16:03:40 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/09/07 16:02:40 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/09/07 16:02:04 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/07/27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2001/06/26 19:49:58 | 000,086,016 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe


========== Modules (SafeList) ==========

MOD - [2010/07/04 10:49:06 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patricia\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/12/02 13:21:50 | 000,120,128 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2008/08/29 10:00:30 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2007/08/07 09:46:01 | 000,032,768 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE -- (SDService)
SRV - [2007/05/24 10:13:50 | 000,036,955 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe -- (SR_Watchdog)
SRV - [2007/05/24 10:13:48 | 000,106,586 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe -- (SR_Service)
SRV - [2006/08/09 14:59:34 | 000,139,264 | ---- | M] (Sprint Spectrum, L.L.C) [Auto | Running] -- C:\Program Files\Sprint\AirCard 580\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService)
SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/06/23 19:27:30 | 000,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/06/23 19:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/06/23 19:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/06/02 09:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/06/02 09:21:46 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/06/02 09:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/22 12:03:28 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 21:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 16:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 16:02:40 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/09/07 16:02:04 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)


========== Driver Services (SafeList) ==========

DRV - [2010/06/17 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/17 01:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100702.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/17 01:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100702.003\NAVENG.SYS -- (NAVENG)
DRV - [2009/12/02 13:12:46 | 000,171,400 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2009/12/02 13:12:46 | 000,142,848 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
DRV - [2009/12/02 13:12:46 | 000,028,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/12/02 13:12:40 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/02 13:12:36 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/12/02 13:12:34 | 000,038,680 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctnullport.sys -- (Nmea)
DRV - [2009/12/02 13:10:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2009/03/31 12:57:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007/05/24 10:13:58 | 000,036,368 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\omdrv.sys -- (CP_OMDRV)
DRV - [2007/05/24 10:13:54 | 002,234,800 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fw.sys -- (FW1)
DRV - [2007/05/24 10:13:52 | 000,110,032 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnasc.sys -- (VNASC)
DRV - [2007/05/24 10:13:50 | 000,673,456 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\vpn.sys -- (VPN-1)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/05/13 19:50:10 | 000,123,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/04/22 12:03:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/22 12:03:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/03/30 21:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/03/10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/02/04 20:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/04 20:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/10/21 15:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2004/08/31 08:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/23 14:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/12 08:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/06/17 15:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 15:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 15:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/06/14 08:00:00 | 000,035,270 | ---- | M] (Attachmate Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atmdlc.sys -- (ATMDLC)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [2001/08/17 14:05:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner)
DRV - [2001/08/17 12:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [1998/07/07 13:59:34 | 000,016,288 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SCFBPNT.SYS -- (ScFBPNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search, =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2007/12/09 21:21:10 | 000,212,597 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 7475 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe File not found
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SDJobCheck] C:\Program Files\CA\Unicenter Software Delivery\BIN\triggusr.exe (Computer Associates International, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Sxplog] C:\SxpInst\sxpstub.exe (Computer Associates International, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} [You must be registered and logged in to see this link.] (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [You must be registered and logged in to see this link.] (Symantec AntiVirus scanner)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} [You must be registered and logged in to see this link.] (Symantec RuFSI Utility Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [You must be registered and logged in to see this link.] (Performance Viewer Activex Control)
O16 - DPF: CabBuilder [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ckpNotify: DllName - ckpNotify.dll - C:\WINDOWS\System32\ckpNotify.dll (Check Point Software Technologies)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Patricia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/04 18:54:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{001bb624-b4a8-11dc-aff9-0013ce577ce4}\Shell\Auto\command - "" = fun.xls.exe
O33 - MountPoints2\{001bb624-b4a8-11dc-aff9-0013ce577ce4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{700fa2d2-ed93-11dd-b4cb-541ec9b6a907}\Shell\AutoRun\command - "" = System\DriveGuard\DriveProtect.exe -run 
O33 - MountPoints2\{700fa2d2-ed93-11dd-b4cb-541ec9b6a907}\Shell\Explore\Command - "" = System\DriveGuard\DriveProtect.exe -run  
O33 - MountPoints2\{700fa2d2-ed93-11dd-b4cb-541ec9b6a907}\Shell\Open\Command - "" = System\DriveGuard\DriveProtect.exe -run 
O33 - MountPoints2\{72dd0af5-34ca-11df-b8cf-00a0d5ffff85}\Shell\AutoRun\command - "" = E:\ContinentalLieFLatBed.exe -- File not found
O33 - MountPoints2\{8d911960-be9a-11de-b7aa-541ec9b6a907}\Shell\Auto\command - "" = E:\sal.xls.exe -- File not found
O33 - MountPoints2\{8d911960-be9a-11de-b7aa-541ec9b6a907}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a01b0eea-0bd7-11df-b85f-00a0d5ffff85}\Shell\auto\command - "" = Clean.exe open
O33 - MountPoints2\{a01b0eea-0bd7-11df-b85f-00a0d5ffff85}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a01b0eea-0bd7-11df-b85f-00a0d5ffff85}\Shell\explore\command - "" = Clean.exe open
O33 - MountPoints2\{a01b0eea-0bd7-11df-b85f-00a0d5ffff85}\Shell\find\command - "" = Clean.exe open
O33 - MountPoints2\{a01b0eea-0bd7-11df-b85f-00a0d5ffff85}\Shell\install\command - "" = Clean.exe open
O33 - MountPoints2\{a4e7e6e0-f7a8-11dc-b109-00123f0938f1}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{eac7bb26-99cb-11de-b73d-00a0d5ffff85}\Shell - "" = AutoRun
O33 - MountPoints2\{eac7bb26-99cb-11de-b73d-00a0d5ffff85}\Shell\Auto\command - "" = E:\MsInfo.msi -- File not found
O33 - MountPoints2\{eac7bb26-99cb-11de-b73d-00a0d5ffff85}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/10/01 11:17:16 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "wuauserv"
MsConfig - Services: "ERSvc"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe - (FUJI PHOTO FILM CO., LTD.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing, Inc.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe File not found
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\MSN Messenger\MsnMsgr.Exe File not found
MsConfig - StartUpReg: MySpaceIM - hkey= - key= - C:\Program Files\MySpace\IM\MySpaceIM.exe File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe File not found
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe File not found
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files\TomTom HOME 2\HOMERunner.exe File not found
MsConfig - StartUpReg: updateMgr - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
MsConfig - StartUpReg: WebCamRT.exe - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()

maobtrg
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-07-03
Gender Gender : Male
OS OS : windows XP
Protection Protection : Symantec
Points Points : 23546
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv virus (windows/system32/drivers/omci.sys)

Post by maobtrg on 4th July 2010, 6:10 pm

========== Files/Folders - Created Within 90 Days ==========

[2010/07/04 00:05:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Patricia\Recent
[2010/07/03 09:58:09 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patricia\Desktop\OTL.exe
[2010/07/01 17:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Application Data\Malwarebytes
[2010/07/01 17:28:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/01 17:28:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/01 17:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/01 16:58:09 | 000,000,000 | ---D | C] -- C:\Muestras
[2010/07/01 14:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/30 22:51:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Local Settings\Application Data\ktilnfbmp
[2010/06/23 15:20:42 | 000,000,000 | ---D | C] -- C:\LTP
[2010/06/04 20:46:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/06/04 20:46:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/06/04 20:46:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/06/04 20:46:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/06/04 20:46:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/06/04 20:46:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/06/04 20:46:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/06/04 20:46:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/06/04 20:46:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/06/04 20:46:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/06/04 20:46:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/06/04 20:46:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/06/04 20:46:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/06/04 20:46:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/06/04 20:46:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/06/04 20:46:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/06/04 20:46:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/06/03 07:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/04 10:49:06 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patricia\Desktop\OTL.exe
[2010/07/04 09:44:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/04 09:43:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/04 09:42:24 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Patricia\NTUSER.DAT
[2010/07/04 09:41:48 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Patricia\ntuser.ini
[2010/07/04 09:41:11 | 005,359,546 | -H-- | M] () -- C:\Documents and Settings\Patricia\Local Settings\Application Data\IconCache.db
[2010/07/03 20:11:19 | 000,072,552 | ---- | M] () -- C:\Documents and Settings\Patricia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/03 18:43:40 | 000,060,928 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\precisesecurity.doc
[2010/07/03 15:11:55 | 000,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/03 11:36:00 | 000,327,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/03 01:33:40 | 000,443,532 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/03 01:33:40 | 000,383,822 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/03 01:33:40 | 000,054,010 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/02 19:52:36 | 000,017,111 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\AS400 NEW.edp
[2010/07/02 18:09:18 | 000,163,840 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\SkyTeam Sales Blitz LAX updates.xls
[2010/07/02 17:41:18 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\Acapulco Travel MS Jun Jul.xls
[2010/07/02 15:36:23 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\DISCOUNT EXHIBIT 01EMPXXXJul10 - Alliance Beverage LAX MM.doc
[2010/07/01 17:36:29 | 000,001,054 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\Sprint PCS Connection Manager.lnk
[2010/07/01 15:38:54 | 000,044,357 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\John Nguyen.jpg
[2010/07/01 13:49:33 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\Shortcut to conf.exe.lnk
[2010/06/25 18:21:23 | 000,059,904 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\Reporte agencias visitas Giancarlo.xls
[2010/06/25 18:10:51 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\Picasso AM MIDAS YTD AUG.xls
[2010/06/25 17:46:35 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Patricia\My Documents\Agencias en Los Angeles.xls
[2010/06/25 17:31:00 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\Cassis AM MIDAS YTD AUG.xls
[2010/06/25 17:18:16 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\Trans AM MIDAS YTD AUG.xls
[2010/06/25 17:00:43 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\Victory MIDAS YTD AUG.xls
[2010/06/25 16:07:13 | 000,078,848 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\Ibero MIDAS YTD AUG.xls
[2010/06/25 15:40:42 | 000,075,776 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\Centravel MIDAS YTD AUG.xls
[2010/06/25 12:34:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\default.dic
[2010/06/24 14:03:51 | 000,163,328 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\Copy of SkyTeam Sales Blitz LAX.xls
[2010/06/24 10:46:20 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\Copy of Report_803741e87c2c4e3cb986c0c9ccaf9752.xls
[2010/06/23 15:39:19 | 000,000,555 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\LTP Shares Emulator.LNK
[2010/06/23 15:39:08 | 000,000,491 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\Azteca 273116.lnk
[2010/06/19 18:44:39 | 000,940,226 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\Disneyland_403462413923.pdf
[2010/06/19 18:43:26 | 000,078,467 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\PAYMENT_RECEIPT.pdf
[2010/06/14 23:31:10 | 000,000,866 | ---- | M] () -- C:\WINDOWS\EZPHOTO.INI
[2010/06/11 09:20:24 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/06/08 10:28:15 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\WR jun 8.xls
[2010/06/07 12:16:56 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\SkyTeam Sales Blitz LAX.xls
[2010/06/07 10:54:53 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\WR jun 7.xls
[2010/06/07 00:30:18 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\Acapulco MIDAS Jun 5.xls
[2010/06/05 08:20:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/02 17:50:52 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\WR jun 2.xls
[2010/06/02 17:41:07 | 000,066,048 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\wr may 25.xls
[2010/06/02 14:56:14 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\Ibero MS May Jun.xls
[2010/06/02 14:42:33 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\Acapulco MS May Jun.xls
[2010/05/30 19:30:15 | 000,095,744 | ---- | M] () -- C:\Documents and Settings\Patricia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/24 18:41:15 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\Paseo 3 meses a futuro.xls
[2010/05/13 18:09:20 | 000,293,888 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\Copy of MASTER DATABASE-ACCOUNT 2010-2011-WEST REGION.xls
[2010/05/13 18:08:52 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\Share top 10 LAX vista May 10.xls
[2010/05/11 15:33:30 | 000,078,336 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\comunicado base datos sectur con nuevas medidas de facilitación migratoria (3).doc
[2010/05/11 12:26:56 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\Copy of DISTRESS 10MAY.xls
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/23 18:16:02 | 000,098,816 | ---- | M] () -- C:\Documents and Settings\Patricia\Desktop\PYMES OESTE jan 2010.xls
[2010/04/21 23:36:59 | 000,120,832 | ---- | M] () -- C:\Documents and Settings\Patricia\My Documents\Support Espanol.doc
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/03 14:23:09 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\precisesecurity.doc
[2010/07/02 16:54:50 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\Acapulco Travel MS Jun Jul.xls
[2010/07/02 15:19:47 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\DISCOUNT EXHIBIT 01EMPXXXJul10 - Alliance Beverage LAX MM.doc
[2010/07/01 17:36:29 | 000,001,054 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\Sprint PCS Connection Manager.lnk
[2010/07/01 15:38:54 | 000,044,357 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\John Nguyen.jpg
[2010/07/01 13:49:33 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\Shortcut to conf.exe.lnk
[2010/06/28 08:04:32 | 000,163,840 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\SkyTeam Sales Blitz LAX updates.xls
[2010/06/25 18:10:51 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\Picasso AM MIDAS YTD AUG.xls
[2010/06/25 17:46:35 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Patricia\My Documents\Agencias en Los Angeles.xls
[2010/06/25 17:29:38 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\Cassis AM MIDAS YTD AUG.xls
[2010/06/25 17:18:16 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\Trans AM MIDAS YTD AUG.xls
[2010/06/25 14:30:53 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\Reporte agencias visitas Giancarlo.xls
[2010/06/25 12:34:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\default.dic
[2010/06/25 12:25:55 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\Victory MIDAS YTD AUG.xls
[2010/06/25 11:48:40 | 000,078,848 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\Ibero MIDAS YTD AUG.xls
[2010/06/25 11:24:58 | 000,075,776 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\Centravel MIDAS YTD AUG.xls
[2010/06/24 11:50:43 | 000,163,328 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\Copy of SkyTeam Sales Blitz LAX.xls
[2010/06/24 10:46:20 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\Copy of Report_803741e87c2c4e3cb986c0c9ccaf9752.xls
[2010/06/23 15:39:19 | 000,000,555 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\LTP Shares Emulator.LNK
[2010/06/23 15:37:03 | 000,000,491 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\Azteca 273116.lnk
[2010/06/19 18:44:34 | 000,940,226 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\Disneyland_403462413923.pdf
[2010/06/19 18:43:23 | 000,078,467 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\PAYMENT_RECEIPT.pdf
[2010/06/08 10:28:15 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\WR jun 8.xls
[2010/06/07 10:54:06 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\WR jun 7.xls
[2010/06/06 21:06:35 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\Acapulco MIDAS Jun 5.xls
[2010/06/02 12:49:02 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\Ibero MS May Jun.xls
[2010/06/02 12:44:54 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\Acapulco MS May Jun.xls
[2010/06/02 10:55:09 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\WR jun 2.xls
[2010/06/01 10:49:19 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\SkyTeam Sales Blitz LAX.xls
[2010/05/25 09:40:15 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\wr may 25.xls
[2010/05/24 18:19:50 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\Paseo 3 meses a futuro.xls
[2010/05/13 18:09:20 | 000,293,888 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\Copy of MASTER DATABASE-ACCOUNT 2010-2011-WEST REGION.xls
[2010/05/13 16:47:12 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\Share top 10 LAX vista May 10.xls
[2010/05/11 15:33:29 | 000,078,336 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\comunicado base datos sectur con nuevas medidas de facilitación migratoria (3).doc
[2010/05/11 12:24:33 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\Copy of DISTRESS 10MAY.xls
[2010/04/23 15:56:41 | 000,098,816 | ---- | C] () -- C:\Documents and Settings\Patricia\Desktop\PYMES OESTE jan 2010.xls
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/11/12 16:12:13 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\PPA8Usd.dll
[2009/11/12 16:12:12 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\IRSCANA8.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007/12/21 00:45:37 | 000,000,016 | ---- | C] () -- C:\WINDOWS\RealityFusion.ini
[2007/12/21 00:38:28 | 000,000,544 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2007/12/03 18:06:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/09/22 10:53:44 | 000,000,421 | ---- | C] () -- C:\WINDOWS\PCPHOTO.INI
[2007/09/18 10:33:04 | 000,004,411 | ---- | C] () -- C:\WINDOWS\xnview.ini
[2007/09/14 13:15:24 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/09/14 13:15:24 | 000,000,114 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2007/09/14 13:15:22 | 000,000,866 | ---- | C] () -- C:\WINDOWS\EZPHOTO.INI
[2007/09/14 13:13:53 | 000,016,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\SCFBPNT.SYS
[2007/08/10 12:08:48 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2007/05/24 10:14:02 | 000,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2007/05/24 10:13:48 | 000,106,584 | ---- | C] () -- C:\WINDOWS\System32\fwnetcfg.dll
[2007/04/18 09:20:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/04/12 14:21:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2007/04/12 13:07:39 | 000,013,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\omci.sys
[2007/04/12 09:20:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/08 20:50:33 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/18 11:47:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/12/03 08:20:12 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004/09/23 03:09:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/08/12 08:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/04 03:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 03:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 03:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 03:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 03:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/07/21 10:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/16 07:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/07/30 08:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/08/10 10:02:20 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[1999/08/10 10:02:16 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll

========== LOP Check ==========

[2007/04/30 09:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Attachmate
[2007/10/01 12:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/06/25 19:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/02/05 23:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SkyGolf
[2010/02/05 16:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2008/01/18 13:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/03/21 17:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/05/28 23:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/01 15:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/12/11 16:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\DriveHQ
[2009/12/11 16:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\DriveHQHOOK
[2007/09/22 00:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\FUJIFILM
[2008/08/24 18:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\GARMIN
[2007/04/27 16:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\ICAClient
[2009/05/14 21:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\ICQ
[2007/07/06 23:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Leadertech
[2008/05/24 12:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\LimeWire
[2008/06/25 19:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\ScanSoft
[2010/02/05 15:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Sierra Wireless
[2010/02/05 23:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\SkyGolf
[2010/02/05 18:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Sprint
[2008/03/21 17:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\TomTom
[2008/10/18 02:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\zweitgeist

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-04 17:07:17


< MD5 for: AGP440.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/21 14:25:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/21 14:25:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/21 14:25:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/21 14:25:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 03:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/13 17:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 17:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/04 03:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2004/08/04 03:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2004/08/04 03:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: IASTOR.SYS >
[2006/05/11 09:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: IMM32.DLL >
[2008/04/13 17:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/13 17:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/04 03:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >
[2007/04/16 09:07:27 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2006/07/05 03:57:10 | 000,985,088 | ---- | M] (Microsoft Corporation) MD5=0FDD84928A5DDE2510761B7EC76CCEC9 -- C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[2007/04/16 08:52:53 | 000,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 07:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 07:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/13 17:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2009/03/21 06:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 10:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 10:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2008/06/20 10:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 10:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 10:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 17:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 10:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/13 12:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 12:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 03:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/02/09 04:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2007/02/09 04:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2008/04/13 12:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 12:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/13 17:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 17:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 03:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 17:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: PROQUOTA.EXE >
[2004/08/04 03:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 17:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 17:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/04 03:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 17:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 17:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 17:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 03:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 17:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 17:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2005/06/10 17:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/13 17:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/13 17:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\system32\spoolsv.exe
[2005/06/10 16:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/13 17:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 17:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 03:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >
[2004/08/04 03:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/13 17:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 17:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 03:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 03:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/13 17:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 17:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 03:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 17:11:52 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2008/04/13 17:11:52 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End

maobtrg
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-07-03
Gender Gender : Male
OS OS : windows XP
Protection Protection : Symantec
Points Points : 23546
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv virus (windows/system32/drivers/omci.sys)

Post by Sneakyone on 4th July 2010, 6:43 pm

Hi, Smile

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum