INfostealer how to remove

February 26, 2010 at 19:18:39
Specs: Windows XP
i cant seeem to get rid of infostealer i did a virus scan in safe mode and run a trojan hunter but still remoains any one know how to remove...
anyone know how to get rid of this????

See More: INfostealer how to remove

Report •


#1
February 26, 2010 at 20:01:38
Please run the following two scan and post their results. DDS will help find the problem files and Malwarebytes should clean some of the problem files and registry entries.

Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Save both reports to your desktop then post them please.

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.


Report •

#2
February 26, 2010 at 20:47:46

DDS (Ver_09-12-01.01) - NTFSx86
Run by tonny at 20:44:04.01 on Fri 02/26/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.449 [GMT -8:00]

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {B5510F6F-87E1-47F7-A411-360BC453007C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AGI\core\4.2.0.10752\AGCoreService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton2\navapsvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton2\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\tonny\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton2\NavShExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton2\NavShExt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe"
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [SB Audigy 2 Startup Menu] c:\program files\creative\sbaudigy2\program\startup menu\ChkColor.EXE
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
mRun: [ccRegVfy] c:\program files\common files\symantec shared\ccRegVfy.exe
mRun: [Advanced Tools Check] c:\progra~1\norton2\advtools\ADVCHK.EXE
StartupFolder: c:\docume~1\tonny\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\tonny\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\3.1.5.7617\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260941701890
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: NameServer = 93.188.162.206,93.188.166.59
TCP: {3BDDDD94-F39A-4DA3-83BB-DE9A8022390F} = 93.188.162.206,93.188.166.59
AppInit_DLLs: c:\windows\system32\0035.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tonny\applic~1\mozilla\firefox\profiles\3hjvjimu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\documents and settings\tonny\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - HiddenExtension: XULRunner: {B59CB0A9-8657-42E5-8032-03C6636C182D} - c:\documents and settings\tonny\local settings\application data\{B59CB0A9-8657-42E5-8032-03C6636C182D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-29 64288]
R2 AGCoreService;AG Core Services;c:\program files\agi\core\4.2.0.10752\AGCoreService.exe [2010-1-24 20480]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2002-8-8 308936]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton2\NAVAPSVC.EXE [2002-8-19 116336]
R2 NProtectService;Norton Unerase Protection;c:\program files\norton2\advtools\NPROTECT.EXE [2010-2-26 135168]
R2 SAVRTPEL;SAVRTPEL;c:\windows\system32\drivers\SAVRTPEL.SYS [2002-7-25 35552]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100224.035\NAVENG.Sys [2010-2-26 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100224.035\NavEx15.Sys [2010-2-26 1324720]
R3 SAVRT;SAVRT;c:\windows\system32\drivers\SAVRT.SYS [2002-7-25 235744]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2001-8-13 54408]
S3 ccPwdSvc;Symantec Password Validation Service;c:\program files\common files\symantec shared\ccPwdSvc.exe [2002-8-19 63176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-2-11 27064]

=============== Created Last 30 ================

2010-02-26 23:19:26 32 --sha-w- c:\windows\system32\{12FD4263-E478-47FC-9694-A07DC05AD7AF}.dat
2010-02-26 23:19:26 32 --sha-w- c:\windows\{BEBDDBD4-71CB-4194-9DBE-ED4D5E40C820}.dat
2010-02-26 23:19:23 14 ----a-w- c:\windows\system32\SR2.dat
2010-02-26 23:19:07 34578 ----a-w- c:\windows\system32\drivers\NPDRIVER.SYS
2010-02-26 23:18:55 83672 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-02-26 23:18:55 73224 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-26 23:18:55 123619 ----a-w- c:\windows\system32\SYMEVNT.386
2010-02-26 23:15:11 0 d-----w- c:\program files\Antivirus
2010-02-25 05:42:54 0 d-----w- C:\DeusEx
2010-02-25 04:30:14 520 ----a-w- c:\windows\_delis32.ini
2010-02-25 00:53:34 0 d-----w- c:\program files\Deux Ex
2010-02-24 23:59:46 0 d-----w- c:\windows\system32\Adobe
2010-02-24 21:56:02 0 d-----w- c:\program files\PowerISO
2010-02-23 22:51:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Readon
2010-02-23 08:23:03 0 d-----w- C:\Downloads
2010-02-23 06:43:08 0 d-----w- c:\program files\Red Storm Entertainment
2010-02-23 04:13:03 0 d-----w- c:\program files\Loaris
2010-02-23 02:29:02 209408 ---h--w- c:\windows\system32\svchost2.exe
2010-02-22 20:30:35 53248 ----a-w- c:\windows\system32\fwsvpn.dll
2010-02-22 18:50:25 0 d-----w- c:\program files\warcraft
2010-02-22 18:50:17 0 d-----w- c:\program files\Norton2
2010-02-22 00:33:07 0 d-----w- c:\docume~1\tonny\applic~1\Ambient Design
2010-02-19 00:29:44 41984 ---ha-w- c:\windows\system32\wexe.exe
2010-02-19 00:29:44 25600 ------w- c:\windows\system32\0035.DLL
2010-02-18 07:18:19 0 d-----w- c:\program files\Prototype
2010-02-16 23:39:21 0 d-----w- c:\docume~1\alluse~1\applic~1\PCPitstop
2010-02-16 23:39:20 0 d-----w- c:\program files\PCPitstop
2010-02-16 18:40:07 0 d-sh--w- c:\documents and settings\tonny\IECompatCache
2010-02-16 07:13:24 0 d-----w- c:\program files\GridinSoft Trojan Killer
2010-02-15 19:35:11 0 d-----w- c:\program files\SystemRequirementsLab
2010-02-14 04:05:31 0 d-----w- c:\docume~1\alluse~1\applic~1\DFX
2010-02-14 04:05:24 0 d-----w- c:\program files\common files\DFX
2010-02-14 01:08:18 0 d-----w- c:\program files\iPod
2010-02-14 01:08:06 0 d-----w- c:\program files\iTunes
2010-02-14 01:07:44 0 d-----w- c:\program files\Bonjour
2010-02-13 22:17:24 0 d-----w- c:\program files\Direct x 9
2010-02-13 21:32:30 0 d-----w- c:\docume~1\tonny\applic~1\Facebook
2010-02-13 06:40:48 0 d-----w- C:\Team17
2010-02-13 04:17:55 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-02-13 04:17:52 0 d-----w- c:\program files\MagicDisc
2010-02-12 23:50:18 0 d-----w- c:\program files\file folder
2010-02-12 00:53:25 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-02-12 00:53:21 0 d-----w- c:\program files\VS Revo Group
2010-02-12 00:34:41 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-02-12 00:31:19 0 d-----w- c:\program files\FilterGate
2010-02-11 00:23:50 0 d-----w- c:\program files\ghost
2010-02-11 00:13:43 0 ----a-w- c:\windows\PowerReg.dat
2010-02-09 00:03:01 25600 ----a-w- c:\windows\system32\0034.DLL
2010-02-06 03:47:25 0 d-----w- c:\program files\Direct x
2010-02-02 00:26:22 25600 ----a-w- c:\windows\system32\0033.DLL
2010-02-01 02:57:38 0 d-----w- c:\docume~1\tonny\applic~1\DAEMON Tools Lite
2010-02-01 02:57:12 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2010-02-01 02:47:01 0 d-----w- c:\docume~1\tonny\applic~1\DAEMON Tools Pro
2010-02-01 02:47:01 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2010-01-31 21:54:11 333184 -c----w- c:\windows\system32\dllcache\srv.sys
2010-01-31 21:54:01 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-31 21:53:58 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-01-31 19:25:55 0 d-----w- c:\program files\Veoh Networks
2010-01-30 07:20:49 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-01-30 07:15:22 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-30 07:14:46 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-01-30 07:14:42 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-01-30 07:07:50 0 d-----w- c:\windows\system32\PreInstall
2010-01-30 04:00:09 0 d-sh--w- c:\documents and settings\tonny\PrivacIE
2010-01-30 02:36:27 0 d-sh--w- c:\documents and settings\tonny\IETldCache
2010-01-30 02:33:17 0 d-----w- c:\windows\ie8updates
2010-01-30 02:31:55 0 dc-h--w- c:\windows\ie8
2010-01-30 02:28:55 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-30 02:28:52 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-30 02:28:52 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-30 02:28:51 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-30 02:28:51 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-30 02:28:49 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-30 02:28:42 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-30 00:30:36 25088 ----a-w- c:\windows\system32\0031.DLL
2010-01-29 19:14:54 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-29 18:50:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-29 18:36:49 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-29 18:18:56 0 d-----w- c:\docume~1\tonny\applic~1\Error Fix
2010-01-29 18:18:39 0 d-----w- c:\program files\Error Fix
2010-01-29 08:11:51 0 d--h--w- c:\windows\msdownld.tmp
2010-01-29 08:11:45 0 d-----w- c:\windows\Logs
2010-01-29 07:29:56 0 d-----w- c:\program files\Nero
2010-01-29 01:12:52 0 d-----w- c:\program files\RegCleaner
2010-01-28 22:11:57 91 ----a-w- c:\windows\wininit.ini
2010-01-28 21:24:46 0 d-----w- c:\windows\system32\appmgmt
2010-01-28 17:30:44 0 ---ha-w- c:\windows\system32\wupd.dat
2010-01-28 17:30:43 25088 ----a-w- c:\windows\system32\0030.DLL
2010-01-28 17:28:27 120 ----a-w- c:\windows\Dgatariveh.dat
2010-01-28 17:28:27 0 ----a-w- c:\windows\Vzoxad.bin
2010-01-28 17:26:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-28 17:26:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-28 17:26:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 17:24:47 6863 ----a-w- c:\windows\system32\WORK.DAT
2010-01-28 17:24:46 38656 ----a-w- c:\windows\wvaru27718.exe
2010-01-28 08:53:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-01-28 08:53:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-28 08:33:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Nero
2010-01-28 08:24:36 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-28 07:47:58 764868 -c----w- c:\windows\system32\dllcache\apph_sp.sdb
2010-01-28 07:47:58 217118 -c----w- c:\windows\system32\dllcache\apphelp.sdb
2010-01-28 07:47:58 1196000 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2010-01-28 07:47:38 0 d-----w- c:\program files\Windows Media Connect 2
2010-01-28 07:46:10 0 d-----w- c:\windows\system32\LogFiles
2010-01-28 07:34:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-28 07:31:26 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-28 07:31:26 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-01-28 07:30:41 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-28 07:29:31 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-01-28 07:29:31 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-01-28 07:24:47 0 d-----w- c:\windows\system32\wbem\AutoRecover
2010-01-28 07:15:47 0 d-----w- c:\windows\peernet
2010-01-28 07:15:46 0 d-----w- c:\windows\provisioning
2010-01-28 07:12:24 0 d-----w- c:\windows\ServicePackFiles
2010-01-28 07:07:25 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-01-28 07:05:37 0 d-----w- c:\windows\EHome
2010-01-28 06:59:07 11776 ------w- c:\windows\system32\spnpinst.exe
2010-01-28 06:59:06 7208 ------w- c:\windows\system32\secupd.sig
2010-01-28 06:59:06 4569 ------w- c:\windows\system32\secupd.dat
2010-01-28 06:35:56 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2010-01-28 06:35:56 145792 ----a-w- c:\windows\system32\drivers\portcls.sys

==================== Find3M ====================

2010-01-12 05:48:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-12 05:48:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 01:56:00 61952 ----a-w- c:\windows\system32\zqeb.exe
2009-12-16 01:55:53 61952 ----a-w- c:\windows\system32\vqlvok.exe
2009-12-16 01:55:38 61952 ----a-w- c:\windows\system32\pbty.exe
2009-12-16 01:55:15 61952 ----a-w- c:\windows\system32\iaebsnu.exe
2009-12-16 01:50:59 61952 ----a-w- c:\windows\system32\lvypa.exe
2009-12-16 01:46:09 25600 ----a-w- c:\windows\system32\routemon.exe
2009-12-16 01:32:59 72192 ----a-w- c:\windows\system32\taskkill.exe
2009-12-16 01:31:59 9216 ----a-w- c:\windows\system32\print.exe
2009-12-16 01:30:56 51712 ----a-w- c:\windows\system32\migpwd.exe
2009-12-16 01:25:43 61952 ----a-w- c:\windows\system32\dkpat.exe
2009-12-16 01:17:44 45568 ----a-w- c:\windows\system32\drwtsn32.exe
2009-12-16 00:56:38 61952 ----a-w- c:\windows\system32\iuniqh.exe
2009-12-16 00:51:44 61952 ----a-w- c:\windows\system32\ucxizln.exe
2009-12-15 23:45:03 21640 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 20:45:16.37 ===============


Report •

#3
February 26, 2010 at 21:10:17
NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/15/2009 3:50:00 PM
System Uptime: 2/26/2010 8:37:03 PM (1 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7125
Processor: AMD Athlon(tm) 64 Processor 3000+ | Socket 939 | 1809/201mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 128 GiB total, 101.034 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_10DE&DEV_005B&SUBSYS_71251462&REV_A3\3&2411E6FE&0&11
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_10DE&DEV_005B&SUBSYS_71251462&REV_A3\3&2411E6FE&0&11
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_10DE&DEV_0059&SUBSYS_75851462&REV_A2\3&2411E6FE&0&20
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_10DE&DEV_0059&SUBSYS_75851462&REV_A2\3&2411E6FE&0&20
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_1002&DEV_5E4F&SUBSYS_203617AF&REV_00\4&243D7BD0&0&0070
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_1002&DEV_5E4F&SUBSYS_203617AF&REV_00\4&243D7BD0&0&0070
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller
Device ID: PCI\VEN_1002&DEV_5E6F&SUBSYS_203717AF&REV_00\4&243D7BD0&0&0170
Manufacturer:
Name: Video Controller
PNP Device ID: PCI\VEN_1002&DEV_5E6F&SUBSYS_203717AF&REV_00\4&243D7BD0&0&0170
Service:

==== System Restore Points ===================

RP1: 2/26/2010 7:25:45 PM - System Checkpoint
RP2: 2/26/2010 7:26:07 PM - tonnyx

==== Installed Programs ======================

AAC Decoder
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.2
Adobe Shockwave Player 11.5
Advanced Tools
Advertising Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
BitTorrent
Bonjour
Creative System Information
DivX Codec
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
DolbyFiles
Facebook Plug-In
H.264 Decoder
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
ImagXpress
iTunes
Java Auto Updater
Java(TM) 6 Update 18
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Menu Templates - Starter Kit
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Movie Templates - Starter Kit
Mozilla Firefox (3.5.7)
Mozilla Firefox (3.5.8)
MSN Messenger 7.0
Nero 6 Ultra Edition
Nero 9
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
Norton AntiVirus 2003 Professional Edition
Norton WMI Update
NVIDIA Drivers
PowerISO
QuickTime
Revo Uninstaller Pro 2.1.0
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Sound Blaster Audigy 2
SoundTrax
Spybot - Search & Destroy
System Requirements Lab
Trojan Killer 2.0
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB930916)
Update for Windows XP (KB955759)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.16
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Webshots Desktop
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB890859
Windows XP Service Pack 2
WinRAR archiver

==== Event Viewer Messages From Past Week ========

2/26/2010 8:07:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/26/2010 10:24:42 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
2/24/2010 6:38:42 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
2/24/2010 6:15:29 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file mmsystem.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 0.103.3.10.
2/24/2010 6:15:28 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system\avifile.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 0.3000.4.90.
2/24/2010 6:15:28 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system\avicap.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 0.1.1.15.
2/24/2010 6:15:27 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system\winspool.drv. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
2/24/2010 6:15:27 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system\wfwnet.drv. This file was restored to the original version to maintain system stability. The file version of the system file is 0.103.3.10.
2/24/2010 6:15:27 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system\vga.drv. This file was restored to the original version to maintain system stability. The file version of the system file is 0.103.3.10.
2/24/2010 6:15:27 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system\ver.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 0.103.3.10.
2/24/2010 6:15:27 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system\timer.drv. This file was restored to the original version to maintain system stability. The file version of the system file is 0.103.3.10.
2/24/2010 6:15:27 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system\tapi.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 0.103.3.10.
2/24/2010 6:15:27 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system\system.drv. This file was restored to the original version to maintain system stability. The file version of the system file is 0.103.3.10.
2/24/2010 6:15:27 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system\stdole.tlb. This file was restored to the original version to maintain system stability. The file version of the system file is 3029.1.2.10.
2/24/2010 6:15:27 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system\sound.drv. This file was restored to the original version to maintain system stability. The file version of the system file is 0.103.3.10.
2/24/2010 6:15:27 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system\shell.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 0.103.3.10.
2/24/2010 6:15:27 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system\olesvr.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 0.0.3.10.
2/24/2010 6:15:26 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system\olecli.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 0.0.3.10.
2/24/2010 6:15:26 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system\msvideo.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 0.1.1.15.
2/24/2010 6:15:26 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system\mouse.drv. This file was restored to the original version to maintain system stability. The file version of the system file is 0.103.3.10.
2/24/2010 6:15:26 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system\mmtask.tsk. This file was restored to the original version to maintain system stability. The file version of the system file is 0.103.3.10.
2/24/2010 6:15:25 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system\mciwave.drv. This file was restored to the original version to maintain system stability. The file version of the system file is 0.103.3.10.
2/24/2010 6:15:25 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system\mciseq.drv. This file was restored to the original version to maintain system stability. The file version of the system file is 0.103.3.10.
2/24/2010 6:15:25 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system\mciavi.drv. This file was restored to the original version to maintain system stability. The file version of the system file is 0.1.1.15.
2/24/2010 6:15:25 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system\lzexpand.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 0.103.3.10.
2/24/2010 6:15:25 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system\keyboard.drv. This file was restored to the original version to maintain system stability. The file version of the system file is 0.103.3.10.
2/24/2010 6:15:25 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system\commdlg.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 0.103.3.10.
2/22/2010 5:10:37 PM, error: Service Control Manager [7034] - The Sygate Personal Firewall Pro service terminated unexpectedly. It has done this 2 time(s).
2/22/2010 5:09:58 PM, information: Windows File Protection [64005] - The protected system file control.exe was not restored to its original, valid version because the Windows File Protection restoration process was cancelled by user interaction, user name is tonny. The file version of the bad file is 5.1.2600.0.
2/22/2010 5:09:08 PM, error: Service Control Manager [7034] - The Sygate Personal Firewall Pro service terminated unexpectedly. It has done this 1 time(s).
2/22/2010 12:41:48 PM, error: Service Control Manager [7034] - The Sygate Personal Firewall Pro service terminated unexpectedly. It has done this 3 time(s).

==== End Of File ===========================


Report •

Related Solutions

#4
February 26, 2010 at 21:42:33
i run malwareebytes anty malware but infostelar still there.

Report •

#5
February 26, 2010 at 21:57:36
Malwarebytes will only remove parts of it as will most other tools as ifostealer is a very bad spyware program. Please post the results of the Malwarebytes scan then run the next program, Combofix, then post its log.

Please download Combofix with internet explorer rather that any other browser that you may have if possible.

Remember..your Nortons antivirus, Windows Defender, and Ad-Aware must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from the following link:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#6
February 26, 2010 at 22:23:06
will conbo fix my problem i have hear that its not that good of a program because you need to be very good with computers in order to fix use it.

Report •

#7
February 26, 2010 at 22:37:02
If you follow the directions in my last post you should have no problems with Combofix.

It is like all the other programs, it only removes what has be programed into it so it may not find all the bad files,,,that is my job to see if files are missed and help you remove them. But it is entirely up to you to use the program.

It is time for me to call it a night, I will be back online tomorrow.


Report •

#8
February 26, 2010 at 23:14:54
thansk

Report •

#9
February 28, 2010 at 15:19:37

ComboFix 10-02-27.04 - tonny 02/28/2010 14:19:52.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.524 [GMT -8:00]
Running from: c:\documents and settings\tonny\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {B5510F6F-87E1-47F7-A411-360BC453007C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\tonny\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\tonny\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\tonny\Local Settings\Application Data\{B59CB0A9-8657-42E5-8032-03C6636C182D}
c:\documents and settings\tonny\Local Settings\Application Data\{B59CB0A9-8657-42E5-8032-03C6636C182D}\chrome.manifest
c:\documents and settings\tonny\Local Settings\Application Data\{B59CB0A9-8657-42E5-8032-03C6636C182D}\chrome\content\_cfg.js
c:\documents and settings\tonny\Local Settings\Application Data\{B59CB0A9-8657-42E5-8032-03C6636C182D}\chrome\content\overlay.xul
c:\documents and settings\tonny\Local Settings\Application Data\{B59CB0A9-8657-42E5-8032-03C6636C182D}\install.rdf
c:\documents and settings\tonny\Start Menu\Programs\Startup\MagicDisc.lnk
c:\program files\Antivirus
c:\recycler\S-1-5-21-1205268604-1058200507-185623928-5390
c:\recycler\S-1-5-21-2773475152-0833457400-172114173-1519
c:\recycler\S-1-5-21-5496679760-4087774647-085693647-8485
c:\recycler\S-1-5-21-7673207732-1838465144-205873375-8201
c:\recycler\S-1-5-21-8847155915-2676581576-266533375-1292
c:\recycler\S-1-5-21-9459965055-3684272399-616483762-1946
c:\recycler\S-1-5-21-9850849400-3729537890-458442369-9373
c:\windows\system32\0030.DLL
c:\windows\system32\0031.DLL
c:\windows\system32\0033.DLL
c:\windows\system32\0034.DLL
c:\windows\system32\0035.DLL
c:\windows\system32\svchost2.exe
c:\windows\system32\WORK.DAT
c:\windows\system32\wupd.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSDRV32


((((((((((((((((((((((((( Files Created from 2010-01-28 to 2010-02-28 )))))))))))))))))))))))))))))))
.

2010-02-28 05:51 . 2010-02-28 05:51 -------- d-----w- C:\NV17441124.TMP
2010-02-28 05:51 . 2010-02-28 05:51 -------- d-----w- C:\NV24842392.TMP
2010-02-28 05:51 . 2010-02-28 05:51 -------- d-----w- C:\NV1520296.TMP
2010-02-28 05:51 . 2010-02-28 05:51 -------- d-----w- C:\NV3444264.TMP
2010-02-28 05:39 . 2010-02-28 05:39 -------- d-----w- c:\program files\ATI Technologies
2010-02-28 05:37 . 2010-02-28 05:37 -------- d-----w- C:\ATI
2010-02-28 05:05 . 2010-02-28 05:05 -------- d-----w- C:\NVIDIA
2010-02-28 05:03 . 2010-02-28 05:03 -------- d-----w- c:\program files\New Folder
2010-02-27 08:06 . 2006-06-19 21:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-02-27 08:06 . 2006-05-25 23:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-02-27 08:06 . 2005-08-26 09:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-02-27 08:06 . 2003-02-03 04:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-02-27 08:06 . 2002-03-06 09:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-02-27 08:05 . 2010-02-27 08:07 -------- d-----w- c:\documents and settings\tonny\Application Data\Simply Super Software
2010-02-27 08:05 . 2010-02-27 08:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-02-26 23:22 . 2010-02-26 23:22 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Symantec
2010-02-26 23:19 . 2010-02-26 23:19 32 --sha-w- c:\windows\system32\{12FD4263-E478-47FC-9694-A07DC05AD7AF}.dat
2010-02-26 23:19 . 2010-02-26 23:19 32 --sha-w- c:\windows\{BEBDDBD4-71CB-4194-9DBE-ED4D5E40C820}.dat
2010-02-26 23:19 . 2010-02-26 23:19 14 ----a-w- c:\windows\system32\SR2.dat
2010-02-26 23:19 . 2002-08-14 14:03 34578 ----a-w- c:\windows\system32\drivers\NPDRIVER.SYS
2010-02-26 23:18 . 2002-08-16 03:59 83672 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-02-26 23:18 . 2002-08-16 03:59 73224 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-25 05:42 . 2010-02-28 06:09 -------- d-----w- C:\DeusEx
2010-02-25 00:53 . 2010-02-25 00:53 -------- d-----w- c:\program files\Deux Ex
2010-02-24 23:59 . 2010-02-25 00:00 -------- d-----w- c:\windows\system32\Adobe
2010-02-24 21:56 . 2010-02-24 21:56 -------- d-----w- c:\program files\PowerISO
2010-02-23 08:23 . 2010-02-24 08:07 -------- d-----w- C:\Downloads
2010-02-23 06:43 . 2010-02-23 06:43 -------- d-----w- c:\program files\Red Storm Entertainment
2010-02-23 04:13 . 2010-02-23 05:09 -------- d-----w- c:\program files\Loaris
2010-02-23 03:37 . 2010-02-23 03:37 -------- d-----w- c:\documents and settings\tonny\Local Settings\Application Data\Readon_Technology
2010-02-22 20:30 . 2002-09-11 17:04 53248 ----a-w- c:\windows\system32\fwsvpn.dll
2010-02-22 18:50 . 2010-02-22 19:07 -------- d-----w- c:\program files\warcraft
2010-02-22 18:50 . 2010-02-27 00:58 -------- d-----w- c:\program files\Norton2
2010-02-22 00:33 . 2010-02-22 00:33 -------- d-----w- c:\documents and settings\tonny\Application Data\Ambient Design
2010-02-20 23:31 . 2010-02-21 01:56 -------- d-----w- c:\program files\7-Zip
2010-02-18 07:18 . 2010-02-18 07:18 -------- d-----w- c:\program files\Prototype
2010-02-16 23:39 . 2010-02-16 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-02-16 23:39 . 2010-02-16 23:40 -------- d-----w- c:\program files\PCPitstop
2010-02-16 18:40 . 2010-02-16 18:40 -------- d-sh--w- c:\documents and settings\tonny\IECompatCache
2010-02-16 07:13 . 2010-02-16 23:02 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2010-02-15 19:35 . 2010-02-15 19:35 -------- d-----w- c:\program files\SystemRequirementsLab
2010-02-14 04:06 . 2010-02-14 04:06 -------- d-----w- c:\documents and settings\tonny\Local Settings\Application Data\DFX
2010-02-14 04:05 . 2010-02-14 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\DFX
2010-02-14 04:05 . 2010-02-14 04:05 -------- d-----w- c:\program files\Common Files\DFX
2010-02-14 01:08 . 2010-02-14 01:08 -------- d-----w- c:\program files\iPod
2010-02-14 01:08 . 2010-02-14 01:09 -------- d-----w- c:\program files\iTunes
2010-02-14 01:07 . 2010-02-14 01:07 -------- d-----w- c:\program files\Bonjour
2010-02-13 22:17 . 2010-02-13 22:18 -------- d-----w- c:\program files\Direct x 9
2010-02-13 21:32 . 2010-02-13 21:32 50354 ----a-w- c:\documents and settings\tonny\Application Data\Facebook\uninstall.exe
2010-02-13 21:32 . 2010-02-13 21:32 -------- d-----w- c:\documents and settings\tonny\Application Data\Facebook
2010-02-13 06:40 . 2010-02-13 07:01 -------- d-----w- C:\Team17
2010-02-13 04:17 . 2009-02-25 02:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-02-13 04:17 . 2010-02-22 21:01 -------- d-----w- c:\program files\MagicDisc
2010-02-12 23:50 . 2010-02-12 23:52 -------- d-----w- c:\program files\file folder
2010-02-12 00:53 . 2009-12-30 19:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-02-12 00:53 . 2010-02-12 00:53 -------- d-----w- c:\program files\VS Revo Group
2010-02-12 00:34 . 2010-02-12 00:34 2560 ----a-w- c:\windows\_MSRSTRT.exe
2010-02-12 00:31 . 2010-02-12 00:36 -------- d-----w- c:\program files\FilterGate
2010-02-11 00:23 . 2010-02-11 00:23 -------- d-----w- c:\program files\ghost
2010-02-11 00:13 . 2010-02-11 00:13 0 ----a-w- c:\windows\PowerReg.dat
2010-02-08 20:33 . 2010-02-08 20:33 -------- d-----w- c:\documents and settings\tonny\Local Settings\Application Data\VS Revo Group
2010-02-06 03:47 . 2010-02-28 05:05 -------- d-----w- c:\program files\Direct x
2010-02-02 05:12 . 2010-02-02 05:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\tonny\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\tonny\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-02-01 02:57 . 2010-02-01 02:57 -------- d-----w- c:\documents and settings\tonny\Application Data\DAEMON Tools Lite
2010-02-01 02:57 . 2010-02-01 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-02-01 02:47 . 2010-02-01 02:47 -------- d-----w- c:\documents and settings\tonny\Application Data\DAEMON Tools Pro
2010-02-01 02:47 . 2010-02-01 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-01-31 21:54 . 2008-12-11 11:57 333184 -c----w- c:\windows\system32\dllcache\srv.sys
2010-01-31 21:54 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-31 21:53 . 2008-09-04 16:42 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-01-31 19:25 . 2010-01-31 19:25 -------- d-----w- c:\program files\Veoh Networks
2010-01-30 07:20 . 2004-08-04 07:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-01-30 07:15 . 2009-11-21 16:36 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-30 07:14 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-01-30 04:00 . 2010-01-30 04:00 -------- d-sh--w- c:\documents and settings\tonny\PrivacIE
2010-01-30 02:36 . 2010-01-30 02:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-30 02:36 . 2010-01-30 02:36 -------- d-sh--w- c:\documents and settings\tonny\IETldCache
2010-01-30 02:33 . 2010-01-30 02:33 -------- d-----w- c:\windows\ie8updates
2010-01-30 02:31 . 2010-01-30 02:32 -------- dc-h--w- c:\windows\ie8
2010-01-30 02:28 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-30 02:28 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-30 02:28 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-30 02:28 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-30 02:28 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-30 02:28 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-30 02:28 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 22:32 . 2009-12-16 00:25 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-28 06:43 . 2010-01-28 07:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-28 05:39 . 2009-12-16 02:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-28 04:36 . 2009-12-24 20:45 -------- d-----w- c:\documents and settings\tonny\Application Data\BitTorrent
2010-02-26 23:18 . 2009-12-16 00:25 -------- d-----w- c:\program files\Symantec
2010-02-26 23:18 . 2009-12-16 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-26 23:11 . 2009-12-16 00:25 -------- d-----w- c:\program files\Norton AntiVirus
2010-02-22 07:25 . 2009-12-18 18:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-16 22:18 . 2010-01-29 18:18 -------- d-----w- c:\program files\Error Fix
2010-02-14 01:08 . 2010-01-28 07:28 -------- d-----w- c:\program files\Common Files\Apple
2010-02-14 00:42 . 2010-01-28 01:37 -------- d-----w- c:\documents and settings\tonny\Application Data\DivX
2010-02-14 00:40 . 2010-01-27 07:54 -------- d-----w- c:\program files\DivX
2010-02-14 00:39 . 2010-01-27 07:54 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-12 00:43 . 2009-12-26 21:46 -------- d-----w- c:\documents and settings\tonny\Application Data\FUJIFILM
2010-02-05 00:42 . 2010-01-29 18:47 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-05 00:42 . 2010-01-29 18:39 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-05 00:42 . 2010-01-29 18:38 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-05 00:42 . 2010-01-29 18:37 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-02 05:12 . 2010-01-28 07:29 -------- d-----w- c:\program files\Apple Software Update
2010-01-29 18:48 . 2010-01-29 18:48 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-29 18:48 . 2010-01-29 19:14 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-29 18:48 . 2010-01-29 18:48 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-29 18:48 . 2010-01-29 18:48 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-29 18:48 . 2010-01-29 18:48 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-29 18:48 . 2010-01-29 18:47 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-29 18:47 . 2010-01-29 18:47 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-29 18:47 . 2010-01-29 18:47 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-29 18:41 . 2010-01-29 18:41 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-29 18:41 . 2010-01-29 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-29 18:41 . 2010-01-29 18:40 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-01-29 18:40 . 2010-01-29 18:40 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-01-29 18:40 . 2010-01-29 18:39 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-29 18:39 . 2010-01-29 18:38 816784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-29 18:38 . 2010-01-29 18:38 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-29 18:38 . 2010-01-29 18:37 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-29 18:36 . 2010-01-29 18:36 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-29 18:29 . 2010-01-29 18:18 -------- d-----w- c:\documents and settings\tonny\Application Data\Error Fix
2010-01-29 17:40 . 2010-01-29 17:40 61440 ----a-w- c:\documents and settings\tonny\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ef4fb77-n\decora-sse.dll
2010-01-29 17:40 . 2010-01-29 17:40 503808 ----a-w- c:\documents and settings\tonny\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-79f8dbb9-n\msvcp71.dll
2010-01-29 17:40 . 2010-01-29 17:40 499712 ----a-w- c:\documents and settings\tonny\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-79f8dbb9-n\jmc.dll
2010-01-29 17:40 . 2010-01-29 17:40 348160 ----a-w- c:\documents and settings\tonny\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-79f8dbb9-n\msvcr71.dll
2010-01-29 17:40 . 2010-01-29 17:40 12800 ----a-w- c:\documents and settings\tonny\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ef4fb77-n\decora-d3d.dll
2010-01-29 08:05 . 2010-01-28 08:36 -------- d-----w- c:\documents and settings\tonny\Application Data\Nero
2010-01-29 07:45 . 2010-01-28 08:33 -------- d-----w- c:\program files\Common Files\Nero
2010-01-29 07:44 . 2010-01-29 07:29 -------- d-----w- c:\program files\Nero
2010-01-29 07:33 . 2010-01-28 08:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-01-29 01:14 . 2010-01-29 01:12 -------- d-----w- c:\program files\RegCleaner
2010-01-28 21:39 . 2010-01-28 17:28 120 ----a-w- c:\windows\Dgatariveh.dat
2010-01-28 21:10 . 2010-01-24 20:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-28 19:04 . 2010-01-28 17:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 19:04 . 2010-01-28 19:04 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-28 17:28 . 2010-01-28 17:28 0 ----a-w- c:\windows\Vzoxad.bin
2010-01-28 17:24 . 2010-01-28 17:24 38656 ----a-w- c:\windows\wvaru27718.exe
2010-01-28 08:53 . 2010-01-28 08:53 -------- d-----w- c:\program files\Common Files\Java
2010-01-28 08:53 . 2010-01-28 08:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-28 08:53 . 2010-01-28 08:53 -------- d-----w- c:\program files\Java
2010-01-28 08:24 . 2010-01-28 08:24 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-28 07:47 . 2010-01-28 07:47 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-28 07:34 . 2010-01-28 07:31 -------- d-----w- c:\documents and settings\tonny\Application Data\Apple Computer
2010-01-28 07:31 . 2010-01-28 07:30 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-28 07:30 . 2010-01-28 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-28 07:30 . 2010-01-28 07:29 -------- d-----w- c:\program files\QuickTime
2010-01-28 07:28 . 2010-01-28 07:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-28 07:25 . 2010-01-28 07:25 13104 ----a-w- c:\documents and settings\tonny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-28 07:18 . 2009-12-15 23:47 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-01-28 03:29 . 2010-01-28 03:28 -------- d-----w- c:\program files\Password Protect
2010-01-24 20:59 . 2010-01-24 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-24 20:57 . 2010-01-24 20:57 -------- d-----w- c:\documents and settings\tonny\Application Data\Webshots
2010-01-24 20:57 . 2010-01-24 20:57 -------- d-----w- c:\program files\Webshots
2010-01-24 20:57 . 2010-01-24 20:57 -------- d-----w- c:\documents and settings\tonny\Application Data\AGI
2010-01-24 20:57 . 2010-01-24 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\agi
2010-01-24 20:56 . 2010-01-24 20:56 -------- d-----w- c:\program files\AGI
2010-01-23 03:51 . 2010-01-23 03:51 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-22 01:48 . 2010-01-22 01:48 -------- d-----w- c:\program files\Ahead
2010-01-22 01:48 . 2010-01-22 01:48 -------- d-----w- c:\program files\Common Files\Ahead
2010-01-12 05:48 . 2010-01-12 05:48 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-12 05:48 . 2010-01-12 05:48 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-08 00:07 . 2010-01-28 17:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07 . 2010-01-28 17:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 19:14 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 04:04 . 2009-12-16 04:04 0 ----a-w- c:\windows\nsreg.dat
2009-12-16 01:56 . 2009-12-16 01:49 61952 ----a-w- c:\windows\system32\zqeb.exe
2009-12-16 01:55 . 2009-12-16 01:50 61952 ----a-w- c:\windows\system32\vqlvok.exe
2009-12-16 01:55 . 2009-12-16 01:49 61952 ----a-w- c:\windows\system32\pbty.exe
2009-12-16 01:55 . 2009-12-16 01:49 61952 ----a-w- c:\windows\system32\iaebsnu.exe
2009-12-16 01:50 . 2009-12-16 01:50 61952 ----a-w- c:\windows\system32\lvypa.exe
2009-12-16 01:46 . 2001-08-23 12:00 25600 ----a-w- c:\windows\system32\routemon.exe
2009-12-16 01:32 . 2009-12-16 00:35 61952 ----a-w- c:\windows\system32\szvedldu.exe
2009-12-16 01:31 . 2001-08-23 12:00 9216 ----a-w- c:\windows\system32\print.exe
2009-12-16 01:30 . 2001-08-23 12:00 51712 ----a-w- c:\windows\system32\migpwd.exe
2009-12-16 01:25 . 2009-12-16 00:31 61952 ----a-w- c:\windows\system32\dkpat.exe
2009-12-16 01:24 . 2009-12-15 23:45 35328 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\notiflag.exe
2009-12-16 01:24 . 2009-12-15 23:45 99840 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\HelpHost.exe
2009-12-16 01:17 . 2001-08-23 12:00 45568 ----a-w- c:\windows\system32\drwtsn32.exe
2009-12-16 01:10 . 2009-12-16 01:10 124 ----a-w- c:\windows\system32\zpglh.bat
2009-12-16 01:01 . 2009-12-16 01:01 120 ----a-w- c:\windows\system32\mkloqht.bat
2009-12-16 00:56 . 2009-12-16 00:56 61952 ----a-w- c:\windows\system32\iuniqh.exe
2009-12-16 00:53 . 2009-12-16 00:53 125 ----a-w- c:\windows\system32\fmkrbd.bat
2009-12-16 00:51 . 2009-12-16 00:51 61952 ----a-w- c:\windows\system32\ucxizln.exe
2009-12-16 00:51 . 2009-12-16 00:51 122 ----a-w- c:\windows\system32\rzkdpd.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2005-09-23 270848]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2005-09-23 15:28 270848 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.exe" [2009-12-16 6856704]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.exe" [2003-06-18 45056]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-04 45056]
"UpdReg"="c:\windows\UpdReg.exe" [2000-05-11 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.exe" [2009-11-09 180224]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2002-08-20 50880]
"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-20 34504]
"Advanced Tools Check"="c:\progra~1\Norton2\AdvTools\ADVCHK.exe" [2002-08-27 79480]

c:\documents and settings\tonny\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\3.1.5.7617\Launcher.exe [2010-1-24 157088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-2-21 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"RestrictCpl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"RestrictCpl"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\LuComServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/29/2010 10:50 AM 64288]
R2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.2.0.10752\AGCoreService.exe [1/24/2010 12:56 PM 20480]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 5:19 AM 1181328]
R2 NProtectService;Norton Unerase Protection;c:\program files\Norton2\AdvTools\NPROTECT.exe [2/26/2010 3:19 PM 135168]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/11/2010 4:53 PM 27064]
.
Contents of the 'Scheduled Tasks' folder

2010-02-28 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:42]

2010-02-28 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:42]

2010-02-28 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:42]

2010-02-28 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:42]

2010-02-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:42]

2010-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-02-28 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.exe [2009-12-16 17:04]

2010-02-28 c:\windows\Tasks\User_Feed_Synchronization-{B439E313-7835-4E0B-913F-4EB512113388}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\tonny\Application Data\Mozilla\Firefox\Profiles\3hjvjimu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\documents and settings\tonny\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ATIModeChange - Ati2mdxx.exe
SafeBoot-lsass
MSConfigStartUp-Hfoxepajonatuq - c:\windows\ofiroyokaxuwe.dll
AddRemove-HijackThis - c:\documents and settings\tonny\Desktop\HijackThis.exe


**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-28 14:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3724)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton2\navapsvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\progra~1\Webshots\315~1.761\webshots.scr
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-02-28 14:39:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-28 22:39

Pre-Run: 103,323,480,064 bytes free
Post-Run: 107,707,301,888 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 786AD8CD2C25D476BFBA49DDF6AE52F9


Report •


Ask Question