Backdoor.Tidserv!inf

View previous topic View next topic Go down

Backdoor.Tidserv!inf

Post by leylac on 19th September 2011, 10:23 am

Hi, I am glad I have found this forum, thnx in advance!

OTL logfile created on: 19-9-2011 11:53:32 - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Leyla\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 47,26% Memory free
6,21 Gb Paging File | 4,71 Gb Available in Paging File | 75,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 52,25 Gb Free Space | 46,78% Space Free | Partition Type: NTFS
Drive D: | 111,43 Gb Total Space | 44,79 Gb Free Space | 40,19% Space Free | Partition Type: NTFS

Computer Name: PC_VAN_LEYLA | User Name: Leyla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-09-19 11:46:54 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Leyla\Desktop\OTL.com
PRC - [2011-04-17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2010-07-22 16:01:44 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Leyla\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2009-07-05 22:46:49 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2009-04-11 08:28:11 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-04-11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008-06-10 17:41:06 | 000,761,856 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2008-06-10 17:40:06 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2008-03-05 15:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008-03-05 15:15:20 | 000,525,360 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008-03-02 17:08:44 | 000,757,760 | ---- | M] ([You must be registered and logged in to see this link.] -- C:\Program Files\Daily Mugshot Windows Reminder\DailyMugshot.exe
PRC - [2008-02-04 17:43:08 | 000,458,752 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008-01-22 11:14:24 | 000,200,704 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
PRC - [2008-01-21 04:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2008-01-09 18:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007-12-19 18:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007-12-05 05:31:48 | 004,710,400 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007-11-27 18:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007-10-23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007-10-17 07:57:38 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007-10-10 06:41:54 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007-10-01 16:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007-09-26 11:47:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007-09-20 13:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007-09-10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007-09-06 16:30:18 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007-09-06 16:29:46 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007-09-06 12:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011-09-18 13:11:09 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4117485024b0f652b9fbb66ff5025896\System.Management.ni.dll
MOD - [2011-09-18 13:09:28 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1cc11918d8dd561391bba05c61de7573\System.ServiceProcess.ni.dll
MOD - [2011-09-18 13:09:23 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
MOD - [2011-09-18 13:08:55 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
MOD - [2011-09-18 13:08:52 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
MOD - [2011-09-18 13:08:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll
MOD - [2011-09-18 13:08:27 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011-09-18 13:08:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll
MOD - [2011-09-18 13:01:04 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011-09-18 13:00:56 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011-08-28 23:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009-03-31 20:04:18 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008-09-16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008-06-10 17:40:18 | 000,249,856 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
MOD - [2008-01-09 18:43:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2008-01-09 18:42:54 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2008-01-03 02:00:48 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2007-12-20 13:58:02 | 000,143,360 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\nl\eLockCTL.resources.dll
MOD - [2007-12-20 13:58:00 | 000,679,936 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll
MOD - [2007-12-19 18:09:42 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\nl\eSettings.Plugin.resources.dll
MOD - [2007-12-19 18:09:38 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2007-12-19 18:09:04 | 000,010,752 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\nl\eSettings.Presenter.resources.dll
MOD - [2007-12-19 18:08:54 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2007-12-19 18:08:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2007-12-19 18:08:10 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2007-10-23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2007-10-10 06:41:08 | 000,106,496 | ---- | M] () -- C:\Acer\Empowering Technology\eAudio\eAudioUI.dll
MOD - [2007-09-20 14:01:12 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2007-09-11 09:59:04 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
MOD - [2007-08-27 21:11:00 | 000,967,168 | ---- | M] () -- C:\Program Files\Daily Mugshot Windows Reminder\libxml2.dll
MOD - [2007-04-17 10:43:22 | 000,077,824 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\nl\ePresentationCTL.resources.dll
MOD - [2007-03-22 11:51:56 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eAudio\nl\eAudioUI.resources.dll
MOD - [2007-02-13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
MOD - [2005-08-06 17:15:00 | 000,073,728 | ---- | M] () -- C:\Program Files\Daily Mugshot Windows Reminder\zlib1.dll
MOD - [2004-02-09 14:35:10 | 000,188,495 | ---- | M] () -- C:\Program Files\Daily Mugshot Windows Reminder\libcurl.dll
MOD - [2003-06-07 07:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
MOD - [2002-06-27 20:11:54 | 000,872,448 | ---- | M] () -- C:\Program Files\Daily Mugshot Windows Reminder\iconv.dll


========== Win32 Services (SafeList) ==========

SRV - [2011-04-17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2009-07-05 22:46:49 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009-06-02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008-06-10 17:40:06 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2008-03-05 15:15:24 | 000,497,712 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-01-21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008-01-21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007-12-19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007-11-27 18:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007-11-06 22:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007-10-01 16:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007-09-26 11:47:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007-09-26 11:47:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Planner voor Automatische LiveUpdate)
SRV - [2007-09-20 13:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007-09-10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007-09-06 16:29:46 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007-09-06 16:29:46 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007-09-06 16:29:46 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)


========== Driver Services (SafeList) ==========

DRV - [2011-09-14 14:32:52 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110918.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2011-09-14 14:32:52 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110918.008\NAVENG.SYS -- (NAVENG)
DRV - [2011-09-09 19:44:06 | 000,816,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110909.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011-08-23 00:17:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110917.031\IDSvix86.sys -- (IDSVix86)
DRV - [2011-07-28 10:21:35 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011-07-28 10:21:35 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011-05-12 13:29:27 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011-03-31 05:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011-03-31 05:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011-03-22 02:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011-03-15 04:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011-01-27 08:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011-01-27 07:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-01-21 04:23:26 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2008-01-21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008-01-04 17:15:08 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2007-12-11 11:42:44 | 000,163,376 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007-12-05 12:18:00 | 008,241,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007-12-03 04:48:10 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007-11-06 22:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2007-07-31 04:17:26 | 000,418,864 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007-07-30 16:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007-07-26 18:25:46 | 000,974,248 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007-07-03 10:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007-05-16 14:47:44 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007-03-21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007-02-24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007-02-16 02:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007-02-06 15:01:48 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (ASPI32)
DRV - [2007-01-30 07:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007-01-23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006-11-02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.nl/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.1.3
FF - prefs.js..extensions.enabledItems: {AC4F2D67-3E5E-462F-82FE-584C7B9DDCD6}:1.0.0.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.1
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.19.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.1.3
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Leyla\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Leyla\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Leyla\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Leyla\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-13 15:09:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011-08-17 17:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_1_3 [2011-09-19 00:00:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011-08-02 13:37:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011-08-04 12:07:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-09-09 11:35:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-09-09 11:35:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-13 15:09:27 | 000,000,000 | ---D | M]

[2011-04-19 13:24:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leyla\AppData\Roaming\mozilla\Extensions
[2011-09-18 20:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leyla\AppData\Roaming\mozilla\Firefox\Profiles\jbnz6s6v.default\extensions
[2010-07-15 14:42:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Leyla\AppData\Roaming\mozilla\Firefox\Profiles\jbnz6s6v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-07-31 13:01:44 | 000,000,000 | ---D | M] (プーペガールツールバー) -- C:\Users\Leyla\AppData\Roaming\mozilla\Firefox\Profiles\jbnz6s6v.default\extensions\{AC4F2D67-3E5E-462F-82FE-584C7B9DDCD6}
[2011-02-15 23:59:55 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\Leyla\AppData\Roaming\mozilla\Firefox\Profiles\jbnz6s6v.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2010-07-31 13:00:50 | 000,000,000 | ---D | M] (Pupe Helper) -- C:\Users\Leyla\AppData\Roaming\mozilla\Firefox\Profiles\jbnz6s6v.default\extensions\chibiusa@gmail.com
[2011-04-06 13:56:56 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Leyla\AppData\Roaming\mozilla\Firefox\Profiles\jbnz6s6v.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011-09-10 11:44:51 | 000,000,000 | ---D | M] (Wiktionary and Google Translate) -- C:\Users\Leyla\AppData\Roaming\mozilla\Firefox\Profiles\jbnz6s6v.default\extensions\googledictionary@toptip.ca
[2011-03-23 14:24:21 | 000,005,529 | ---- | M] () -- C:\Users\Leyla\AppData\Roaming\Mozilla\Firefox\Profiles\jbnz6s6v.default\searchplugins\SearchquWebSearch.xml
[2011-07-01 20:10:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-02-16 18:34:19 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-07-30 11:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011-03-10 14:02:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-07-01 20:10:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011-09-19 00:00:19 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_1_3
[2011-08-17 17:44:40 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2011-05-04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010-07-16 14:54:13 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2010-07-16 14:54:14 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2011-03-23 14:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml
[2010-07-16 14:54:14 | 000,001,111 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\vandale-nl.xml
[2010-07-16 14:54:14 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml
[2010-07-16 14:54:14 | 000,001,106 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2010-07-22 15:49:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: facebook.com ([apps] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} [You must be registered and logged in to see this link.] (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F24D806-5BC0-43CA-ABA8-56591BDCDD11}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C05738A-2F34-4F10-811A-D093AEFFC051}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\mijn documenten\Mijn afbeeldingen\diversen\magic\23034336_8.jpg
O24 - Desktop BackupWallPaper: D:\mijn documenten\Mijn afbeeldingen\diversen\magic\23034336_8.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {78310121-036D-427A-9FAA-A9D8135E5F8F} - .NET Framework
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7C4B7AFA-EAA0-4008-C5E9-38C287C9A65F} - Windows Media Player 5.2
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E4066320-E4AE-11CF-B1B0-00AA00BBAD66} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll ([You must be registered and logged in to see this link.]
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll ([You must be registered and logged in to see this link.]

leylac
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-09-19
OS OS : windows vista
Points Points : 19203
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by leylac on 19th September 2011, 10:24 am


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011-09-19 11:46:53 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\Leyla\Desktop\OTL.com
[2011-09-19 10:35:18 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{3451F030-54F4-4B3E-8141-838698AE1507}
[2011-09-18 23:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011-09-18 23:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011-09-18 23:27:08 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\Threat Expert
[2011-09-18 22:35:00 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{026E2C7C-DBD1-43EA-A7A4-59FB3D6BA6A0}
[2011-09-18 22:34:58 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{3C4F2C58-E78D-45D5-9661-43EC1CC9BE41}
[2011-09-18 15:05:06 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\NPE
[2011-09-18 10:34:38 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{25671690-BF71-4DC9-96C5-F70D1626EEF0}
[2011-09-18 10:34:33 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{CFB3BFA9-08C6-4A6A-B540-74C62BACB254}
[2011-09-18 00:42:25 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011-09-18 00:42:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011-09-18 00:42:24 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011-09-18 00:42:24 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011-09-18 00:42:24 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011-09-18 00:42:24 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011-09-18 00:42:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011-09-18 00:42:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011-09-18 00:42:22 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011-09-18 00:42:22 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011-09-18 00:42:22 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011-09-18 00:42:22 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011-09-18 00:42:22 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011-09-18 00:42:21 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011-09-18 00:42:21 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011-09-18 00:42:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011-09-18 00:42:21 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011-09-18 00:42:21 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011-09-18 00:42:21 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011-09-18 00:42:21 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011-09-18 00:42:21 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011-09-18 00:42:21 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011-09-18 00:42:20 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011-09-18 00:42:20 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011-09-18 00:42:19 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011-09-18 00:42:19 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011-09-18 00:42:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011-09-18 00:42:19 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011-09-18 00:42:19 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011-09-18 00:42:18 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011-09-18 00:42:18 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011-09-18 00:42:18 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011-09-18 00:42:18 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011-09-18 00:42:17 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011-09-18 00:42:17 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011-09-18 00:42:17 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011-09-18 00:42:17 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011-09-17 17:14:35 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{8B0D6C5E-E297-4913-9010-06EFF3FCA37D}
[2011-09-17 17:14:33 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{3D59944D-9ED2-4B40-96A8-201BA5A2BFBC}
[2011-09-16 19:29:54 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{B70AA068-AACA-4807-A508-49083B63FDB0}
[2011-09-16 19:29:34 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{59B41138-E6F4-4622-98D0-C4FCC55F8615}
[2011-09-16 11:30:41 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{AD9844F4-B425-4C5C-B796-098BAAE9B847}
[2011-09-15 09:31:13 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{A235AA1C-0F80-47D8-B792-BDE2029F2094}
[2011-09-15 09:31:11 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{B54AC21A-B688-4D03-BF7E-3BA90F96065D}
[2011-09-14 14:05:45 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{D2ACEE15-A55F-498D-BEA2-97A421C4E7B4}
[2011-09-14 14:05:37 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{6AB88928-8AE0-4128-86CE-0BB94C8E1DED}
[2011-09-13 17:14:12 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{7048B41D-2389-41D3-8483-AC8C1B79E78A}
[2011-09-13 17:14:10 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{0342336B-33EB-4FC6-8D99-5FF79922E943}
[2011-09-12 10:17:03 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{A32143B4-F68E-4D57-802A-41AD69BA224A}
[2011-09-12 10:17:00 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{CFFD5899-AC1C-4A5D-9533-24C364363992}
[2011-09-10 11:32:00 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{A4A29A55-6254-4F02-AB13-B16F7AFDD814}
[2011-09-10 11:31:21 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{745619D7-A441-4C6D-9D76-E780A3700347}
[2011-09-09 11:32:43 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{BB5A05FA-B859-49C8-AD06-7A9F309E5F47}
[2011-09-09 11:32:28 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{6241F8AA-BC09-443E-86DB-86FB548E2DA5}
[2011-09-08 11:38:23 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{30B4EDB5-F9B0-430E-B908-7B2DC1C8A37B}
[2011-09-08 11:38:02 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{E6A1FE94-2607-4D22-A66A-BD5DAAF6166A}
[2011-09-07 11:32:34 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{4663377B-1B60-4023-8B8A-69E481468234}
[2011-09-06 20:24:09 | 000,000,000 | ---D | C] -- C:\Users\Leyla\Desktop\Nieuwe map
[2011-09-06 10:32:12 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{9CFB44DF-0890-4A3D-AA64-BB8BB5BA10FB}
[2011-09-06 10:32:04 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{F5BF028F-7B11-443E-9B58-3D9009E31ACB}
[2011-09-05 20:00:13 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{0E5E04F1-9CAB-499A-A81B-5755349E87EA}
[2011-09-05 08:24:21 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{8CB96A0C-451A-4EBB-B5A4-F7EF62ACC12A}
[2011-09-05 08:24:09 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{74A5E576-5F86-4E29-842B-4804EAC22E53}
[2011-09-05 08:23:23 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{5E12361A-01F9-4B34-AED8-A6A3E69262A6}
[2011-09-05 08:23:16 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{7FCE6FB2-0BDF-4EE3-9A27-ABFDB05ABB6F}
[2011-09-04 20:33:17 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{ED741B25-9AC4-41C1-B10F-A658E0928FAC}
[2011-09-04 20:33:06 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{4BF29652-1471-457C-B36A-AE971AAB63EF}
[2011-09-04 17:23:03 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{8D1C9015-71FE-48EB-956A-56C14198EDAA}
[2011-09-04 17:22:51 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{FFB5E3C7-8711-4226-9CF2-022D3637ED38}
[2011-09-02 11:58:09 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{DF47175E-9833-401A-9FC5-76918424EE52}
[2011-09-02 09:55:28 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{4AACB7E7-D800-43EC-8FE9-9F0888E16B43}
[2011-09-02 09:55:14 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{5A2A465D-B986-42CD-826A-48983ECED1ED}
[2011-09-01 19:41:42 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{9343DC05-0F33-400F-B211-82B842864637}
[2011-09-01 19:41:34 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{19889332-72FE-477A-A975-F55B4465C290}
[2011-09-01 14:01:29 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{1685DC9D-A4AC-4C14-9CDE-ED5711278D3E}
[2011-09-01 14:01:10 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{2088765D-82B0-42D9-9CFB-670367D70C02}
[2011-08-31 18:16:12 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{048DCF50-9335-4763-826E-BDA2D8AFE31E}
[2011-08-31 18:16:03 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{E4B936F8-8E4B-4962-873F-2716A787E3E6}
[2011-08-31 14:01:17 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{B06D409E-86A1-4C2E-9937-552D04AE62A0}
[2011-08-30 15:12:17 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{F1A02865-953A-4D4B-8C97-4323EDA73D79}
[2011-08-30 12:16:38 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{BADBB94E-C98B-46A5-AEB0-03BBD52CEF50}
[2011-08-30 12:16:30 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{BEB264EC-FC56-4819-AFB5-D2355175A6E9}
[2011-08-29 09:17:21 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{529AFD46-DE84-4DEC-AFB9-B406281FB9AA}
[2011-08-29 09:17:03 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{247AA190-1C0A-48B0-A921-352FF28B6464}
[2011-08-28 20:22:31 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{67841BC1-43A1-48B3-9B75-F5518F67078D}
[2011-08-28 20:22:28 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{B992D2FB-DF22-4ACE-839E-B39BAF12B9F1}
[2011-08-28 19:08:58 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{3DD0343A-4FC3-4CD5-9E4B-91DBBF158DA3}
[2011-08-28 19:08:56 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{297FB8FA-D254-45CF-85F9-6DD371C9DDF2}
[2011-08-26 09:47:22 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{F28005D4-D11C-4EDC-8C56-ACEF93154D2C}
[2011-08-26 09:47:20 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{D046366C-8581-4724-B5BB-1F20EF51031A}
[2011-08-25 19:07:19 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{3B569250-8173-4E97-BAB1-BC04EB74A769}
[2011-08-25 19:07:15 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{8C85F1CF-1E1F-405B-A8A7-A81246CF147B}
[2011-08-25 14:16:51 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{8CA8928A-7832-40C0-A06A-99DA42664613}
[2011-08-25 14:16:40 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{021DC4F1-323D-4CB6-82CA-5BF942B5E25F}
[2011-08-24 17:29:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011-08-24 17:22:22 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{87702F8F-8C57-425B-BD09-78814F974561}
[2011-08-24 17:22:16 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{54671385-AA9A-4720-89B4-413E98CAF624}
[2011-08-24 14:21:27 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{5339C184-13B2-4FE3-9680-83CC683E1374}
[2011-08-24 14:21:15 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{F3EE7DA4-30F4-4349-84E5-65C26B95672C}
[2011-08-23 18:29:20 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{BFC44236-54A7-45E4-8EEC-7C5B954D2AF8}
[2011-08-23 18:29:19 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{E136B6F7-2B36-40AC-99EB-8A04137ACDCB}
[2011-08-23 10:35:37 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{8F5C1A80-681E-4112-8F74-FA0D86D9116C}
[2011-08-23 10:35:30 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{A714FFFC-E132-40F8-A513-F8535D52AC4A}
[2011-08-22 10:41:46 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{BC8E311B-94DF-4499-8ED5-6A4EE77889C7}
[2011-08-22 10:41:44 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{8BFEB778-D69F-472C-879E-4E952612C588}
[2011-08-21 17:35:41 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{FDA96489-52A4-4A70-B59C-B79593F12BA9}
[2011-08-21 17:35:38 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{489B95B6-CD08-40E0-9E72-939A7BA83F15}
[2011-08-20 19:08:01 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{05832767-EAA4-4D9B-8BD2-6448FCA48A4B}
[2011-08-20 19:07:30 | 000,000,000 | ---D | C] -- C:\Users\Leyla\AppData\Local\{6579E016-0851-4587-8FDD-6EF06FA5B46D}
[2010-01-30 00:09:44 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Leyla\AppData\Roaming\pcouffin.sys
[2009-06-26 13:05:42 | 000,049,152 | ---- | C] ( ) -- C:\Windows\INTEROP.IWSHRUNTIMELIBRARY.DLL
[2009-06-25 21:46:58 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2009-06-25 21:44:05 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009-06-25 21:44:05 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-09-19 12:00:00 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\Norton SystemWorks One Button Checkup.job
[2011-09-19 11:55:01 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-848782442-2727257229-615334782-1000UA.job
[2011-09-19 11:55:00 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-848782442-2727257229-615334782-1000Core.job
[2011-09-19 11:46:54 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Leyla\Desktop\OTL.com
[2011-09-19 11:45:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-09-19 11:45:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-09-19 11:44:58 | 000,027,839 | ---- | M] () -- C:\Users\Leyla\AppData\Roaming\nvModes.001
[2011-09-19 11:41:44 | 000,002,661 | ---- | M] () -- C:\Users\Leyla\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2011-09-19 11:28:01 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-09-19 00:06:09 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-09-19 00:00:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-09-18 23:58:31 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011-09-18 23:43:40 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011-09-18 15:14:02 | 000,007,592 | ---- | M] () -- C:\Users\Leyla\AppData\Local\d3d9caps.dat
[2011-09-18 12:58:31 | 000,684,696 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2011-09-18 12:58:31 | 000,603,042 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-09-18 12:58:31 | 000,133,554 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2011-09-18 12:58:31 | 000,106,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-09-18 10:33:30 | 000,000,907 | ---- | M] () -- C:\Users\Leyla\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011-09-18 00:42:46 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011-09-18 00:42:46 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011-09-18 00:42:25 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011-09-18 00:42:25 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011-09-18 00:42:24 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011-09-18 00:42:24 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011-09-18 00:42:24 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011-09-18 00:42:24 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011-09-18 00:42:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011-09-18 00:42:23 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011-09-18 00:42:22 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011-09-18 00:42:22 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011-09-18 00:42:22 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011-09-18 00:42:22 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011-09-18 00:42:22 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011-09-18 00:42:21 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011-09-18 00:42:21 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011-09-18 00:42:21 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011-09-18 00:42:21 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011-09-18 00:42:21 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011-09-18 00:42:21 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011-09-18 00:42:21 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011-09-18 00:42:21 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011-09-18 00:42:21 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011-09-18 00:42:21 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011-09-18 00:42:20 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011-09-18 00:42:20 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011-09-18 00:42:19 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011-09-18 00:42:19 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011-09-18 00:42:19 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011-09-18 00:42:19 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011-09-18 00:42:19 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011-09-18 00:42:18 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011-09-18 00:42:18 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011-09-18 00:42:18 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011-09-18 00:42:18 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011-09-18 00:42:17 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011-09-18 00:42:17 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011-09-18 00:42:17 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011-09-18 00:42:17 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011-09-16 20:36:56 | 000,092,672 | ---- | M] () -- C:\Users\Leyla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-09-08 15:25:28 | 000,000,827 | ---- | M] () -- C:\Users\Leyla\Desktop\09-2011 - Snelkoppeling.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-09-18 23:35:13 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011-09-18 00:42:21 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011-09-08 15:25:28 | 000,000,827 | ---- | C] () -- C:\Users\Leyla\Desktop\09-2011 - Snelkoppeling.lnk
[2011-08-02 13:09:51 | 000,192,303 | ---- | C] () -- C:\Windows\hpwins20.dat.temp
[2011-08-02 13:09:51 | 000,002,428 | ---- | C] () -- C:\Windows\hpwmdl20.dat.temp
[2011-07-06 16:30:12 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2011-07-06 16:30:12 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011-07-06 16:30:12 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011-02-16 18:38:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-07-22 15:56:12 | 000,000,262 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010-07-22 15:28:22 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010-07-22 15:28:21 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010-07-22 15:28:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010-07-22 15:28:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010-07-22 15:28:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010-01-30 00:12:07 | 000,000,668 | ---- | C] () -- C:\Users\Leyla\AppData\Roaming\vso_ts_preview.xml
[2010-01-30 00:09:44 | 000,007,887 | ---- | C] () -- C:\Users\Leyla\AppData\Roaming\pcouffin.cat
[2010-01-30 00:09:44 | 000,001,144 | ---- | C] () -- C:\Users\Leyla\AppData\Roaming\pcouffin.inf
[2010-01-19 13:13:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010-01-18 15:02:02 | 000,000,117 | ---- | C] () -- C:\Windows\DailyMugshot.ini
[2010-01-13 15:08:47 | 000,023,210 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009-12-27 01:22:46 | 000,000,000 | ---- | C] () -- C:\Windows\musiceditor.INI
[2009-12-27 01:12:43 | 000,000,180 | ---- | C] () -- C:\Windows\VideodeLuxe.INI
[2009-12-26 22:58:06 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009-12-26 22:37:03 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009-12-26 14:44:37 | 000,077,406 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009-09-14 13:38:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009-09-14 13:38:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009-08-27 14:24:57 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009-08-27 14:24:32 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2009-08-27 14:11:57 | 000,001,198 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009-08-08 12:20:15 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009-08-03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009-07-28 20:20:44 | 000,000,120 | ---- | C] () -- C:\Users\Leyla\AppData\Roaming\FixVTS.ini
[2009-07-28 16:31:27 | 000,007,592 | ---- | C] () -- C:\Users\Leyla\AppData\Local\d3d9caps.dat
[2009-07-12 23:16:43 | 000,012,194 | ---- | C] () -- C:\Windows\hpwscr20.dat
[2009-07-12 23:14:56 | 000,256,997 | ---- | C] () -- C:\Windows\hpwins20.dat
[2009-07-12 23:14:56 | 000,001,678 | ---- | C] () -- C:\Windows\hpwmdl20.dat
[2009-07-05 22:35:59 | 000,027,839 | ---- | C] () -- C:\Users\Leyla\AppData\Roaming\nvModes.001
[2009-07-05 22:20:01 | 000,027,839 | ---- | C] () -- C:\Users\Leyla\AppData\Roaming\nvModes.dat
[2009-06-30 15:03:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009-06-30 14:11:42 | 000,000,091 | ---- | C] () -- C:\Windows\fpxpress.ini
[2009-06-30 12:00:32 | 000,092,672 | ---- | C] () -- C:\Users\Leyla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-06-26 13:05:31 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2009-06-26 13:05:30 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2009-06-25 23:26:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009-06-25 21:46:58 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2009-06-25 21:44:07 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009-06-25 21:44:07 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009-06-25 21:44:05 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys
[2009-06-25 21:44:05 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys
[2009-06-25 21:44:05 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini
[2009-06-25 21:43:12 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009-06-25 21:43:12 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009-06-25 21:43:12 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009-06-10 09:14:46 | 000,655,360 | ---- | C] () -- C:\Windows\System32\ISPPopUpDlg.exe
[2009-03-16 10:18:34 | 000,331,776 | ---- | C] () -- C:\Windows\System32\KvpUpCom.dll
[2009-02-26 13:53:34 | 000,045,116 | ---- | C] () -- C:\Windows\System32\KvpSetRegistry.exe
[2008-05-23 09:04:32 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008-05-23 06:33:06 | 000,000,126 | ---- | C] () -- C:\Windows\Alaunch.ini
[2008-05-23 06:32:33 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008-05-22 22:34:40 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008-05-22 22:33:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2008-05-22 22:07:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008-05-22 21:55:47 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008-01-21 08:47:05 | 000,336,440 | ---- | C] () -- C:\Windows\System32\perfi013.dat
[2008-01-21 08:47:04 | 000,684,696 | ---- | C] () -- C:\Windows\System32\perfh013.dat
[2008-01-21 08:47:04 | 000,133,554 | ---- | C] () -- C:\Windows\System32\perfc013.dat
[2008-01-21 08:47:04 | 000,041,976 | ---- | C] () -- C:\Windows\System32\perfd013.dat
[2007-11-06 22:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007-05-18 17:43:32 | 000,020,480 | ---- | C] () -- C:\Windows\System32\KVPSetupEx.exe
[2007-05-10 08:15:34 | 000,028,672 | ---- | C] () -- C:\Windows\System32\ISP_crgen.dll
[2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 14:47:37 | 000,410,824 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 12:33:01 | 000,603,042 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 12:33:01 | 000,106,858 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005-06-29 18:45:44 | 000,708,096 | ---- | C] () -- C:\Windows\System32\INIcrypto20.dll
[2001-12-26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001-09-03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001-07-30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001-07-23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011-09-09 11:34:59 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011-09-09 11:34:59 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011-09-09 11:35:04 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011-09-09 11:35:08 | 000,246,744 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011-09-19 12:00:02 | 000,003,216 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-09-19 12:00:03 | 000,003,216 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2006-11-02 09:29:16 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\stdole2.tlb

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2009-06-25 21:42:41 | 000,000,000 | ---D | M] -- C:\Program Files\Acer
[2009-06-25 21:32:33 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Arcade Deluxe
[2008-05-22 23:14:25 | 000,000,000 | ---D | M] -- C:\Program Files\Acer GameZone
[2009-06-25 21:53:51 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Inc
[2009-08-02 00:44:29 | 000,000,000 | ---D | M] -- C:\Program Files\Acoustica MP3 Audio Mixer
[2008-05-22 22:45:51 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2010-09-21 14:34:15 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009-06-25 21:45:55 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint2K
[2011-05-12 13:28:33 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009-12-26 22:58:06 | 000,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2008-05-22 23:14:04 | 000,000,000 | ---D | M] -- C:\Program Files\Big Kahuna Reef
[2011-08-02 13:37:29 | 000,000,000 | ---D | M] -- C:\Program Files\Bing Bar Installer
[2010-07-13 12:14:32 | 000,000,000 | ---D | M] -- C:\Program Files\cam2pc
[2011-09-18 23:59:58 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010-07-22 14:37:32 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2008-05-22 22:10:27 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009-07-28 16:32:34 | 000,000,000 | ---D | M] -- C:\Program Files\CoreAAC
[2008-05-22 22:17:24 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010-01-18 15:00:40 | 000,000,000 | ---D | M] -- C:\Program Files\Daily Mugshot Windows Reminder
[2010-09-05 16:47:44 | 000,000,000 | ---D | M] -- C:\Program Files\DebugMode
[2009-08-06 15:16:45 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2009-12-27 14:44:57 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2011-07-07 12:06:34 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Shrink
[2009-12-26 22:37:04 | 000,000,000 | ---D | M] -- C:\Program Files\ffdshow
[2011-09-09 16:11:54 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
[2011-06-30 15:02:42 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009-07-28 16:36:07 | 000,000,000 | ---D | M] -- C:\Program Files\GRETECH
[2009-12-16 17:18:31 | 000,000,000 | ---D | M] -- C:\Program Files\HarmWare
[2011-09-18 23:35:12 | 000,000,000 | ---D | M] -- C:\Program Files\Hitman Pro 3.5
[2011-08-02 13:33:24 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010-07-16 00:24:51 | 000,000,000 | ---D | M] -- C:\Program Files\Imagenomic
[2009-12-10 15:51:01 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011-09-18 00:44:50 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011-07-06 16:30:10 | 000,000,000 | ---D | M] -- C:\Program Files\iSofter
[2011-07-01 20:10:32 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009-06-25 21:29:30 | 000,000,000 | ---D | M] -- C:\Program Files\Launch Manager
[2011-08-02 13:37:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009-06-30 15:01:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009-06-30 15:07:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft FrontPage Express
[2006-11-02 14:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011-07-01 20:22:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011-06-17 12:13:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009-06-29 21:26:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009-06-29 21:23:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009-10-19 16:00:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011-09-18 11:58:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010-08-14 03:12:20 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011-09-09 11:35:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009-06-29 21:27:13 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2011-08-02 13:37:14 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Toolbar
[2009-06-25 23:15:53 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008-05-22 22:15:31 | 000,000,000 | ---D | M] -- C:\Program Files\NewTech Infosystems
[2010-06-08 13:46:55 | 000,000,000 | ---D | M] -- C:\Program Files\NirSoft
[2010-03-14 12:05:34 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia
[2009-09-15 20:05:57 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Internet Security
[2010-08-18 11:28:45 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Support
[2011-09-19 12:05:29 | 000,000,000 | ---D | M] -- C:\Program Files\Norton SystemWorks Basic Edition
[2009-09-15 20:05:10 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2009-08-06 15:13:58 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2010-09-05 16:44:32 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Motion
[2011-05-12 13:33:28 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011-07-06 17:23:17 | 000,000,000 | ---D | M] -- C:\Program Files\RADVideo
[2008-05-22 22:04:32 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006-11-02 14:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009-07-02 23:26:19 | 000,000,000 | ---D | M] -- C:\Program Files\SiteAdvisor
[2011-02-16 18:34:18 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2009-06-30 14:05:57 | 000,000,000 | ---D | M] -- C:\Program Files\SmartFTP Setup Files
[2010-09-05 16:44:32 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic Foundry
[2011-05-12 13:29:29 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2010-09-05 16:51:16 | 000,000,000 | ---D | M] -- C:\Program Files\Thugs at Bay
[2006-11-02 15:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011-04-01 20:35:53 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010-02-17 13:28:10 | 000,000,000 | ---D | M] -- C:\Program Files\Veoh Networks
[2010-07-22 14:37:32 | 000,000,000 | ---D | M] -- C:\Program Files\Veoh_Web_Player
[2010-03-19 15:11:42 | 000,000,000 | ---D | M] -- C:\Program Files\VSO
[2009-12-03 21:38:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009-12-03 21:38:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009-12-03 21:38:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009-12-03 21:38:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011-09-10 11:43:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2011-09-17 17:37:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010-10-15 16:39:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009-06-25 21:19:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009-12-03 21:38:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009-12-09 17:47:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009-12-03 21:38:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009-06-30 14:11:43 | 000,000,000 | ---D | M] -- C:\Program Files\WindowsUpdate
[2009-08-06 11:55:38 | 000,000,000 | ---D | M] -- C:\Program Files\WinPcap
[2009-06-29 23:11:51 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2011-07-07 13:50:22 | 000,000,000 | ---D | M] -- C:\Program Files\Womble Multimedia


< MD5 for: AGP440.SYS >
[2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008-01-21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008-01-21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008-01-21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: DISK.SYS >
[2009-04-11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009-04-11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009-04-11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008-01-21 04:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008-01-21 04:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006-11-02 11:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: NETLOGON.DLL >
[2009-04-11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009-04-11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009-04-11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008-01-21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006-11-02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008-01-21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008-01-21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008-01-21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-19 09:36:45

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011-09-09 11:35:08 | 000,554,176 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011-09-09 11:35:08 | 000,554,176 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011-09-09 11:35:08 | 000,554,176 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011-09-09 11:34:59 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011-09-09 11:34:59 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011-09-09 11:34:59 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011-09-18 00:42:21 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011-09-18 00:42:21 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011-09-18 00:42:21 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011-09-18 00:42:24 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2011-09-18 00:42:24 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011-09-09 11:35:08 | 000,554,176 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011-09-09 11:35:08 | 000,554,176 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011-09-09 11:35:08 | 000,554,176 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011-09-09 11:34:59 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011-09-09 11:34:59 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011-09-09 11:34:59 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011-09-18 00:42:21 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011-09-18 00:42:21 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011-09-18 00:42:21 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011-09-18 00:42:24 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2011-09-18 00:42:24 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:73B1147D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

leylac
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-09-19
OS OS : windows vista
Points Points : 19203
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by leylac on 19th September 2011, 10:24 am

EXTRAS file:

OTL Extras logfile created on: 19-9-2011 11:53:32 - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Leyla\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 47,26% Memory free
6,21 Gb Paging File | 4,71 Gb Available in Paging File | 75,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 52,25 Gb Free Space | 46,78% Space Free | Partition Type: NTFS
Drive D: | 111,43 Gb Total Space | 44,79 Gb Free Space | 40,19% Space Free | Partition Type: NTFS

Computer Name: PC_VAN_LEYLA | User Name: Leyla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{122A48C2-2F39-46D7-BBD5-123824583D74}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{161F29D2-6BB3-4FB8-8BB0-5FA96EC94923}" = rport=139 | protocol=6 | dir=out | app=system |
"{19653BFD-7798-4EEC-8631-3A026254EB8F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1EC12E30-FA67-4CB4-B17D-FA5BC7190E36}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{30F96F16-6030-459C-B31A-C47F5565A057}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6157405B-4A7B-479A-977A-EDC71ACF229F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{875EBA4A-CFAF-4E0B-B668-BFB2FD01F232}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8D70EF96-02E8-4A69-B71D-EB0FF69EEC94}" = lport=138 | protocol=17 | dir=in | app=system |
"{91292AA9-E85E-4E49-918C-53E2E1B72612}" = rport=137 | protocol=17 | dir=out | app=system |
"{9508E66D-2621-4329-9556-C06BFDEAD274}" = lport=137 | protocol=17 | dir=in | app=system |
"{9C08EE54-36E8-4C47-8592-1366ED7E231B}" = lport=139 | protocol=6 | dir=in | app=system |
"{BC312BB8-940C-400F-A561-32EFEA74492C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C661A05B-F0FD-4153-835D-A539FBD156CE}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D388B71E-1898-496B-9A9A-E5C82C60AF9D}" = rport=138 | protocol=17 | dir=out | app=system |
"{D9736D1F-0717-4330-BD86-8A01CBB37CD4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DDA8611E-B462-4B75-8FE0-F7E2790F37C7}" = rport=445 | protocol=6 | dir=out | app=system |
"{DF76759B-D229-4118-B4D7-3EA72C06C01A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E7BDDF2B-8A4C-4964-B2CC-0D11A4DE6029}" = lport=445 | protocol=6 | dir=in | app=system |
"{E8984180-0156-48B1-914D-6E438949B1AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EEE1505F-EBC8-4D7A-8153-86C68AD7CF27}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023E4D9C-8BAF-472D-B1FF-1F50E404E650}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{03992C78-04F3-41C2-8E9F-D7C6233CAB1F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{047B3687-0058-4884-B55D-9978496FE21D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{099AD70E-BC9D-4633-AEFE-CDAB9CE46AEA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{0C072854-2871-4120-8D64-35C37EA1B081}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0F7F3B60-FA21-427F-A11B-F5909227DCBC}" = protocol=6 | dir=in | app=c:\users\leyla\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{110691AF-3DAD-4DC0-9B3B-727E3E078011}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{11E21F1C-B6D5-4773-A349-06285BD64CBB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{177A8B01-A507-4775-811E-8B63042F229F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{1D8E6B98-38E4-4E99-B20B-612993B8D724}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{200F5635-714B-4E30-BC7A-03E2957E08E9}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{21D4624B-0A93-4466-A7AF-916B9CD380BB}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{3620F235-FAAE-4280-B5C8-ADBE428CC9B5}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{39763FDA-3F88-41C6-85DF-C6801A97E7B5}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{3B830B57-4B37-4325-AC59-BCBCFDA2A783}" = protocol=6 | dir=in | app=c:\users\leyla\appdata\roaming\dropbox\bin\dropbox.exe |
"{3E4EC63F-BCA5-4E4B-BDF3-27465F8C1207}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{3F3B065F-5247-4D11-B053-CF5861F86D61}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{46321669-2B09-45B3-B419-76288699D9E5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{48BAA311-55C1-4BE2-B5D2-317A3768CBB2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4D1A84DC-CDF0-4409-AA79-07E1B6782639}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{50383B84-0B6A-4304-8672-9FA080D01EC9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{60B612C6-6E41-40EE-8770-36E1F4C79875}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{626F7839-D463-447F-BFD8-53EDF341BF6F}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{6BAC13A5-E678-4708-B4C8-EA453E176A96}" = protocol=17 | dir=in | app=c:\users\leyla\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{73660EF3-9C80-4078-81C0-AE16D4D47E6E}" = protocol=17 | dir=in | app=c:\users\leyla\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{7372B0E7-ABB9-4A72-ADCF-0329FBC6FAA3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{77AD626E-03BB-4972-BEBC-E6C99A7768BE}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{80C4B630-0018-4C55-83DA-6AEA103C59B0}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{813EC2B5-16DE-4903-8DB1-7586C296B468}" = protocol=17 | dir=in | app=c:\users\leyla\appdata\roaming\dropbox\bin\dropbox.exe |
"{87AB5CFB-D1D7-45C2-8710-AF24C64B207B}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{89B29648-F168-43E8-80E0-E9C4795C9EAA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{902DE230-2F47-4CDD-B3D3-5301C7698378}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{977E7751-3C8F-4CCD-93A0-0F9A5F5F2F3E}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{9FFCE6DE-CA80-4C5F-8F20-3255C2EBA5DC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A16CE1DE-6B7A-4D86-9662-F0796880E77A}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{A2724D7A-94C0-410A-8208-92172FB2D80D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{A2F677A6-BD6E-4E0A-84C0-A20607A2FEA6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{A6B3B043-DDFA-4327-83E0-54237A4D687F}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{A8AFCBB4-DEC4-4165-9974-CC306600D6E8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{B43F680E-D550-45D3-AB3E-B88D4875A097}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{BE91FDB7-B9C2-464D-A75A-86F679B5DDAB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{C2603CD5-13E5-4C0C-B2BE-1032E41F942C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{C4631715-A52E-41EB-A94B-7FCFFB3EC8B4}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{C52CF397-9EBD-4CC0-97D8-2C8EF6240A4D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{CB30A73F-2804-466D-B94A-FA7BDEB749F2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{CFB37742-75C1-477A-86F5-245A828DC8A3}" = protocol=6 | dir=in | app=c:\users\leyla\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D160959D-BAF0-4931-A29C-E552C5D4B06D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{D7A950D8-D588-44B7-9568-6107D667F78A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E0BCB5B2-BB44-437A-BF52-A0CC7CA1E3AD}" = dir=in | app=c:\users\leyla\appdata\local\temp\7zs4c56\ojj4600_full_14\setup\hpznui01.exe |
"{E5214B09-D813-4C76-8DD7-C1F89F700B08}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{E90C2E74-3588-4A22-84E7-9BCCD2E50C23}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"TCP Query User{3544E29F-B59C-43B0-B459-5325209A4E09}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{3FC52F74-C177-4BBD-8AD2-E5B56EA33222}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{CEBCEEA7-2110-4C1F-98C0-96034E65E024}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{60AA75CB-874F-4BDF-A41A-0121E6EDCB9E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{633CC10A-ECDB-4BE4-9964-9DD995BC1622}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{A63ED6BF-FA68-4C99-A752-16B2FBC8AB81}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15619017-86DB-49F8-AD97-DC1BC616502E}" = ProductContext
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0150170}" = J2SE Runtime Environment 5.0 Update 17
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera
"{3B540E44-8382-4899-B481-1E2E02E38F3E}" = 4660_4680_Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{4945F319-A24D-454C-A411-F3689987315D}" = HP OfficeJet J4600 All-In-One Series
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer Crystal Eye webcam
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{707D28BF-E145-4a9b-B97E-94FA586D05F3}" = Norton SystemWorks Basic Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F378798-88D8-4FA1-AB74-F035542133A6}" = Portraiture Plug-in
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISE_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_ENTERPRISE_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}_HOMESTUDENTR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2007
"{90120000-00BA-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E23C48E-5483-4971-BA50-089F2FABCD66}" = Norton SystemWorks
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FD45917-95E6-449D-ACC9-01E634A34CBD}_is1" = MPEG Video Wizard DVD 5.0.1.102 (06/2011)
"{A2A0A82F-025F-458d-A0CD-9BB2320804B5}" = Microsoft Works
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B629CD93-A629-4A9F-8B6E-218E741A316E}" = BPDSoftware_Ini
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CA31120D-2101-484D-9FF1-195DE96FE346}" = Norton Cleanup
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}" = MSRedist
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D7D3E265-119C-4EFD-BB43-BEAF464FC969}" = J4680
"{DCE9C52A-95DD-4075-9FC6-3313FB8748A5}" = BPDSoftware
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype 5.1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FB55BB78-2BC2-43E9-80FF-517A8D1AE3AD}" = Norton SystemWorks
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-stuurprogrammapakket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Acoustica MP3 Audio Mixer" = Acoustica MP3 Audio Mixer
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Batch Thumbs 1.6" = Batch Thumbs 1.6
"cam2pc" = cam2pc (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"CoreAAC" = CoreAAC
"Daily Mugshot Windows Reminder_is1" = Daily Mugshot Windows Reminder
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FileZilla Client" = FileZilla Client 3.5.1
"GOM Player" = GOM Player
"GomEncoder" = GOM ENCODER
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LManager" = Launch Manager
"MAGIX Music Manager" = MAGIX Music Manager
"MAGIX Photo Manager" = MAGIX Photo Manager
"MAGIX Video deLuxe 2006 PLUS" = MAGIX Video deLuxe 2006 PLUS
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22)
"Mpeg Video Wizard DVD 5.0" = MPEG Video Wizard DVD 5.0.1.102 (06/2011)
"NirSoft WebVideoCap" = NirSoft WebVideoCap
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"RADVideo" = RAD Video Tools
"Shop for HP Supplies" = Shop for HP Supplies
"SymSetup.{707D28BF-E145-4a9b-B97E-94FA586D05F3}" = Norton SystemWorks (Symantec Corporation)
"Veoh Web Player Beta" = Veoh Web Player
"Veoh_Web_Player Toolbar" = Veoh Web Player Toolbar
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"uTorrent" = Torrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18-10-2010 10:17:45 | Computer Name = PC_van_Leyla | Source = Application Hang | ID = 1002
Description = Programma iexplore.exe, versie 8.0.6001.18975 reageert niet meer op
Windows en is afgesloten. Als u wilt zien of meer informatie over het probleem
beschikbaar is, kunt u de probleemgeschiedenis in onderdeel Probleemrapporten en
-oplossingen in het Configuratiescherm controleren. Proces-id: 474 Starttijd: 01cb6eb1abe042cf
Eindtijd:
0

Error - 19-10-2010 4:37:07 | Computer Name = PC_van_Leyla | Source = WinMgmt | ID = 10
Description =

Error - 19-10-2010 8:50:25 | Computer Name = PC_van_Leyla | Source = Application Hang | ID = 1002
Description = Programma VideodeLuxe.exe, versie 5.0.5.1 reageert niet meer op Windows
en is afgesloten. Als u wilt zien of meer informatie over het probleem beschikbaar
is, kunt u de probleemgeschiedenis in onderdeel Probleemrapporten en -oplossingen
in het Configuratiescherm controleren. Proces-id: 12e0 Starttijd: 01cb6f8bfaa12c4c
Eindtijd:
39

Error - 20-10-2010 6:13:53 | Computer Name = PC_van_Leyla | Source = WinMgmt | ID = 10
Description =

Error - 21-10-2010 6:00:07 | Computer Name = PC_van_Leyla | Source = WinMgmt | ID = 10
Description =

Error - 21-10-2010 7:09:46 | Computer Name = PC_van_Leyla | Source = Application Error | ID = 1000
Description = Toepassing met fout iexplore.exe, versie 8.0.6001.18975, tijdstempel
0x4c8710a6, module met fout Flash10c.ocx, versie 10.0.32.18, tijdstempel 0x4a613d79,
uitzonderingscode 0xc0000005, foutmarge 0x001579a2, proces-id 0x13c4, starttijd
van toepassing 0x01cb7106e7baaf00.

Error - 22-10-2010 7:03:51 | Computer Name = PC_van_Leyla | Source = WinMgmt | ID = 10
Description =

Error - 22-10-2010 11:22:17 | Computer Name = PC_van_Leyla | Source = WinMgmt | ID = 10
Description =

Error - 22-10-2010 13:11:03 | Computer Name = PC_van_Leyla | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =

Error - 23-10-2010 4:11:42 | Computer Name = PC_van_Leyla | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 18-3-2011 11:36:33 | Computer Name = PC_van_Leyla | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 11934
seconds with 540 seconds of active time. This session ended with a crash.

Error - 6-7-2011 14:39:08 | Computer Name = PC_van_Leyla | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 45
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 18-9-2011 6:49:36 | Computer Name = PC_van_Leyla | Source = Service Control Manager | ID = 7000
Description =

Error - 18-9-2011 6:50:37 | Computer Name = PC_van_Leyla | Source = DCOM | ID = 10016
Description =

Error - 18-9-2011 7:13:19 | Computer Name = PC_van_Leyla | Source = Service Control Manager | ID = 7000
Description =

Error - 18-9-2011 7:14:20 | Computer Name = PC_van_Leyla | Source = DCOM | ID = 10016
Description =

Error - 18-9-2011 9:12:40 | Computer Name = PC_van_Leyla | Source = Service Control Manager | ID = 7000
Description =

Error - 18-9-2011 9:13:42 | Computer Name = PC_van_Leyla | Source = DCOM | ID = 10016
Description =

Error - 18-9-2011 17:32:03 | Computer Name = PC_van_Leyla | Source = Service Control Manager | ID = 7034
Description =

Error - 18-9-2011 18:00:15 | Computer Name = PC_van_Leyla | Source = Service Control Manager | ID = 7000
Description =

Error - 18-9-2011 18:01:17 | Computer Name = PC_van_Leyla | Source = DCOM | ID = 10016
Description =

Error - 18-9-2011 18:08:46 | Computer Name = PC_van_Leyla | Source = PlugPlayManager | ID = 11
Description = Het apparaat Root\LEGACY_SMR210\0000 is uit het systeem verdwenen
zonder dat de verwijdering is voorbereid.


< End of report >

leylac
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-09-19
OS OS : windows vista
Points Points : 19203
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by leylac on 19th September 2011, 10:25 am

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-19 12:17:03
-----------------------------
12:17:03.793 OS Version: Windows 6.0.6002 Service Pack 2
12:17:03.793 Number of processors: 2 586 0x6802
12:17:03.793 ComputerName: PC_VAN_LEYLA UserName: Leyla
12:17:06.102 Initialize success
12:17:14.635 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
12:17:14.651 Disk 0 Vendor: WDC_WD2500BEVS-22UST0 01.01A01 Size: 238475MB BusType: 3
12:17:16.679 Disk 0 MBR read successfully
12:17:16.694 Disk 0 MBR scan
12:17:16.694 Disk 0 unknown MBR code
12:17:16.710 Disk 0 scanning sectors +488394752
12:17:16.803 Disk 0 scanning C:\Windows\system32\drivers
12:17:24.291 Service scanning
12:17:25.945 Modules scanning
12:17:33.246 Disk 0 trace - called modules:
12:17:33.355 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
12:17:33.355 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ccaac8]
12:17:33.371 3 CLASSPNP.SYS[8aba08b3] -> nt!IofCallDriver -> [0x8556bc10]
12:17:33.371 5 acpi.sys[8a2946bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x8556db98]
12:17:33.885 Scan finished successfully
12:20:29.183 Disk 0 MBR has been saved successfully to "C:\Users\Leyla\Desktop\MBR.dat"
12:20:29.183 The log file has been saved successfully to "C:\Users\Leyla\Desktop\aswMBR.txt"



leylac
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-09-19
OS OS : windows vista
Points Points : 19203
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by leylac on 19th September 2011, 10:27 am

Results of screen317's Security Check version 0.99.18
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 26
Adobe Flash Player 10.3.183.5
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````

leylac
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-09-19
OS OS : windows vista
Points Points : 19203
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by Belahzur on 21st September 2011, 12:34 am

Hello.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by leylac on 23rd September 2011, 7:13 am

ComboFix 11-09-22.03 - Leyla 22-09-2011 23:32:05.3.2 - x86
Microsoft Windows Vista Home Premium 6.0.6002.2.1252.31.1043.18.3070.1571 [GMT 2:00]
Gestart vanuit: c:\users\Leyla\Desktop\commy.exe
gebruikte Opdracht switches :: /stepdel
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\users\Leyla\AppData\Roaming\Mozilla\Firefox\Profiles\jbnz6s6v.default\searchplugins\SearchquWebSearch.xml
c:\users\Leyla\Documents\18-9.txt
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-08-22 to 2011-09-22 ))))))))))))))))))))))))))))))
.
.
2011-09-22 23:13 . 2011-09-22 23:14 -------- d-----w- c:\users\Leyla\AppData\Local\temp
2011-09-22 23:13 . 2011-09-22 23:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-09-22 23:13 . 2011-09-22 23:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-18 21:35 . 2011-09-18 21:43 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-18 21:35 . 2011-09-18 21:35 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-09-18 21:34 . 2011-09-18 21:34 -------- d-----w- c:\programdata\Hitman Pro
2011-09-18 21:27 . 2011-09-18 21:27 -------- d-----w- c:\users\Leyla\AppData\Local\Threat Expert
2011-09-18 13:05 . 2011-09-18 13:20 -------- d-----w- c:\users\Leyla\AppData\Local\NPE
2011-09-16 09:42 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-09-10 09:43 . 2011-09-10 09:43 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-24 15:29 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 09:43 . 2011-05-18 11:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 15:31 . 2011-08-11 09:39 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\tbVeoh.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\Veoh_Web_Player\tbVeoh.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\tbVeoh.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CD90BF73-20F6-44EF-993D-BB920303BD2E}"= "c:\program files\Veoh_Web_Player\tbVeoh.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Leyla\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Leyla\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Leyla\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-25 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-05 4710400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-05 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 768520]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"PLFSetL"="c:\windows\\PLFSetL.exe" [2007-07-05 94208]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-09-06 115560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-10 113664]
DailyMugshot.lnk - c:\program files\Daily Mugshot Windows Reminder\DailyMugshot.exe [2010-1-18 757760]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-5-22 535336]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-01-29 47360]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R4 Ccsmgmvta;Ccsmgmvta; [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110909.001\BHDrvx86.sys [2011-09-09 816760]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110921.030\IDSvix86.sys [2011-08-22 368248]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS [2011-03-22 331384]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 41456]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-05-16 32256]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 105592]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
2011-09-17 22:42 114176 ----a-w- c:\windows\System32\advpack.dll
.
Inhoud van de 'Gedeelde Taken' map
.
2011-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 09:13]
.
2011-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 09:13]
.
2011-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-848782442-2727257229-615334782-1000Core.job
- c:\users\Leyla\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-15 18:03]
.
2011-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-848782442-2727257229-615334782-1000UA.job
- c:\users\Leyla\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-15 18:03]
.
2011-09-19 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks Basic Edition\OBC.exe [2007-11-02 14:03]
.
.
------- Bijkomende Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: facebook.com\apps
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Leyla\AppData\Roaming\Mozilla\Firefox\Profiles\jbnz6s6v.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Pupe Helper: [You must be registered and logged in to see this link.] - %profile%\extensions\chibiusa@gmail.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: プーペガールツールバー: {AC4F2D67-3E5E-462F-82FE-584C7B9DDCD6} - %profile%\extensions\{AC4F2D67-3E5E-462F-82FE-584C7B9DDCD6}
FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
FF - Ext: Wiktionary and Google Translate: [You must be registered and logged in to see this link.] - %profile%\extensions\googledictionary@toptip.ca
FF - Ext: British English Dictionary: [You must be registered and logged in to see this link.] - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_1_3
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-10 - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-09-23 01:14
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2011-09-23 01:20:12
ComboFix-quarantined-files.txt 2011-09-22 23:20
ComboFix2.txt 2010-07-22 13:53
.
Pre-Run: 57.351.790.592 bytes beschikbaar
Post-Run: 56.708.370.432 bytes beschikbaar
.
- - End Of File - - 729329935073C08965DCE8F905F37920

leylac
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-09-19
OS OS : windows vista
Points Points : 19203
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by Belahzur on 24th September 2011, 6:17 pm

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by leylac on 26th September 2011, 1:29 pm

The first time I ran the scan it crashed my computer..
the next time it did finished, but there is nothing in the log.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

This is what I see when I click on: manage quarantine



leylac
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-09-19
OS OS : windows vista
Points Points : 19203
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by Belahzur on 26th September 2011, 6:00 pm

Hello.
Just need to remove and update some programs now, so this doesn't happen again.

I see that you are running Torrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Torrent
    Adobe Reader 8.1.3
    J2SE Runtime Environment 5.0 Update 17
    Java(TM) 6 Update 26

  • Click on the Uninstall/Change button at the top.

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-7-windows-i586.exe that you downloaded to install the newest version.

Please download [You must be registered and logged in to see this link.] and install it. It will install over version 3.6.22 you currently have installed, so you won't lose any bookmarked websites.

Your Skype also needs updating, so please download the latest version from [You must be registered and logged in to see this link.]

Then download and install [You must be registered and logged in to see this link.]

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by leylac on 27th September 2011, 9:57 am

I removed and updated everything you said.
But when I run norton again, he still finds the virus..

leylac
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-09-19
OS OS : windows vista
Points Points : 19203
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by Belahzur on 27th September 2011, 8:13 pm

Does it say where?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by leylac on 27th September 2011, 8:54 pm

[You must be registered and logged in to see this link.]

Would locating the file and just deleting it work?

leylac
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-09-19
OS OS : windows vista
Points Points : 19203
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf

Post by Belahzur on 27th September 2011, 9:15 pm

Ahh, Qoobox.

Just delete the entire C:\Qoobox folder, it's only Combofix's quarantine folder.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum