Backdoor.Tidserv!inf

View previous topic View next topic Go down

Backdoor.Tidserv!inf

Post by blastoffspeed on 6th October 2010, 9:18 pm

OTL logfile created on: 10/6/2010 4:56:17 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Kristina\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 344.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.68 Gb Total Space | 3.28 Gb Free Space | 4.92% Space Free | Partition Type: NTFS
Drive D: | 21.86 Gb Total Space | 21.79 Gb Free Space | 99.67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRYSTAL
Current User Name: Kristina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/06 16:54:26 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kristina\Desktop\OTL.com
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/06 21:08:02 | 003,558,136 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/09/27 21:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 20:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/05/01 10:34:00 | 000,262,217 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/05/01 10:28:26 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/05/01 10:28:06 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/05/01 10:26:14 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/05/01 10:22:42 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/05/01 10:20:52 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/05/01 10:20:26 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/04/06 15:58:52 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2005/11/11 17:00:56 | 001,005,096 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
PRC - [2005/11/11 16:43:04 | 000,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
PRC - [2005/11/11 16:42:12 | 000,524,288 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
PRC - [2005/10/13 19:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe
PRC - [2005/09/26 10:26:58 | 000,110,592 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
PRC - [2005/09/22 18:29:08 | 000,303,104 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2005/09/08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/08/24 17:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe
PRC - [2005/08/10 13:49:20 | 000,163,840 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\VSO\mcvsshld.exe
PRC - [2003/10/29 03:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/10/06 16:54:26 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kristina\Desktop\OTL.com
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/04/06 15:59:08 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2005/12/13 03:39:58 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hccutils.dll
MOD - [2005/08/17 10:38:00 | 000,143,360 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKOEPlg.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/09/27 21:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/02 17:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/05/01 10:34:00 | 000,262,217 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2006/05/01 10:22:42 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2006/05/01 10:20:52 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2006/05/01 10:20:26 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/11/11 16:43:04 | 000,548,864 | ---- | M] (McAfee Corporation) [Auto | Running] -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService)
SRV - [2005/10/13 19:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe)
SRV - [2005/08/24 17:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe)
SRV - [2005/08/10 12:22:02 | 000,221,184 | ---- | M] (McAfee Inc.) [Auto | Stopped] -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield)
SRV - [2005/07/12 19:10:18 | 000,963,072 | ---- | M] (McAfee Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe -- (MskService)
SRV - [2005/07/01 20:22:50 | 000,245,760 | ---- | M] (McAfee, Inc) [On_Demand | Stopped] -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Kristina\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/10/03 04:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101003.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/03 04:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101003.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/27 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/09/18 18:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 15:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 15:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/24 05:40:03 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/08/07 17:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 17:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/05/01 10:52:02 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/04/26 17:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2006/04/11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/08 12:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/01 01:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 01:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 01:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/11 16:43:52 | 000,080,640 | ---- | M] (McAfee) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MpFirewall.sys -- (MPFIREWL)
DRV - [2005/09/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/08/10 12:22:10 | 000,114,464 | ---- | M] (McAfee Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2005/08/04 21:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/14 04:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 03:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 05:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2004/08/04 06:00:00 | 000,008,832 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.theweathernetwork.com/weather/caon0493"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.4
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/09 19:05:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/06 16:46:37 | 000,000,000 | ---D | M]

[2008/07/25 22:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristina\Application Data\Mozilla\Extensions
[2010/10/06 16:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristina\Application Data\Mozilla\Firefox\Profiles\3s6t1t3y.default\extensions
[2010/05/31 13:55:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kristina\Application Data\Mozilla\Firefox\Profiles\3s6t1t3y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/06 16:12:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/06 15:50:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/06 15:49:47 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2008/11/25 22:16:33 | 000,288,033 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 9926 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee AntiPhishing Filter) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [asam] C:\Documents and Settings\Kristina\Local Settings\Application Data\asam.exe File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [jiblbxnt] C:\Documents and Settings\Kristina\Local Settings\Application Data\lhplpxaav\nvygkustssd.exe File not found
O4 - HKLM..\Run: [juicoxctgjqjd] c:\documents and settings\kristina\local settings\application data\obcrhvhdg\uikuffy.exe File not found
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [MSKAGENTEXE] C:\Program Files\McAfee\SpamKiller\MSKAgent.exe (McAfee Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [scxlfmrp] C:\Documents and Settings\Kristina\Local Settings\Application Data\jlueulovn\gwdgljbtssd.exe File not found
O4 - HKLM..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [VSOCheckTask] C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe (McAfee, Inc.)
O4 - HKLM..\Run: [xpnehdny] C:\Documents and Settings\NetworkService\Local Settings\Application Data\texnnxiko\ayrdhjptssd.exe File not found
O4 - HKCU..\Run: [asam] C:\Documents and Settings\Kristina\Local Settings\Application Data\asam.exe File not found
O4 - HKCU..\Run: [jiblbxnt] C:\Documents and Settings\Kristina\Local Settings\Application Data\lhplpxaav\nvygkustssd.exe File not found
O4 - HKCU..\Run: [juicoxctgjqjd] c:\documents and settings\kristina\local settings\application data\obcrhvhdg\uikuffy.exe File not found
O4 - HKCU..\Run: [scxlfmrp] C:\Documents and Settings\Kristina\Local Settings\Application Data\jlueulovn\gwdgljbtssd.exe File not found
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} [You must be registered and logged in to see this link.] (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} [You must be registered and logged in to see this link.] (Minesweeper Flags Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} [You must be registered and logged in to see this link.] (Solitaire Showdown Class)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 4 Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} [You must be registered and logged in to see this link.] (UnoCtrl Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} [You must be registered and logged in to see this link.] (Facebook Photo Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} [You must be registered and logged in to see this link.] (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [You must be registered and logged in to see this link.] (Minesweeper Flags Class)
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} [You must be registered and logged in to see this link.] (Solitaire Showdown Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kristina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kristina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8a115f37-14de-11df-966a-0018de145f45}\Shell\AutoRun\command - "" = MntDrCore.exe
O33 - MountPoints2\{8a115f37-14de-11df-966a-0018de145f45}\Shell\Open\command - "" = MntDrCore.exe
O33 - MountPoints2\{8a115f37-14de-11df-966a-0018de145f45}\Shell\Open With...\command - "" = MntDrCore.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe - ()
MsConfig - StartUpReg: Acrobat Assistant 7.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: Dell QuickSet - hkey= - key= - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
MsConfig - StartUpReg: DMXLauncher - hkey= - key= - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: SigmatelSysTrayApp - hkey= - key= - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe File not found
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {AF84D52F-D524-6BC5-28B7-F51EBE9A1B33} - Java (Sun)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69819404975603712)

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\o.dat
File not found -- C:\WINDOWS\System32\cooper.mine
[2010/10/06 16:56:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/10/06 16:54:57 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kristina\Desktop\OTL.com
[2010/10/06 16:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/10/06 15:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kristina\Desktop\JavaRa
[2010/10/06 15:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/06 15:50:10 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/06 15:50:10 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/06 15:50:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/06 15:50:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/06 15:50:10 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/06 15:45:56 | 016,062,240 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Kristina\Desktop\jre-6u21-windows-i586.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Kristina\Desktop\*.tmp files -> C:\Documents and Settings\Kristina\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/06 16:54:26 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kristina\Desktop\OTL.com
[2010/10/06 16:50:03 | 000,115,584 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2010/10/06 16:49:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/06 16:46:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/06 16:45:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/06 16:45:49 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/06 16:43:40 | 013,107,200 | -H-- | M] () -- C:\Documents and Settings\Kristina\NTUSER.DAT
[2010/10/06 16:43:40 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Kristina\ntuser.ini
[2010/10/06 16:39:44 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/06 16:28:09 | 000,499,731 | ---- | M] () -- C:\Documents and Settings\Kristina\Desktop\gp.xpi
[2010/10/06 15:52:45 | 000,156,329 | ---- | M] () -- C:\Documents and Settings\Kristina\Desktop\JavaRa.zip
[2010/10/06 15:49:45 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/06 15:49:45 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/06 15:49:45 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/06 15:49:45 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/06 15:49:45 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/06 15:45:57 | 016,062,240 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Kristina\Desktop\jre-6u21-windows-i586.exe
[2010/10/06 15:32:11 | 000,890,880 | ---- | M] () -- C:\Documents and Settings\Kristina\My Documents\Lateintothenight.doc
[2010/10/05 21:59:22 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\WebReg Deskjet F2100 series.job
[2010/10/04 20:24:35 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Kristina\My Documents\SANTA's list.doc
[2010/09/28 21:39:42 | 000,175,616 | ---- | M] () -- C:\Documents and Settings\Kristina\My Documents\Doc33.doc
[2010/09/25 20:17:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/22 16:06:14 | 000,144,384 | ---- | M] () -- C:\Documents and Settings\Kristina\My Documents\Book Reviews 2010.doc
[2010/09/20 00:13:16 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\Kristina\My Documents\DHoaCG.doc
[2010/09/14 22:43:23 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Kristina\My Documents\books.doc
[2010/09/14 21:58:09 | 000,130,958 | ---- | M] () -- C:\WINDOWS\hpoins12.dat
[2010/09/14 21:57:36 | 000,000,699 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/14 14:18:12 | 000,246,272 | ---- | M] () -- C:\Documents and Settings\Kristina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Kristina\Desktop\*.tmp files -> C:\Documents and Settings\Kristina\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/06 16:36:02 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/06 16:26:19 | 000,499,731 | ---- | C] () -- C:\Documents and Settings\Kristina\Desktop\gp.xpi
[2010/10/06 15:52:53 | 000,156,329 | ---- | C] () -- C:\Documents and Settings\Kristina\Desktop\JavaRa.zip
[2010/10/05 21:59:21 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\WebReg Deskjet F2100 series.job
[2010/01/02 01:09:52 | 2501,894,144 | ---- | C] () -- C:\Program Files\X15-65732.iso
[2008/03/16 17:10:01 | 000,001,337 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/15 16:34:43 | 000,009,126 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/08/15 16:34:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/01/29 14:09:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/10/14 23:53:43 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/15 23:16:17 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Kristina\Application Data\dvd.bmk
[2006/09/15 23:10:49 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Kristina\Local Settings\Application Data\fusioncache.dat
[2006/09/14 17:25:54 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/09/14 17:25:54 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/09/09 18:50:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/08 19:53:30 | 000,246,272 | ---- | C] () -- C:\Documents and Settings\Kristina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/01 20:43:15 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Kristina\Application Data\PFP120JPR.{PB
[2006/09/01 20:43:15 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Kristina\Application Data\PFP120JCM.{PB
[2006/09/01 20:42:17 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\C25B9998A4.sys
[2006/09/01 19:46:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/24 05:55:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/24 05:48:10 | 000,000,317 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/24 05:45:39 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/08/24 05:39:03 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/08/24 05:15:05 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/08/24 05:13:13 | 000,000,493 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 02:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:51:20 | 000,008,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\rasacd.sys
[2004/08/03 23:59:54 | 000,062,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\cdrom.sys
[2002/12/31 08:00:00 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/02/25 02:24:35 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2004/08/04 06:00:00 | 000,008,832 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rasacd.sys

< %systemroot%\System32\config\*.sav >
[2004/08/10 13:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 13:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 13:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 06:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2009/05/27 00:24:09 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\system32\C25B9998A4.sys
[2004/08/04 06:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/06/09 11:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DDMI2.sys
[2005/03/13 17:54:00 | 000,006,656 | ---- | M] (GTek Technologies Ltd.) -- C:\WINDOWS\system32\DLPT2.sys
[2005/02/08 13:37:52 | 000,007,626 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GPCIEnum.sys
[2004/06/15 17:55:56 | 000,007,882 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GTKCMOS.sys
[2004/08/04 06:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 06:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 06:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 06:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 06:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 06:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 06:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 06:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 06:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 06:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 06:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 06:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 06:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 14:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2009/08/14 09:21:25 | 001,850,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll



blastoffspeed
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-12-12
OS OS : XP
Points Points : 25871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by blastoffspeed on 6th October 2010, 9:19 pm

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/02/02 12:55:45 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2009/12/13 01:56:48 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2007/03/24 23:07:15 | 000,014,026 | ---- | M] () -- C:\buy.jpg
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2009/12/13 02:20:22 | 000,017,452 | ---- | M] () -- C:\ComboFix.txt
[2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/08/24 05:18:20 | 000,005,601 | RH-- | M] () -- C:\dell.sdr
[2010/06/05 16:13:20 | 024,491,040 | ---- | M] () -- C:\exercise videos - Winsor Pilates - Buns And Thigh Sculpting - SVCD.mp4
[2010/10/06 16:45:49 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2006/09/09 18:45:34 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2007/08/04 22:51:35 | 000,000,067 | ---- | M] () -- C:\inferno.log
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2006/08/24 05:40:37 | 000,000,769 | -H-- | M] () -- C:\IPH.PH
[2010/10/06 15:54:10 | 000,017,004 | ---- | M] () -- C:\JavaRa.log
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/03 12:39:52 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/06 16:45:47 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/01/03 16:20:06 | 000,000,000 | ---- | M] () -- C:\Settings.ini
[2009/03/13 00:43:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/03/13 16:28:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/03/15 01:49:48 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/03/16 03:04:05 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/03/17 02:21:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/03/18 00:23:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/03/20 01:00:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/04/07 01:38:48 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/04/10 02:29:03 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/04/10 09:16:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/04/11 08:13:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/04/12 01:52:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/03/03 02:52:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/03/06 01:36:21 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/03/06 17:38:12 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/03/07 21:24:12 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/03/08 10:43:57 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/03/10 02:27:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/03/11 02:32:34 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/03/12 02:19:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/03/13 00:43:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/03/13 16:28:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/03/15 01:49:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/03/16 03:04:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/03/17 02:21:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/03/18 00:23:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/03/20 01:00:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/04/07 01:38:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/04/10 02:29:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/04/10 09:16:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/04/11 08:13:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/04/12 01:52:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/03/03 02:52:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/03/06 01:36:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/03/06 17:38:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/03/07 21:24:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/03/08 10:43:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/03/10 02:27:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/03/11 02:32:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/03/12 02:19:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2006/09/09 23:07:23 | 000,117,816 | ---- | M] () -- C:\VolEdit.ini.log

blastoffspeed
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-12-12
OS OS : XP
Points Points : 25871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by blastoffspeed on 6th October 2010, 9:20 pm

< %PROGRAMFILES%\*. >
[2007/04/06 22:32:49 | 000,000,000 | ---D | M] -- C:\Program Files\3M
[2009/02/24 22:45:22 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2009/06/19 13:09:53 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/11/22 19:19:55 | 000,000,000 | ---D | M] -- C:\Program Files\Alcohol Soft
[2008/11/25 22:17:23 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2008/09/07 21:53:29 | 000,000,000 | ---D | M] -- C:\Program Files\ApexDC++
[2008/12/12 11:05:48 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2006/08/24 05:49:31 | 000,000,000 | ---D | M] -- C:\Program Files\BAE
[2007/01/14 18:44:17 | 000,000,000 | ---D | M] -- C:\Program Files\Black Isle
[2009/03/14 20:20:24 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2006/08/24 05:35:06 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2008/12/29 19:20:25 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2009/12/13 02:05:34 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2006/08/24 05:36:14 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2006/09/09 18:49:50 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2006/09/04 19:59:40 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support
[2006/08/24 05:39:20 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2008/02/03 19:11:29 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2006/10/14 23:13:43 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Shrink
[2010/08/13 18:16:33 | 000,000,000 | ---D | M] -- C:\Program Files\Free iPod Video Converter
[2008/10/17 16:22:06 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2007/09/15 16:39:23 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2007/09/15 16:42:17 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2008/09/14 14:13:18 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2006/08/24 05:34:31 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2006/08/24 05:38:55 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2010/03/31 02:01:58 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/04/26 22:22:13 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/04/26 22:22:43 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/10/06 15:54:08 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2006/08/24 05:40:35 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2006/08/24 05:47:38 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2009/12/11 23:11:57 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2006/08/24 05:47:31 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2008/09/03 12:49:50 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/11/21 01:37:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2006/09/09 19:54:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007/05/11 11:44:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2004/08/10 14:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2007/07/25 22:20:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/11/21 01:37:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2006/08/24 05:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2006/08/24 05:42:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2010/06/05 15:50:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/11/21 01:34:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/11/21 01:36:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2006/09/09 19:51:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/01/03 18:08:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2006/09/09 19:52:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2006/09/09 19:49:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/08/11 11:34:14 | 000,000,000 | ---D | M] -- C:\Program Files\MINITAB 14 Student
[2006/09/09 18:49:52 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2010/03/11 01:28:57 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/06 16:51:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/12/14 11:21:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2007/07/25 22:20:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2006/09/02 21:35:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/10 14:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/20 13:43:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2006/08/24 05:41:38 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2006/10/14 23:48:30 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2008/09/03 12:42:36 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2006/08/24 05:39:14 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2009/12/13 23:29:31 | 000,000,000 | ---D | M] -- C:\Program Files\Neuro
[2004/08/10 14:01:34 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/13 00:12:50 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/03/14 20:28:11 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/08/24 05:40:01 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/12/14 11:21:23 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2006/08/24 05:48:25 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2009/04/26 22:07:05 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2007/01/29 13:07:36 | 000,000,000 | ---D | M] -- C:\Program Files\SAV
[2009/01/10 11:18:29 | 000,000,000 | ---D | M] -- C:\Program Files\SAV10
[2006/08/24 05:49:31 | 000,000,000 | ---D | M] -- C:\Program Files\SearchAssist
[2006/08/24 05:36:07 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2006/09/05 15:25:46 | 000,000,000 | ---D | M] -- C:\Program Files\Skype
[2006/08/24 05:49:27 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2008/11/25 22:12:19 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2008/01/06 21:31:58 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2010/10/06 16:50:30 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec AntiVirus
[2006/08/24 05:34:07 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2006/11/16 12:44:44 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/06/08 09:07:11 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2009/01/06 22:58:52 | 000,000,000 | ---D | M] -- C:\Program Files\Veoh Networks
[2006/09/14 18:08:52 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2006/08/24 05:40:34 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2006/08/24 05:43:43 | 000,000,000 | ---D | M] -- C:\Program Files\WebCyberCoach
[2009/11/21 01:37:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/04/12 22:13:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2006/12/16 14:09:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/09/03 12:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/09/03 12:42:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/05/04 19:10:24 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2006/09/09 18:49:55 | 000,000,000 | ---D | M] -- C:\Program Files\WordPerfect Office 12
[2004/08/10 14:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2006/09/14 17:25:54 | 000,000,000 | ---D | M] -- C:\Program Files\XviD

< %appdata%\*.* >
[2004/08/10 13:57:42 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Kristina\Application Data\desktop.ini
[2006/10/14 17:15:14 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Kristina\Application Data\dvd.bmk
[2006/09/01 20:43:15 | 000,012,358 | ---- | M] () -- C:\Documents and Settings\Kristina\Application Data\PFP120JCM.{PB
[2006/09/01 20:43:15 | 000,061,678 | ---- | M] () -- C:\Documents and Settings\Kristina\Application Data\PFP120JPR.{PB


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/03 12:35:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/03 12:35:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

blastoffspeed
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-12-12
OS OS : XP
Points Points : 25871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by blastoffspeed on 6th October 2010, 9:21 pm

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/03 12:35:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/03 12:35:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/09/03 12:35:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/09/03 12:35:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 06:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2004/08/04 06:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

blastoffspeed
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-12-12
OS OS : XP
Points Points : 25871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by blastoffspeed on 6th October 2010, 9:22 pm



< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

blastoffspeed
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-12-12
OS OS : XP
Points Points : 25871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by blastoffspeed on 6th October 2010, 9:22 pm


< MD5 for: USBSTOR.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbstor.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/09/03 12:35:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/09/03 12:35:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

blastoffspeed
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-12-12
OS OS : XP
Points Points : 25871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by Belahzur on 6th October 2010, 9:31 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O4 - HKLM..\Run: [jiblbxnt] C:\Documents and Settings\Kristina\Local Settings\Application Data\lhplpxaav\nvygkustssd.exe File not found
    O4 - HKLM..\Run: [juicoxctgjqjd] c:\documents and settings\kristina\local settings\application data\obcrhvhdg\uikuffy.exe File not found
    O4 - HKLM..\Run: [scxlfmrp] C:\Documents and Settings\Kristina\Local Settings\Application Data\jlueulovn\gwdgljbtssd.exe File not found
    O4 - HKLM..\Run: [xpnehdny] C:\Documents and Settings\NetworkService\Local Settings\Application Data\texnnxiko\ayrdhjptssd.exe File not found
    O4 - HKCU..\Run: [asam] C:\Documents and Settings\Kristina\Local Settings\Application Data\asam.exe File not found
    O4 - HKCU..\Run: [jiblbxnt] C:\Documents and Settings\Kristina\Local Settings\Application Data\lhplpxaav\nvygkustssd.exe File not found
    O4 - HKCU..\Run: [juicoxctgjqjd] c:\documents and settings\kristina\local settings\application data\obcrhvhdg\uikuffy.exe File not found
    O4 - HKCU..\Run: [scxlfmrp] C:\Documents and Settings\Kristina\Local Settings\Application Data\jlueulovn\gwdgljbtssd.exe File not found
    O33 - MountPoints2\{8a115f37-14de-11df-966a-0018de145f45}\Shell\AutoRun\command - "" = MntDrCore.exe
    O33 - MountPoints2\{8a115f37-14de-11df-966a-0018de145f45}\Shell\Open\command - "" = MntDrCore.exe
    O33 - MountPoints2\{8a115f37-14de-11df-966a-0018de145f45}\Shell\Open With...\command - "" = MntDrCore.exe


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by blastoffspeed on 6th October 2010, 9:39 pm

Hi. I have been to this site before with a similar problem.
My Symantec Antivirus will pop up to tell me that it has found a Risk: Backdoor.Tidserv!inf (same as before).
The file name is: C:\WINDOWS\system32\drivers\rasacd.sys

This has been happening for a while now, but it didn’t cause too many problems and because I needed my computer for work/school, etc. I left it alone for a while until I had the time to look into it.

The problems are becoming more of a nuisance. They include:
-computer freezing a LOT, something it never used to do
-cntrl+alt+delete does not work at ALL, ever.
-computer freezing means I cannot shut it down or do anything, so I have to shut it down manually. It has gotten to the point where 9/10 times, it has to be shut down manually, sometimes several times a day.
-when searching on google, if I click on a link to open in a new tab, very often I cannot access it because while it’s loading, it will show in the Tab name: a blue 2-like symbol, then it will say Redirect, and then Jump, taking me to some sort of directory of search results, which is clearly not what the link I clicked on was.
-often, tabs will open up of their own accord, leading to similar search directory results, or even opening google for no reason
-another thing I’ve noticed is, I used to have automatic updates every week or so, which I haven’t had in a long while. Perhaps this is unrelated and I have – unwittingly – turned off this feature at some point myself.


I have ran OTL and the OTL.Txt and Extras.Txt logs have both opened successfully. I have copied most of the OTL.Txt log above, and will copy the Extras.Txt one below.

They are really long and I have done this in several posts.
I have looked up my previous posts about this similar problem, and it states: “Logfile of Trend Micro HijackThis v2.0.2”, so I am assuming that is not the same as the OTL files.
Also, often when I kept trying to post, it would say Connection Interrupted, and it won’t let me post, even though I still have internet.


blastoffspeed
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-12-12
OS OS : XP
Points Points : 25871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by blastoffspeed on 6th October 2010, 9:41 pm

I have just read your post and will do so

blastoffspeed
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-12-12
OS OS : XP
Points Points : 25871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by blastoffspeed on 6th October 2010, 9:42 pm

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jiblbxnt deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\juicoxctgjqjd deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\scxlfmrp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\xpnehdny deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\asam deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\jiblbxnt deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\juicoxctgjqjd deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\scxlfmrp deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a115f37-14de-11df-966a-0018de145f45}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a115f37-14de-11df-966a-0018de145f45}\ not found.
File MntDrCore.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a115f37-14de-11df-966a-0018de145f45}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a115f37-14de-11df-966a-0018de145f45}\ not found.
File MntDrCore.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a115f37-14de-11df-966a-0018de145f45}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a115f37-14de-11df-966a-0018de145f45}\ not found.
File MntDrCore.exe not found.

OTL by OldTimer - Version 3.2.14.1 log created on 10062010_174209

blastoffspeed
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-12-12
OS OS : XP
Points Points : 25871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by blastoffspeed on 6th October 2010, 9:43 pm

Should I still copy and paste the information from Extras.Txt on here?

blastoffspeed
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-12-12
OS OS : XP
Points Points : 25871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by Belahzur on 6th October 2010, 10:57 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by blastoffspeed on 7th October 2010, 12:32 am

Hi. I downloaded and ran MBAM and then rebooted my computer.

Upon restarting, Symantec popped up again to say:
Scan type: Auto-Protect Scan
Event: Risk Found!
Risk: Backdoor.Tidserv!gen6
File:
Location:
Action taken: Clean succeeded : Access allowed
Date found: Wednesday, October 06, 2010 8:21:04 PM

Along with another box which said it had only been partially cleaned.


Here are the contents of the MBAM log:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4762

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/6/2010 8:15:24 PM
mbam-log-2010-10-06 (20-15-24).txt

Scan type: Quick scan
Objects scanned: 151814
Time elapsed: 14 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\appidht_dlls (Spyware.Agent.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asam (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Kristina\Local Settings\Temp\xFDE.exe (Rogue.AVSecuritySuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristina\Local Settings\Temp\26E.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristina\Local Settings\Temp\7C6.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristina\Local Settings\Temp\GLyq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristina\Local Settings\Temp\PIOC.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1B9.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1CC.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cHkv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sljC.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\drac.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yFXk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\genc.tmp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YWYJN0LS\n002106201304r0409J11000601R609cdf73W8501b9ecX8f891f9eYc3a54c4fZ0100f0800[1] (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\WINDOWS\herjek.config (Malware.Trace) -> Quarantined and deleted successfully.

blastoffspeed
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-12-12
OS OS : XP
Points Points : 25871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by Belahzur on 7th October 2010, 9:56 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by blastoffspeed on 8th October 2010, 1:16 am

Before I do combofix, would you say it's still necessary?

After I turned off my computer last night, automatic updates came up (for the first time in months, and I had a lot..) and now upon turning it on (and it has been on for the past 20 minutes) nothing has popped up at all to say Risks Found, nor have random tabs opened of their own accord like they used to.

I will definitely do combofix if you think the problem is still present.

Also, is there any Antivirus or Malware, etc. program you recommend I download or buy, that would better protect my computer from these problems?

Thank you.

blastoffspeed
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-12-12
OS OS : XP
Points Points : 25871
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by Belahzur on 8th October 2010, 8:37 pm

Yes please, I want to make sure nothing is hiding.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum