Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton detects multiple intrusion attempts


  • This topic is locked This topic is locked
13 replies to this topic

#1 tomer100

tomer100

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 10 June 2010 - 03:24 AM

Hello - Recently my computer started acting up, after this occurred I downloaded the Norton anti virus software (frr60 day trial version). The software immediately started informing me that various intrusions have been blocked. After searching the internet to find a solution I came across this website.

Some additional information:
(1) When I restart my computer, half the time I can't get online. For some reason my computer wont detect the wireless network.
(2) I don't have the reboot disk
(3) I have tried to open the computer in safe mode but it just wont respond
(4) I tried to run the GMER scan but got a warning that there was a problem and that GMER had to shut down. After this occured the computer got licked up and I had to bleep it down at which, upon startup Norton detected something I had never seen before Backdoor.Tidserv!inf (manual removal required).
(5) Some of the other intrusion attempts that have been blocked are as follows:
- Network traffic from 91,212,226.59 matched the signature of a known attack. the attack was resulted from \device\harddiskvolume2\windows1\system32\svchost.exe
- Network traffic from 91,212,226.59 matched the signature of a known attack. the attack was resulted from \device\harddiskvolume2\program files\internet explorer/iexplorer.exe
- there are many many more that are similar to these

DDS.txt below and attach.txt attached per your instructions. Let me know if there is anything else you need. Thanks in advance for the helps

DDS (Ver_10-03-17.01) - NTFSx86
Run by Tomer at 23:25:18.38 on Wed 06/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.632 [GMT -7:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS1\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS1\System32\svchost.exe -k netsvcs
C:\WINDOWS1\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS1\System32\WLTRYSVC.EXE
C:\WINDOWS1\System32\bcmwltry.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\system32\rundll32.exe
C:\WINDOWS1\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\WINDOWS1\system32\WLTRAY.exe
C:\WINDOWS1\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS1\system32\igfxsrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
svchost.exe
C:\WINDOWS1\eHome\ehRecvr.exe
C:\WINDOWS1\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS1\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS1\system32\dllhost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS1\eHome\ehmsas.exe
C:\WINDOWS1\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\javaws.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\MCUI32.EXE
C:\Program Files\Norton 360\Engine\4.2.0.12\MCUI32.EXE
C:\Program Files\Norton 360\Engine\4.2.0.12\MCUI32.EXE
C:\Program Files\Norton 360\Engine\4.2.0.12\MCUI32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Tomer\Local Settings\Temporary Internet Files\Content.IE5\QW6AO32Z\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.2.0.12\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows1\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [ehTray] c:\windows1\ehome\ehtray.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [POEngine]
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [Broadcom Wireless Manager UI] c:\windows1\system32\WLTRAY.exe
mRun: [IgfxTray] c:\windows1\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows1\system32\hkcmd.exe
mRun: [Persistence] c:\windows1\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StormCodec_Helper] "c:\program files\ringz studio\storm codec\StormSet.exe" /S /opti
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\docume~1\tomer\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\tomer\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\alluse~2.win\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~2.win\startm~1\programs\startup\office~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hposol08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://portal.katzandassociates.com/XTSAC.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201578675265
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201578664671
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows1\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tomer\applic~1\mozilla\firefox\profiles\xog9jkfs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
FF - component: c:\documents and settings\all users.windows1\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users.windows1\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\tomer\application data\move networks\plugins\npqmp071503000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows1\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows1\system32\drivers\Lbd.sys [2009-7-21 64160]
R0 SymDS;Symantec Data Store;c:\windows1\system32\drivers\n360\0402000.00c\symds.sys [2010-6-3 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows1\system32\drivers\n360\0402000.00c\symefa.sys [2010-6-3 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users.windows1\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20100429.001\BHDrvx86.sys [2010-4-29 537136]
R1 ccHP;Symantec Hash Provider;c:\windows1\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-6-3 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows1\system32\drivers\n360\0402000.00c\ironx86.sys [2010-6-3 116784]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1029456]
R2 McrdSvc;Media Center Extender Service;c:\windows1\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.2.0.12\ccsvchst.exe [2010-6-3 126392]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-7-24 102400]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-3 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users.windows1\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20100604.004\IDSXpx86.sys [2010-6-8 331640]
R3 NAVENG;NAVENG;c:\documents and settings\all users.windows1\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20100609.022\NAVENG.SYS [2010-6-9 85552]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users.windows1\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20100609.022\NAVEX15.SYS [2010-6-9 1347504]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows1\system32\drivers\SCR3XX2K.sys [2009-5-10 47488]

=============== Created Last 30 ================

2010-06-10 06:12:30 0 ----a-w- c:\documents and settings\tomer\defogger_reenable
2010-06-04 03:24:54 26600 ----a-r- c:\windows1\system32\drivers\GEARAspiWDM.sys
2010-06-04 03:24:54 107368 ----a-r- c:\windows1\system32\GEARAspi.dll
2010-06-04 03:24:16 805 ----a-w- c:\windows1\system32\drivers\SYMEVENT.INF
2010-06-04 03:24:16 7443 ----a-w- c:\windows1\system32\drivers\SYMEVENT.CAT
2010-06-04 03:24:16 60808 ----a-w- c:\windows1\system32\S32EVNT1.DLL
2010-06-04 03:24:16 124976 ----a-w- c:\windows1\system32\drivers\SYMEVENT.SYS
2010-06-04 03:23:41 0 d-----w- c:\windows1\system32\drivers\N360
2010-06-04 03:23:39 0 d-----w- c:\program files\Norton 360
2010-06-04 03:23:21 0 d-----w- c:\program files\NortonInstaller
2010-06-04 03:23:21 0 d-----w- c:\docume~1\alluse~2.win\applic~1\NortonInstaller
2010-06-04 03:18:42 0 d-----w- c:\docume~1\alluse~2.win\applic~1\Norton
2010-06-04 02:45:18 0 d--h--w- c:\docume~1\alluse~2.win\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2010-06-03 04:27:34 0 d-----w- c:\windows1\system32\wbem\Repository
2010-05-27 03:50:22 0 dc----w- c:\docume~1\alluse~2.win\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-26 04:52:51 882 ----a-w- c:\windows1\RegSDImport.xml
2010-05-26 04:52:51 879 ----a-w- c:\windows1\RegISSImport.xml
2010-05-26 04:52:51 131 ----a-w- c:\windows1\IDB.zip
2010-05-26 04:52:51 1152444 ----a-w- c:\windows1\UDB.zip
2010-05-26 04:51:06 0 d-----w- c:\program files\Spyware Doctor
2010-05-26 04:51:06 0 d-----w- c:\program files\common files\PC Tools
2010-05-25 00:48:37 54 ----a-w- c:\windows1\system32\rp_stats.dat
2010-05-25 00:48:37 39 ----a-w- c:\windows1\system32\rp_rules.dat
2010-05-19 01:35:40 0 d-----w- c:\docume~1\alluse~2.win\applic~1\DivX

==================== Find3M ====================

2010-03-31 01:58:04 133616 -c----w- c:\windows1\system32\pxafs.dll
2010-03-31 01:58:04 125424 -c----w- c:\windows1\system32\pxinsi64.exe
2010-03-31 01:58:04 123888 -c----w- c:\windows1\system32\pxcpyi64.exe
2008-08-18 07:43:32 32768 -csha-w- c:\windows1\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081820080819\index.dat

============= FINISH: 23:26:57.21 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:27 PM

Posted 15 June 2010 - 05:37 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 tomer100

tomer100
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 24 June 2010 - 12:14 AM

Thanks for helping me out. I have tried over and over but cant get GMER to run, it freezes my computer every time. Also I cant seem to get the computer to start in safe mode. Also when I ran the OTL the first time I did get both the OTListIt.txt and the Extra.txt but then, as I mentioned in the prior sentence, I ran the GMER and my computer froze. As such I had to run the OTL again but every time I do it I only get one Log that results which is as follows.

OTL.Txt

OTL logfile created on: 6/23/2010 9:56:55 PM - Run 4
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Tomer\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS1 | %ProgramFiles% = C:\Program Files
Drive C: | 65.21 Gb Total Space | 8.13 Gb Free Space | 12.47% Space Free | Partition Type: NTFS
Drive D: | 21.86 Gb Total Space | 21.55 Gb Free Space | 98.58% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOMER-3ADCBE0BA
Current User Name: Tomer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/23 21:56:27 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomer\My Documents\Downloads\OTL(3).exe
PRC - [2010/04/01 10:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/08 18:55:06 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/08 18:55:05 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccsvchst.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/10/11 05:17:33 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaws.exe
PRC - [2009/10/11 05:17:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/07/24 16:22:50 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS1\explorer.exe
PRC - [2007/10/08 14:27:02 | 000,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/10/08 14:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/10/08 14:01:54 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2005/02/23 15:57:24 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Mixer\CTSVolFE.exe


========== Modules (SafeList) ==========

MOD - [2010/06/23 21:56:27 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomer\My Documents\Downloads\OTL(3).exe
MOD - [2010/05/13 22:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS1\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/08 18:55:05 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/07/24 16:22:50 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2008/01/28 19:42:46 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2007/10/08 14:27:02 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/10/08 14:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/10/08 14:01:54 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/03/09 13:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS1\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/06/03 20:24:15 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/03 01:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100623.024\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/06/03 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/03 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/06/03 01:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100623.024\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/28 12:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100623.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/22 11:16:04 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100619.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/05/05 21:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS1\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/28 22:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 20:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS1\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 19:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS1\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 19:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 17:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2010/02/03 18:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2009/07/03 07:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS1\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/26 06:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/08/27 11:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS1\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/30 21:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS1\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS1\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS1\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/07 05:35:00 | 000,047,488 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\SCR3XX2K.sys -- (SCR3xx USB Smart Card Reader)
DRV - [2006/10/17 12:55:28 | 001,711,104 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/08/09 11:11:58 | 000,156,288 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2006/08/07 11:30:52 | 000,162,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2006/03/08 13:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/01/18 11:17:38 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/01/18 06:44:46 | 000,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/12/08 03:54:52 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/12/08 03:54:44 | 000,142,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/12/01 01:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 01:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 01:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS1\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/10/14 20:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\BrScnUsb.sys -- (BrScnUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS1\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1292428093-261478967-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS1\system32\blank.htm
IE - HKU\S-1-5-21-1292428093-261478967-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1292428093-261478967-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {fd048119-78ee-487f-8fb1-1668d3a6859b}:2.6.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..keyword.URL: "http://radiobar.toolbarhome.com/search.aspx?srch=ku&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users.WINDOWS1\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/06/08 17:14:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users.WINDOWS1\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/06/03 20:25:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/15 15:07:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/03 19:45:43 | 000,000,000 | ---D | M]

[2010/01/22 00:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomer\Application Data\Mozilla\Extensions
[2010/01/22 00:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomer\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/06/23 19:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomer\Application Data\Mozilla\Firefox\Profiles\xog9jkfs.default\extensions
[2009/09/09 16:35:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tomer\Application Data\Mozilla\Firefox\Profiles\xog9jkfs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/03 19:13:35 | 000,000,000 | ---D | M] (Alltid Hattrick Statistics) -- C:\Documents and Settings\Tomer\Application Data\Mozilla\Firefox\Profiles\xog9jkfs.default\extensions\{fd048119-78ee-487f-8fb1-1668d3a6859b}
[2010/03/08 20:02:51 | 000,001,589 | ---- | M] () -- C:\Documents and Settings\Tomer\Application Data\Mozilla\Firefox\Profiles\xog9jkfs.default\searchplugins\web-search.xml
[2010/06/23 19:31:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/22 17:14:00 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/03 19:40:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

O1 HOSTS File: ([2010/05/26 22:05:36 | 000,395,292 | R--- | M]) - C:\WINDOWS1\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13652 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1292428093-261478967-725345543-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CTSVolFE.exe] C:\Program Files\Creative\Mixer\CTSVolFE.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [POEngine] File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-1292428093-261478967-725345543-1003..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe File not found
O4 - HKU\S-1-5-21-1292428093-261478967-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Fat Tom.FATTOM\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS1\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS1\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1292428093-261478967-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://portal.katzandassociates.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1201578675265 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1201578664671 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS1\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS1\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tomer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tomer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c224d652-0222-11de-994c-001641750a23}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS1\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/23 17:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomer\Application Data\Tific
[2010/06/23 17:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomer\Local Settings\Application Data\Symantec
[2010/06/10 03:11:58 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS1\System32\dllcache\iedvtool.dll
[2010/06/03 23:30:17 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/06/03 23:30:16 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\symtdi.sys
[2010/06/03 23:30:14 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\symefa.sys
[2010/06/03 23:30:13 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\symds.sys
[2010/06/03 23:30:13 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\srtspx.sys
[2010/06/03 23:30:12 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\srtsp.sys
[2010/06/03 23:30:11 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\ironx86.sys
[2010/06/03 23:30:09 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\cchpx86.sys
[2010/06/03 23:26:36 | 000,000,000 | ---D | C] -- C:\WINDOWS1\System32\drivers\N360\0402000.00C
[2010/06/03 20:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomer\My Documents\Symantec
[2010/06/03 20:24:54 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\WINDOWS1\System32\GEARAspi.dll
[2010/06/03 20:24:16 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS1\System32\drivers\SYMEVENT.SYS
[2010/06/03 20:24:16 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS1\System32\S32EVNT1.DLL
[2010/06/03 20:23:41 | 000,000,000 | ---D | C] -- C:\WINDOWS1\System32\drivers\N360
[2010/06/03 20:23:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/06/03 20:23:39 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2010/06/03 20:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/06/03 20:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\NortonInstaller
[2010/06/03 20:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS1\Documents\Norton
[2010/06/03 20:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Norton
[2010/06/03 19:45:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2010/06/03 19:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomer\Desktop\TSmanagment
[2010/06/02 21:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Sun
[2010/06/02 21:11:46 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS1\System32\javaws.exe
[2010/06/02 21:11:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS1\System32\javaw.exe
[2010/06/02 21:11:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS1\System32\java.exe
[2010/05/27 20:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomer\Desktop\Back to Desktop
[2010/05/26 20:50:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/25 21:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/05/25 21:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[6 C:\WINDOWS1\*.tmp files -> C:\WINDOWS1\*.tmp -> ]
[10 C:\WINDOWS1\System32\*.tmp files -> C:\WINDOWS1\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/23 21:30:16 | 000,000,472 | ---- | M] () -- C:\WINDOWS1\tasks\Ad-Aware Update (Weekly).job
[2010/06/23 19:17:25 | 000,000,439 | ---- | M] () -- C:\WINDOWS1\System32\drivers\etc\hosts.ics
[2010/06/23 19:15:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS1\tasks\SA.DAT
[2010/06/23 19:15:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS1\bootstat.dat
[2010/06/23 17:05:47 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Tomer\ntuser.dat
[2010/06/23 17:05:47 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Tomer\ntuser.ini
[2010/06/23 16:46:42 | 000,506,244 | ---- | M] () -- C:\WINDOWS1\System32\PerfStringBackup.INI
[2010/06/23 16:46:42 | 000,444,596 | ---- | M] () -- C:\WINDOWS1\System32\perfh009.dat
[2010/06/23 16:46:42 | 000,072,306 | ---- | M] () -- C:\WINDOWS1\System32\perfc009.dat
[2010/06/23 16:32:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS1\System32\wpa.dbl
[2010/06/11 03:53:31 | 000,138,056 | ---- | M] () -- C:\WINDOWS1\System32\FNTCACHE.DAT
[2010/06/11 03:36:33 | 000,658,842 | ---- | M] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\Cat.DB
[2010/06/11 03:35:35 | 000,000,725 | ---- | M] () -- C:\WINDOWS1\win.ini
[2010/06/11 03:33:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS1\imsins.BAK
[2010/06/09 23:29:52 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Tomer\Desktop\gmer.zip
[2010/06/09 23:12:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tomer\defogger_reenable
[2010/06/08 15:54:16 | 000,097,792 | ---- | M] () -- C:\Documents and Settings\Tomer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/04 05:46:56 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS1\Desktop\Norton 360.LNK
[2010/06/03 20:24:15 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS1\System32\drivers\SYMEVENT.SYS
[2010/06/03 20:24:15 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS1\System32\S32EVNT1.DLL
[2010/06/03 20:24:15 | 000,007,443 | ---- | M] () -- C:\WINDOWS1\System32\drivers\SYMEVENT.CAT
[2010/06/03 20:24:15 | 000,000,805 | ---- | M] () -- C:\WINDOWS1\System32\drivers\SYMEVENT.INF
[2010/06/03 20:18:43 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\Tomer\Desktop\Norton Installation Files.lnk
[2010/05/26 22:05:36 | 000,395,292 | R--- | M] () -- C:\WINDOWS1\System32\drivers\etc\hosts
[2010/05/26 20:30:39 | 000,000,054 | ---- | M] () -- C:\WINDOWS1\System32\rp_stats.dat
[2010/05/26 20:30:39 | 000,000,039 | ---- | M] () -- C:\WINDOWS1\System32\rp_rules.dat
[6 C:\WINDOWS1\*.tmp files -> C:\WINDOWS1\*.tmp -> ]
[10 C:\WINDOWS1\System32\*.tmp files -> C:\WINDOWS1\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/10 00:06:16 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Tomer\Desktop\gmer.exe
[2010/06/09 23:29:52 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Tomer\Desktop\gmer.zip
[2010/06/09 23:12:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tomer\defogger_reenable
[2010/06/04 05:43:31 | 000,658,842 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\Cat.DB
[2010/06/03 23:30:15 | 000,007,787 | R--- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\symnetv.cat
[2010/06/03 23:30:15 | 000,001,473 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/06/03 23:30:14 | 000,007,873 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\symefa.cat
[2010/06/03 23:30:14 | 000,007,368 | R--- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\symnet.cat
[2010/06/03 23:30:14 | 000,003,373 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\symefa.inf
[2010/06/03 23:30:14 | 000,001,445 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\symnet.inf
[2010/06/03 23:30:13 | 000,007,442 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\srtspx.cat
[2010/06/03 23:30:13 | 000,007,425 | R--- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\symds.cat
[2010/06/03 23:30:13 | 000,002,793 | R--- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\symds.inf
[2010/06/03 23:30:13 | 000,001,388 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\srtspx.inf
[2010/06/03 23:30:11 | 000,007,438 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\srtsp.cat
[2010/06/03 23:30:11 | 000,001,382 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\srtsp.inf
[2010/06/03 23:30:10 | 000,007,438 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\iron.cat
[2010/06/03 23:30:10 | 000,000,741 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\iron.inf
[2010/06/03 23:30:08 | 000,007,396 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\cchpx86.cat
[2010/06/03 23:30:08 | 000,001,754 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\cchpx86.inf
[2010/06/03 23:26:36 | 000,000,172 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\isolate.ini
[2010/06/03 20:24:16 | 000,007,443 | ---- | C] () -- C:\WINDOWS1\System32\drivers\SYMEVENT.CAT
[2010/06/03 20:24:16 | 000,000,805 | ---- | C] () -- C:\WINDOWS1\System32\drivers\SYMEVENT.INF
[2010/06/03 20:24:08 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS1\Desktop\Norton 360.LNK
[2010/06/03 20:18:42 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\Tomer\Desktop\Norton Installation Files.lnk
[2010/05/26 20:50:21 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Tomer\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/05/26 20:50:20 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS1\Desktop\Ad-Aware.lnk
[2010/05/26 20:36:12 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS1\Desktop\Adobe Reader 9.lnk
[2010/05/25 21:52:51 | 001,152,444 | ---- | C] () -- C:\WINDOWS1\UDB.zip
[2010/05/25 21:52:51 | 000,000,882 | ---- | C] () -- C:\WINDOWS1\RegSDImport.xml
[2010/05/25 21:52:51 | 000,000,879 | ---- | C] () -- C:\WINDOWS1\RegISSImport.xml
[2010/05/25 21:52:51 | 000,000,131 | ---- | C] () -- C:\WINDOWS1\IDB.zip
[2009/07/15 11:33:56 | 000,204,800 | ---- | C] () -- C:\WINDOWS1\System32\igfxCoIn_v4814.dll
[2009/07/15 11:30:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS1\System32\preflib.dll
[2009/07/15 11:30:02 | 000,757,760 | ---- | C] () -- C:\WINDOWS1\System32\bcm1xsup.dll
[2009/07/15 10:34:26 | 000,022,629 | ---- | C] () -- C:\WINDOWS1\System32\CiFilter.ini
[2009/05/17 20:11:24 | 000,053,760 | ---- | C] () -- C:\WINDOWS1\System32\Zlib.dll
[2008/11/23 12:03:42 | 000,000,419 | ---- | C] () -- C:\WINDOWS1\BRWMARK.INI
[2008/11/23 12:03:42 | 000,000,027 | ---- | C] () -- C:\WINDOWS1\BRPP2KA.INI
[2008/03/14 16:30:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS1\hpqEmlSz.INI
[2008/01/28 20:44:03 | 000,000,379 | ---- | C] () -- C:\WINDOWS1\ODBC.INI
[2008/01/28 20:03:15 | 000,016,480 | ---- | C] () -- C:\WINDOWS1\System32\rixdicon.dll
[2007/03/27 00:55:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS1\System32\qt-dx331.dll
[2007/02/22 08:17:50 | 000,000,071 | ---- | C] () -- C:\WINDOWS1\pn.ini
[2007/02/22 08:17:50 | 000,000,051 | ---- | C] () -- C:\WINDOWS1\pr.ini
[2006/10/31 23:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS1\System32\xvidvfw.dll
[2006/10/31 23:52:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS1\System32\xvidcore.dll
[2006/05/26 06:29:14 | 000,005,120 | ---- | C] () -- C:\WINDOWS1\System32\ff_vfw.dll
[2006/04/03 05:26:36 | 000,000,547 | ---- | C] () -- C:\WINDOWS1\System32\ff_vfw.dll.manifest
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS1\System32\psisdecd.dll
[2003/05/14 23:39:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS1\System32\unrar.dll
[2003/03/09 13:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS1\System32\hpotscl.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS1\System32\OUTLPERF.INI
[2002/05/14 21:58:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS1\System32\v2k2_dec.dll
< End of report >





#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:27 PM

Posted 24 June 2010 - 03:39 AM

Hello again, please try to run GMER with only the Sections option checked.

Please rerun OTL, make sure Use Safelist is checked under "Extra registry" and click Run Scan. Post me extra.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 tomer100

tomer100
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 28 June 2010 - 07:45 PM

Tried to run GMER again, got blue screened.

Ran OTL again. OTL.txt and Extras.txt are below

OTL:

OTL logfile created on: 6/28/2010 5:32:51 PM - Run 5
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Tomer\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS1 | %ProgramFiles% = C:\Program Files
Drive C: | 65.21 Gb Total Space | 9.97 Gb Free Space | 15.29% Space Free | Partition Type: NTFS
Drive D: | 21.86 Gb Total Space | 21.55 Gb Free Space | 98.57% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOMER-3ADCBE0BA
Current User Name: Tomer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/28 17:31:38 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomer\My Documents\Downloads\OTL(4).exe
PRC - [2010/06/24 18:40:55 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/08 18:55:06 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/08 18:55:05 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccsvchst.exe
PRC - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/07/24 16:22:50 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS1\explorer.exe
PRC - [2007/10/08 14:27:02 | 000,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/10/08 14:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/10/08 14:01:54 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2005/02/23 15:57:24 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Mixer\CTSVolFE.exe


========== Modules (SafeList) ==========

MOD - [2010/06/28 17:31:38 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomer\My Documents\Downloads\OTL(4).exe
MOD - [2010/05/13 22:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS1\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/08 18:55:05 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/07/24 16:22:50 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2008/01/28 19:42:46 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2007/10/08 14:27:02 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/10/08 14:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/10/08 14:01:54 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/03/09 13:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS1\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/06/03 20:24:15 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/03 01:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100624.037\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/06/03 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/03 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/06/03 01:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100624.037\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/28 12:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100624.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/22 11:16:04 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100619.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/05/05 21:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS1\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/28 22:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 20:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS1\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 19:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS1\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 19:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 17:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS1\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2010/02/03 18:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS1\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2009/07/03 07:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS1\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/26 06:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/08/27 11:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS1\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/30 21:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS1\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS1\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS1\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/07 05:35:00 | 000,047,488 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\SCR3XX2K.sys -- (SCR3xx USB Smart Card Reader)
DRV - [2006/10/17 12:55:28 | 001,711,104 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/08/09 11:11:58 | 000,156,288 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2006/08/07 11:30:52 | 000,162,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2006/03/08 13:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/01/18 11:17:38 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/01/18 06:44:46 | 000,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/12/08 03:54:52 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/12/08 03:54:44 | 000,142,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/12/01 01:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 01:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 01:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS1\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS1\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/10/14 20:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS1\system32\drivers\BrScnUsb.sys -- (BrScnUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS1\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS1\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {fd048119-78ee-487f-8fb1-1668d3a6859b}:2.6.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..keyword.URL: "http://radiobar.toolbarhome.com/search.aspx?srch=ku&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users.WINDOWS1\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/06/08 17:14:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users.WINDOWS1\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/06/03 20:25:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/24 18:41:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/24 18:41:06 | 000,000,000 | ---D | M]

[2010/01/22 00:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomer\Application Data\Mozilla\Extensions
[2010/01/22 00:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomer\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/06/23 19:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomer\Application Data\Mozilla\Firefox\Profiles\xog9jkfs.default\extensions
[2009/09/09 16:35:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tomer\Application Data\Mozilla\Firefox\Profiles\xog9jkfs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/03 19:13:35 | 000,000,000 | ---D | M] (Alltid Hattrick Statistics) -- C:\Documents and Settings\Tomer\Application Data\Mozilla\Firefox\Profiles\xog9jkfs.default\extensions\{fd048119-78ee-487f-8fb1-1668d3a6859b}
[2010/03/08 20:02:51 | 000,001,589 | ---- | M] () -- C:\Documents and Settings\Tomer\Application Data\Mozilla\Firefox\Profiles\xog9jkfs.default\searchplugins\web-search.xml
[2010/06/23 19:31:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/22 17:14:00 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/03 19:40:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

O1 HOSTS File: ([2010/05/26 22:05:36 | 000,395,292 | R--- | M]) - C:\WINDOWS1\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13652 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CTSVolFE.exe] C:\Program Files\Creative\Mixer\CTSVolFE.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [POEngine] File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS1\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS1\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://portal.katzandassociates.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1201578675265 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1201578664671 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS1\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS1\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tomer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tomer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c224d652-0222-11de-994c-001641750a23}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS1\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/28 17:25:28 | 000,000,000 | ---D | C] -- C:\WINDOWS1\Minidump
[2010/06/23 17:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomer\Application Data\Tific
[2010/06/23 17:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomer\Local Settings\Application Data\Symantec
[2010/06/10 03:11:58 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS1\System32\dllcache\iedvtool.dll
[2010/06/03 23:30:17 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/06/03 23:30:16 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\symtdi.sys
[2010/06/03 23:30:14 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\symefa.sys
[2010/06/03 23:30:13 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\symds.sys
[2010/06/03 23:30:13 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\srtspx.sys
[2010/06/03 23:30:12 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\srtsp.sys
[2010/06/03 23:30:11 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\ironx86.sys
[2010/06/03 23:30:09 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\cchpx86.sys
[2010/06/03 23:26:36 | 000,000,000 | ---D | C] -- C:\WINDOWS1\System32\drivers\N360\0402000.00C
[2010/06/03 20:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomer\My Documents\Symantec
[2010/06/03 20:24:54 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\WINDOWS1\System32\GEARAspi.dll
[2010/06/03 20:24:16 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS1\System32\drivers\SYMEVENT.SYS
[2010/06/03 20:24:16 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS1\System32\S32EVNT1.DLL
[2010/06/03 20:23:41 | 000,000,000 | ---D | C] -- C:\WINDOWS1\System32\drivers\N360
[2010/06/03 20:23:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/06/03 20:23:39 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2010/06/03 20:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/06/03 20:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\NortonInstaller
[2010/06/03 20:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS1\Documents\Norton
[2010/06/03 20:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Norton
[2010/06/03 19:45:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2010/06/03 19:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomer\Desktop\TSmanagment
[2010/06/02 21:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Sun
[2010/06/02 21:11:46 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS1\System32\javaws.exe
[2010/06/02 21:11:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS1\System32\javaw.exe
[2010/06/02 21:11:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS1\System32\java.exe
[6 C:\WINDOWS1\*.tmp files -> C:\WINDOWS1\*.tmp -> ]
[10 C:\WINDOWS1\System32\*.tmp files -> C:\WINDOWS1\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/28 17:25:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS1\tasks\SA.DAT
[2010/06/28 17:25:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS1\bootstat.dat
[2010/06/24 19:38:00 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Tomer\Desktop\Southwest.xls
[2010/06/24 18:40:57 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Tomer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/06/24 18:40:16 | 000,523,570 | ---- | M] () -- C:\WINDOWS1\System32\PerfStringBackup.INI
[2010/06/24 18:40:16 | 000,444,596 | ---- | M] () -- C:\WINDOWS1\System32\perfh009.dat
[2010/06/24 18:40:16 | 000,072,306 | ---- | M] () -- C:\WINDOWS1\System32\perfc009.dat
[2010/06/23 21:30:16 | 000,000,472 | ---- | M] () -- C:\WINDOWS1\tasks\Ad-Aware Update (Weekly).job
[2010/06/23 17:05:47 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Tomer\ntuser.dat
[2010/06/23 17:05:47 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Tomer\ntuser.ini
[2010/06/23 16:32:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS1\System32\wpa.dbl
[2010/06/11 03:53:31 | 000,138,056 | ---- | M] () -- C:\WINDOWS1\System32\FNTCACHE.DAT
[2010/06/11 03:36:33 | 000,658,842 | ---- | M] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\Cat.DB
[2010/06/11 03:35:35 | 000,000,725 | ---- | M] () -- C:\WINDOWS1\win.ini
[2010/06/11 03:33:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS1\imsins.BAK
[2010/06/09 23:29:52 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Tomer\Desktop\gmer.zip
[2010/06/09 23:12:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tomer\defogger_reenable
[2010/06/08 15:54:16 | 000,097,792 | ---- | M] () -- C:\Documents and Settings\Tomer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/04 05:46:56 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS1\Desktop\Norton 360.LNK
[2010/06/03 20:24:15 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS1\System32\drivers\SYMEVENT.SYS
[2010/06/03 20:24:15 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS1\System32\S32EVNT1.DLL
[2010/06/03 20:24:15 | 000,007,443 | ---- | M] () -- C:\WINDOWS1\System32\drivers\SYMEVENT.CAT
[2010/06/03 20:24:15 | 000,000,805 | ---- | M] () -- C:\WINDOWS1\System32\drivers\SYMEVENT.INF
[2010/06/03 20:18:43 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\Tomer\Desktop\Norton Installation Files.lnk
[6 C:\WINDOWS1\*.tmp files -> C:\WINDOWS1\*.tmp -> ]
[10 C:\WINDOWS1\System32\*.tmp files -> C:\WINDOWS1\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/24 19:38:00 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Tomer\Desktop\Southwest.xls
[2010/06/10 00:06:16 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Tomer\Desktop\gmer.exe
[2010/06/09 23:29:52 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Tomer\Desktop\gmer.zip
[2010/06/09 23:12:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tomer\defogger_reenable
[2010/06/04 05:43:31 | 000,658,842 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\Cat.DB
[2010/06/03 23:30:15 | 000,007,787 | R--- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\symnetv.cat
[2010/06/03 23:30:15 | 000,001,473 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/06/03 23:30:14 | 000,007,873 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\symefa.cat
[2010/06/03 23:30:14 | 000,007,368 | R--- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\symnet.cat
[2010/06/03 23:30:14 | 000,003,373 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\symefa.inf
[2010/06/03 23:30:14 | 000,001,445 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\symnet.inf
[2010/06/03 23:30:13 | 000,007,442 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\srtspx.cat
[2010/06/03 23:30:13 | 000,007,425 | R--- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\symds.cat
[2010/06/03 23:30:13 | 000,002,793 | R--- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\symds.inf
[2010/06/03 23:30:13 | 000,001,388 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\srtspx.inf
[2010/06/03 23:30:11 | 000,007,438 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\srtsp.cat
[2010/06/03 23:30:11 | 000,001,382 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\srtsp.inf
[2010/06/03 23:30:10 | 000,007,438 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\iron.cat
[2010/06/03 23:30:10 | 000,000,741 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\iron.inf
[2010/06/03 23:30:08 | 000,007,396 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\cchpx86.cat
[2010/06/03 23:30:08 | 000,001,754 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\cchpx86.inf
[2010/06/03 23:26:36 | 000,000,172 | ---- | C] () -- C:\WINDOWS1\System32\drivers\N360\0402000.00C\isolate.ini
[2010/06/03 20:24:16 | 000,007,443 | ---- | C] () -- C:\WINDOWS1\System32\drivers\SYMEVENT.CAT
[2010/06/03 20:24:16 | 000,000,805 | ---- | C] () -- C:\WINDOWS1\System32\drivers\SYMEVENT.INF
[2010/06/03 20:24:08 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS1\Desktop\Norton 360.LNK
[2010/06/03 20:18:42 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\Tomer\Desktop\Norton Installation Files.lnk
[2009/07/15 11:33:56 | 000,204,800 | ---- | C] () -- C:\WINDOWS1\System32\igfxCoIn_v4814.dll
[2009/07/15 11:30:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS1\System32\preflib.dll
[2009/07/15 11:30:02 | 000,757,760 | ---- | C] () -- C:\WINDOWS1\System32\bcm1xsup.dll
[2009/07/15 10:34:26 | 000,022,629 | ---- | C] () -- C:\WINDOWS1\System32\CiFilter.ini
[2009/05/17 20:11:24 | 000,053,760 | ---- | C] () -- C:\WINDOWS1\System32\Zlib.dll
[2008/11/23 12:03:42 | 000,000,419 | ---- | C] () -- C:\WINDOWS1\BRWMARK.INI
[2008/11/23 12:03:42 | 000,000,027 | ---- | C] () -- C:\WINDOWS1\BRPP2KA.INI
[2008/03/14 16:30:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS1\hpqEmlSz.INI
[2008/01/28 20:44:03 | 000,000,379 | ---- | C] () -- C:\WINDOWS1\ODBC.INI
[2008/01/28 20:03:15 | 000,016,480 | ---- | C] () -- C:\WINDOWS1\System32\rixdicon.dll
[2007/03/27 00:55:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS1\System32\qt-dx331.dll
[2007/02/22 08:17:50 | 000,000,071 | ---- | C] () -- C:\WINDOWS1\pn.ini
[2007/02/22 08:17:50 | 000,000,051 | ---- | C] () -- C:\WINDOWS1\pr.ini
[2006/10/31 23:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS1\System32\xvidvfw.dll
[2006/10/31 23:52:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS1\System32\xvidcore.dll
[2006/05/26 06:29:14 | 000,005,120 | ---- | C] () -- C:\WINDOWS1\System32\ff_vfw.dll
[2006/04/03 05:26:36 | 000,000,547 | ---- | C] () -- C:\WINDOWS1\System32\ff_vfw.dll.manifest
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS1\System32\psisdecd.dll
[2003/05/14 23:39:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS1\System32\unrar.dll
[2003/03/09 13:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS1\System32\hpotscl.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS1\System32\OUTLPERF.INI
[2002/05/14 21:58:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS1\System32\v2k2_dec.dll
< End of report >

Extra

OTL Extras logfile created on: 6/28/2010 5:32:51 PM - Run 5
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Tomer\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS1 | %ProgramFiles% = C:\Program Files
Drive C: | 65.21 Gb Total Space | 9.97 Gb Free Space | 15.29% Space Free | Partition Type: NTFS
Drive D: | 21.86 Gb Total Space | 21.55 Gb Free Space | 98.57% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOMER-3ADCBE0BA
Current User Name: Tomer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\MICROS~4\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PokerOffice\bin\javaw.exe" = C:\Program Files\PokerOffice\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- File not found
"C:\Documents and Settings\Tomer\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Tomer\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Tomer\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Tomer\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- File not found
"C:\Documents and Settings\Tomer\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Tomer\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- File not found
"C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" = C:\Program Files\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{12BB7942-1E1F-43D9-B441-4668C1629425}" = hp officejet 6100 series
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{231A1A09-FDF2-45F2-B3D1-964CECE372BC}" = Seagate Manager Installer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA156277-D012-4509-9F9D-5587357B7207}" = Costco Photo Organizer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{C9B8D365-A6C3-4C4D-9624-0F0078FEB1B4}" = Sentrilock Card Utility
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD04643-5246-48AC-9D8C-F43A37BB8F36}" = WD Drive Manager (x86)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E89956F9-5B89-470E-818D-BD46102D0A01}" = Citrix Presentation Server Client
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"3635FC5A3FE7DACCEF2123BDBDA808BA811B977B" = Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)
"452416B030C25BAA383F3DA368FECD5D48FAE727" = Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"C4B4D7F5499921DF57A4F6B55E59E0F50C2FE298" = Windows Driver Package - SCM Microsystems Inc. (SCR3xx USB Smart Card Reader) SmartCardReader (11/07/2006 4.35.00.01)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CTMBDemo_Audigy" = Sound Blaster Audigy ADVANCED MB Demo
"DivX Content Uploader" = DivX Content Uploader
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"F631A62FA5E06534A0FE3637D75AAA5B1D3E4FB7" = Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
"GoToAssist" = GoToAssist 8.0.0.480
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP OfficeJet 6100 Series" = HP Photo and Imaging 2.0 - hp officejet 6100 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{231A1A09-FDF2-45F2-B3D1-964CECE372BC}" = Seagate Manager Installer
"InstallShield_{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"LimeWire" = LimeWire 5.3.6
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MIXERLITE" = Mixer
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton 360
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel® PROSet/Wireless Software
"Real Estate Transaction Viewer" = Real Estate Transaction Viewer
"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Storm Codec 5" = Storm Codec
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/9/2010 9:01:09 PM | Computer Name = TOMER-3ADCBE0BA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 6/10/2010 3:12:25 AM | Computer Name = TOMER-3ADCBE0BA | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, faulting module
gmer.exe, version 1.0.15.15281, fault address 0x0000c4b1.

Error - 6/10/2010 3:41:23 AM | Computer Name = TOMER-3ADCBE0BA | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, faulting module
gmer.exe, version 1.0.15.15281, fault address 0x0000c4b1.

Error - 6/17/2010 12:30:16 AM | Computer Name = TOMER-3ADCBE0BA | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 6/23/2010 10:56:03 PM | Computer Name = TOMER-3ADCBE0BA | Source = Application Hang | ID = 1002
Description = Hanging application OTL(2).exe, version 3.2.7.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/23/2010 10:56:37 PM | Computer Name = TOMER-3ADCBE0BA | Source = Application Hang | ID = 1002
Description = Hanging application OTL(2).exe, version 3.2.7.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/23/2010 10:57:34 PM | Computer Name = TOMER-3ADCBE0BA | Source = Application Hang | ID = 1002
Description = Hanging application OTL(2).exe, version 3.2.7.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/23/2010 10:57:50 PM | Computer Name = TOMER-3ADCBE0BA | Source = Application Hang | ID = 1002
Description = Hanging application OTL(2).exe, version 3.2.7.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/23/2010 10:57:58 PM | Computer Name = TOMER-3ADCBE0BA | Source = Application Hang | ID = 1002
Description = Hanging application OTL(2).exe, version 3.2.7.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/23/2010 10:58:03 PM | Computer Name = TOMER-3ADCBE0BA | Source = Application Hang | ID = 1002
Description = Hanging application OTL(2).exe, version 3.2.7.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 6/22/2010 5:51:37 PM | Computer Name = TOMER-3ADCBE0BA | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 10.0.1.2 on the
Network
Card with network address 00130289C428.

Error - 6/23/2010 7:45:23 PM | Computer Name = TOMER-3ADCBE0BA | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/23/2010 7:45:23 PM | Computer Name = TOMER-3ADCBE0BA | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/23/2010 7:53:49 PM | Computer Name = TOMER-3ADCBE0BA | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume2'. It has stopped
monitoring the volume.

Error - 6/23/2010 10:07:40 PM | Computer Name = TOMER-3ADCBE0BA | Source = DCOM | ID = 10010
Description = The server {B2B3C70A-B20F-40B7-90C5-EA7E946C16E0} did not register
with DCOM within the required timeout.

Error - 6/23/2010 10:09:50 PM | Computer Name = TOMER-3ADCBE0BA | Source = DCOM | ID = 10010
Description = The server {B2B3C70A-B20F-40B7-90C5-EA7E946C16E0} did not register
with DCOM within the required timeout.

Error - 6/23/2010 10:12:01 PM | Computer Name = TOMER-3ADCBE0BA | Source = DCOM | ID = 10010
Description = The server {B2B3C70A-B20F-40B7-90C5-EA7E946C16E0} did not register
with DCOM within the required timeout.

Error - 6/23/2010 10:14:24 PM | Computer Name = TOMER-3ADCBE0BA | Source = DCOM | ID = 10010
Description = The server {B2B3C70A-B20F-40B7-90C5-EA7E946C16E0} did not register
with DCOM within the required timeout.

Error - 6/28/2010 8:16:58 PM | Computer Name = TOMER-3ADCBE0BA | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 10.0.1.2 on the
Network
Card with network address 00130289C428.

Error - 6/28/2010 8:25:36 PM | Computer Name = TOMER-3ADCBE0BA | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume2'. It has stopped
monitoring the volume.


< End of report >


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:27 PM

Posted 29 June 2010 - 04:42 AM

Hello again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 tomer100

tomer100
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 29 June 2010 - 11:56 PM

Hello again. The following is the log that appeared after I ran the combo fix. It was named log.txt

ComboFix 10-06-29.03 - Tomer 06/29/2010 21:36:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.738 [GMT -7:00]
Running from: c:\documents and settings\Tomer\My Documents\Downloads\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
c:\windows1\system32\drivers\1028_DELL_XPS_MXC061 .MRK
c:\windows1\system32\drivers\DELL_XPS_MXC061 .MRK
c:\windows1\system32\st325602.dll

.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))
.

2010-06-24 00:02 . 2010-06-24 00:02 -------- d-----w- c:\documents and settings\Tomer\Application Data\Tific
2010-06-24 00:02 . 2010-06-24 00:02 -------- d-----w- c:\documents and settings\Tomer\Local Settings\Application Data\Symantec
2010-06-11 10:27 . 2010-06-11 10:27 -------- d-sh--w- c:\documents and settings\Default User.WINDOWS1\IETldCache
2010-06-10 10:11 . 2010-05-06 10:41 743424 -c----w- c:\windows1\system32\dllcache\iedvtool.dll
2010-06-04 03:24 . 2009-05-18 21:17 26600 ----a-r- c:\windows1\system32\drivers\GEARAspiWDM.sys
2010-06-04 03:24 . 2008-04-17 20:12 107368 ----a-r- c:\windows1\system32\GEARAspi.dll
2010-06-04 03:24 . 2010-06-04 03:24 60808 ----a-w- c:\windows1\system32\S32EVNT1.DLL
2010-06-04 03:24 . 2010-06-04 03:24 124976 ----a-w- c:\windows1\system32\drivers\SYMEVENT.SYS
2010-06-04 03:23 . 2010-06-04 12:50 -------- d-----w- c:\windows1\system32\drivers\N360
2010-06-04 03:23 . 2010-06-04 03:23 -------- d-----w- c:\program files\Norton 360
2010-06-04 03:23 . 2010-06-04 03:23 -------- d-----w- c:\program files\Windows Sidebar
2010-06-04 03:23 . 2010-06-04 03:23 -------- d-----w- c:\program files\NortonInstaller
2010-06-04 03:23 . 2010-06-04 03:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS1\Application Data\NortonInstaller
2010-06-04 03:18 . 2010-06-04 03:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS1\Application Data\Norton
2010-06-04 02:45 . 2010-06-04 02:45 -------- d--h--w- c:\documents and settings\All Users.WINDOWS1\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2010-06-03 04:27 . 2010-06-03 04:27 -------- d-----w- c:\windows1\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-30 04:24 . 2010-03-09 02:46 -------- d-----w- c:\documents and settings\Tomer\Application Data\uTorrent
2010-06-11 10:53 . 2010-01-31 18:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-10 07:23 . 2008-03-02 18:56 -------- d-----w- c:\documents and settings\Tomer\Application Data\Skype
2010-06-08 23:00 . 2008-03-02 18:57 -------- d-----w- c:\documents and settings\Tomer\Application Data\skypePM
2010-06-04 03:28 . 2006-06-03 04:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-04 03:24 . 2006-06-03 04:16 -------- d-----w- c:\program files\Symantec
2010-06-04 03:24 . 2010-06-04 03:24 805 ----a-w- c:\windows1\system32\drivers\SYMEVENT.INF
2010-06-04 03:24 . 2010-06-04 03:24 7443 ----a-w- c:\windows1\system32\drivers\SYMEVENT.CAT
2010-06-04 02:45 . 2006-06-09 01:59 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-04 02:44 . 2010-05-27 03:50 -------- dc----w- c:\documents and settings\All Users.WINDOWS1\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-04 02:42 . 2010-05-26 04:51 -------- d-----w- c:\program files\Spyware Doctor
2010-06-03 04:27 . 2010-05-26 04:51 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-03 04:12 . 2006-06-03 03:59 -------- d-----w- c:\program files\Common Files\Java
2010-06-03 04:11 . 2006-06-03 03:59 -------- d-----w- c:\program files\Java
2010-06-03 04:05 . 2010-01-22 07:14 -------- d-----w- c:\documents and settings\Tomer\Application Data\LimeWire
2010-05-27 03:50 . 2006-10-18 03:43 -------- d-----w- c:\program files\Lavasoft
2010-05-27 03:30 . 2010-05-25 00:48 54 ----a-w- c:\windows1\system32\rp_stats.dat
2010-05-27 03:30 . 2010-05-25 00:48 39 ----a-w- c:\windows1\system32\rp_rules.dat
2010-05-19 05:46 . 2010-03-09 02:46 -------- d-----w- c:\program files\uTorrent
2010-05-19 02:33 . 2010-05-19 02:33 56766 ----a-w- c:\documents and settings\All Users.WINDOWS1\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-19 02:33 . 2010-05-19 01:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS1\Application Data\DivX
2010-05-19 02:33 . 2009-07-17 00:33 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-19 02:33 . 2007-04-06 23:52 -------- d-----w- c:\program files\DivX
2010-05-19 02:33 . 2010-05-19 02:33 56978 ----a-w- c:\documents and settings\All Users.WINDOWS1\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-05-19 02:33 . 2010-05-19 02:33 53600 ----a-w- c:\documents and settings\All Users.WINDOWS1\Application Data\DivX\Update\Uninstaller.exe
2010-05-19 02:33 . 2010-05-19 02:33 57679 ----a-w- c:\documents and settings\All Users.WINDOWS1\Application Data\DivX\Player\Uninstaller.exe
2010-05-19 02:30 . 2010-05-19 02:30 56969 ----a-w- c:\documents and settings\All Users.WINDOWS1\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-19 01:35 . 2010-05-19 01:35 144696 ----a-w- c:\documents and settings\All Users.WINDOWS1\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-19 01:35 . 2010-05-19 02:33 754984 ----a-w- c:\documents and settings\All Users.WINDOWS1\Application Data\DivX\Setup\Resource.dll
2010-05-19 01:35 . 2010-05-19 02:33 1180952 ----a-w- c:\documents and settings\All Users.WINDOWS1\Application Data\DivX\Setup\DivXSetup.exe
2010-05-11 23:19 . 2009-06-28 20:08 1925088 -c--a-w- c:\documents and settings\Tomer\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-05-06 10:41 . 2006-03-04 03:33 916480 ----a-w- c:\windows1\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 11:00 1851264 ----a-w- c:\windows1\system32\win32k.sys
2010-04-20 05:30 . 2004-08-10 11:00 285696 ----a-w- c:\windows1\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-18 322352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows1\ehome\ehtray.exe" [2005-08-05 64512]
"MCUpdateExe"="c:\progra~1\McAfee.com\Agent\mcupdate.exe" [2006-01-11 212992]
"Broadcom Wireless Manager UI"="c:\windows1\system32\WLTRAY.exe" [2005-12-19 1347584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-01-29 02:42 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows1\system32\drivers\Lbd.sys [7/21/2009 5:47 PM 64160]
R0 SymDS;Symantec Data Store;c:\windows1\system32\drivers\N360\0402000.00C\symds.sys [6/3/2010 11:30 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows1\system32\drivers\N360\0402000.00C\symefa.sys [6/3/2010 11:30 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users.WINDOWS1\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100619.001\BHDrvx86.sys [6/22/2010 5:20 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows1\system32\drivers\N360\0402000.00C\cchpx86.sys [6/3/2010 11:30 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows1\system32\drivers\N360\0402000.00C\ironx86.sys [6/3/2010 11:30 PM 116784]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 2:35 PM 181544]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.2.0.12\ccsvchst.exe [6/3/2010 11:28 PM 126392]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 4:22 PM 102400]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/3/2010 8:27 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users.WINDOWS1\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100625.001\IDSXpx86.sys [6/28/2010 5:37 PM 331640]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 8:52 AM 1029456]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows1\system32\drivers\SCR3XX2K.sys [5/10/2009 4:03 PM 47488]
.
Contents of the 'Scheduled Tasks' folder

2010-06-29 c:\windows1\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 01:55]

2008-07-25 c:\windows1\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 6100 series5E771253C1676EBED677BF361FDFC537825E15B8205503807.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Tomer\Application Data\Mozilla\Firefox\Profiles\xog9jkfs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
FF - component: c:\documents and settings\All Users.WINDOWS1\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users.WINDOWS1\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Tomer\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows1\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKLM-Run-POEngine - (no file)
MSConfigStartUp-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-29 21:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(996)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
c:\windows1\System32\BCMLogon.dll
.
Completion time: 2010-06-29 21:46:57
ComboFix-quarantined-files.txt 2010-06-30 04:46

Pre-Run: 10,233,425,920 bytes free
Post-Run: 10,261,565,440 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS1
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS1="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 0FAC46095CEE7CEA7FD456E792DBA1F2


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:27 PM

Posted 30 June 2010 - 03:49 AM

Hello again,
At this point, please describe any problem you are still having.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 tomer100

tomer100
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 30 June 2010 - 07:19 PM

I am not sure because other then doing exactly what you say I am not using the computer. Shall I start using it to see if anything happens? From your end does it look the "infection" is gone?

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:27 PM

Posted 01 July 2010 - 02:29 AM

Yes, please use the computer for a bit and let me know how things are running. At my end things look good now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 tomer100

tomer100
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 06 July 2010 - 05:39 PM

Will do, but I take it I still shouldn't use it to access bank accounts and other sensitive information.



#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:27 PM

Posted 07 July 2010 - 05:40 AM

No, better not, until we are sure all is fine. Just do some random stuff, open a few applications, browse a bit and so on.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:27 PM

Posted 21 July 2010 - 06:24 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:27 PM

Posted 16 August 2010 - 07:04 AM

Due to lack of feedback, this topic will now be closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users