Thread: flec006, srosa & co.
View Single Post
Old 05-15-2008, 01:44 AM   #1 (permalink)
Gemon
Registered User
 
Join Date: May 2008
Posts: 22
OS: XP Pro SP2


flec006, srosa & co.
Hi,

my laptop started acting weird yesterday. My sound cut out, the antivirus (mcafee) disappeared and the cpu was running mostly at 100%. Plus, there was no way to restart it in safe mode (XP Pro SP2). After a while I managed to run Combofix and HijackThis. The situation at the moment is the following:

ComboFix 08-05-12.1 - nlusr01472 2008-05-15 8:38:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.742 [GMT 2:00]
Running from: C:\Documents and Settings\nlusr01472\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\nlusr01472\Application Data\m
C:\Documents and Settings\nlusr01472\Application Data\m\data.oct
C:\Documents and Settings\nlusr01472\Application Data\m\flec006.exe
C:\Documents and Settings\nlusr01472\Application Data\m\list.oct
C:\Documents and Settings\nlusr01472\Application Data\m\shared
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Accelerate_Video_to_Zune_Converter_3.7_[With_Crack].zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Access_Controller_3.1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Actual_Checkers_2000_R_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Ad-Aware_SE_HexDump_Plug-in_1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Advanced_Email_Extractor_2.86.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Advanced_Emailer_3.25.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\AJ_Screensaver_Maker_Professional_2.01.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Altdo_DVD_to_iPod_Ripper_1.2_[Patch].zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Article_Cash_1.0_Key+Serial.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\ASP.NET_Upload_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\AudioCommander_3.1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Auto_Push_My_Buttons_2.1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\AVAST.PRO.PORTUGUÊS.+.SERIALS.+.keygens.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\AVG.Anti-Spyware.Plus.7.5.0.50.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\AVI_Splitter_1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Backup_To_EMail_1.3.1.b12.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Bananas_In_Space_1.4.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Battlefield_Vietnam_Operation_Starlight_map.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Calendar_Creator_12.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Capture_WebCam_2.03_(With_Crack).zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\CM_reporter_2.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Complete_PC_Care_10.0_Crack.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Comtekk_Tone_Generator_1.05.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Connect-pc!_2.01.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\CRC-32_Static_Library_for_Microsoft_VC++_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Custom_Splash_Installer_2.2.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\DBF_Doctor_1.68_Build_54.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\dsMD5_1.02.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\DVD_Copy_Machine_2.1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\eAssistant_3.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Ebay_Typo_Auction_Locator_3.9.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Email_Backup_Guardian_1.1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Evidence_Wiper_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\ExeShield_Deluxe_1.4.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\F-22_Raptor_Screen_Saver_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\FA_Premiere_League_Stars_1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\febooti_fileTweak_Hash_&_CRC_2.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Fix_My_Inbox_1.8_build_575.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Flower_Screensaver_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Gadget_Explorer_Bar_1.0.0.40.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Gmail_Explorer_1.1.1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\GreatCirc_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\GridPrint_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Groovy_Hex_Editor_1.6.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Guitar_Chords_Library_5.7.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Handy_Outlook_Tools_1.0.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\HidesFiles_1.3.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Highlighter_0.1.4.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Ident_Server_1.16.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\IMC_Messenger_1.0.4.2.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\info.xhead_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Internet_Speedster_2.0_[Key+Serial].zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\iRemotePC_1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\JobCost_Controller_for_Excel_3.01_(Cracked).zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\JStock_0.9.1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Kaspersky.Anti-Virus.6.0.1.411.serial.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Kaspersky.Personal.Pro.-.Licence.01-01-2009.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\KeyState_1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Landformer_Pro_2.1.1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\LEAD_H.264_Video_Codec_(Key).zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Lead_Maverick_1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Lokad_OpenShell_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\M_Exe_Editor_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Mail_Monitor_1.17_beta.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Markosoft_TimeClock_3.1_(Serial).zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\microOLAP_Database_Designer_for_PostgreSQL_1.2.1a_(Patch).zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\MITCalc_-_V-Belts_Calculation_1.15_(KeyGen).zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\MITCalc3D_for_Autodesk_Inventor_1.40_(KeyGen).zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\MobiSystems_OfficeSuite_(Symbian_Series_60)_2.1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Mouse_Locator_1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Mozart_9.2.1.2_With_Crack.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Nail_Gun_Thumbnail_Picture_Creator_2.3.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\NCTImageStudio_ActiveX_DLLs_1.9.3.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\NetScream_1.8.13.2007a.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Network_Console_7.10.156_With_Crack.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\NOD32.2.51.30.ITA.+.CRACK.by.PIPPOINZAGHISANTOSUBITO.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Nod32.Antivirus.System.v2.70.16.For.Windows.Nt.2000.2003.Xp.Vista.x64-Final.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Nod32.v2.50.36.ITA.+.FiX.v1.9.Rel.by.Sabba81.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\NutriGenie_Omega_3_Counter_3.4_Serial.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Office_Organizer_4.8.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Pathways_Planner_3.3.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\PC_Video_Conference_4.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Personal_Time_Manager_Professional_1.9.2.1115.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Pic-a-POD_1.0.3.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Points_Import_for_IntelliCAD_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Prevx1.PC.Security.crack.[SCRiPTMAFiA].Working.Nov2005.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\ProRhythm_1.33.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\PwdDoubleCheck_1.0.1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\rc4wa_2.6.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\ReachPlus_Alerts_4.0_With_Crack.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Rottweiler_Screensaver_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\RSS.DealNews_0.1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\SasCam_Webcam_Server_2.6.5.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Schedule_Wizard_4.04_build_4041.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Secure_Image_Lite_2.1_[Key].zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Sexy_Ladies_Ca-Cl_Screensaver_3.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Shareview_Professional_4.7_Crack.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Simple_Date_and_Time_1.66.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\SmartGesture_Lite_1.1.1.31.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Spam_Blackout_1.5.0.27.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Stealth_Combat_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Super.crack.NOD32.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Super_Popup_Blocker_Pro_4.1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\SwitchResX_3.7.4.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Symantec.Norton.Ghost.10.0.En.Español.y.Activacion.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\TaskLog_1.2.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\The_Elder_Scrolls_III_Morrowind_Faces_Compilation_mod.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\The_Family_Tree_of_Family_8_build_061006.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\TimeCEO_2.0_(Cracked).zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\TimeLeft_3.23.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\True_Eraser_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Twin_Folders_3.0_(Key).zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Virtual_Hymnal_2.01.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Voicent_Agent_Dialer_5.2.1_(Cracked).zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Webcam_Saver_1.3_Key+Serial.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Wild_Horses_3D_1_KeyGen.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\WinCHM_3.2.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Window_Master_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\WinLicense_1.9.0.0_[KeyGen].zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\WinSQL_Lite_5.5.60.568.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\WiSSH_Standard_Edition_2.79_Build_00.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\WMV_To_WMA_Converter_1.00_(Patch).zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Xolox_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Zoho_Virtual_Office_3_build_3010_Cracked.zip
C:\Documents and Settings\nlusr01472\Application Data\m\srvlist.oct
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\nlusr01472\Application Data\m\data.oct
C:\Documents and Settings\nlusr01472\Application Data\m\list.oct
C:\Documents and Settings\nlusr01472\Application Data\m\shared
C:\Documents and Settings\nlusr01472\Application Data\m\shared\1-More_PhotoManager_1.20_Key.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\12Ghosts_Robo_8.11_With_Crack.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\3D_Dancing_Chocolate_Kisses_1.0_Serial.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Accent_Composer_1.09k_(With_Crack).zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Account_Lockout_Examiner_2.1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\ActiveX_Instrument_Extension_Components_1.000_(KeyGen).zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Address4U_2.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Age_of_Mythology_The_Titans_Olympian_Clans_map.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Air_Messenger_LAN_Server_6.7.6_Key.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Airport_Status_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Anime_News_Network_2.1.2.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Aplus_Video_to_Pocket_PC_3.18.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Apollo_Pro_3.0.3_Crack.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Apple_Security_Update_for_Mac_OS_X_10.3.4_2004-08-09.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Ashampoo_Movie_Shrink_&_Burn_2_2.21_(KeyGen).zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Atelier_Web_Remote_Commander_6.1_[Key].zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\AttributeSuite_1.0_Patch.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Autocad_Tools_2005_9.5.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\AutoHide_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Auvisoft_CD_Ripper_1.50.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Avast.Professional.Edition.v4.1.418.Incl.Keymaker.WORKING.READ.NFO-AGAiN.[LinkoManija].zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\BBSMonitor_3.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\BibleReader_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\BitByBit_1.2.0.34.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Breme_Address_Book_2.6.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Bt_Watcher_Pro_1.2.1_With_Crack.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Bulk_Link_Popularity_Analyzer_1.23.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\CafeMan_1.5.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Call_Accounting_Mate_2.6.1.98.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Card_Reader_1.04.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Chrysanth_Inventory_Manager_2001_(Public_Edition)_3.00_Crack.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\ClickYes_Pro_2.5.9.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Crack.Norton.Antivirus.-.Extiende.La.Fecha.De.Renovacion.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\CutiePie_Free_ClipArt_Graphics_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Dazzling_Events_1.7.3.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Desktop_Dreamscapes_1.0_(With_Crack).zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\DiskTriage_8.1.5.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Download3k_search_plugin_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Dr.Web.AntiVirus.v4.33.FR-Incl-Key.par.eMule-Paradise.com.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Drilling_Billy.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Dropball_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Dropcloth_0.3.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Email_Password_Recovery_Wizard_1.1.1_(With_Crack).zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\EMS_SQL_Manager_2005_for_PostgreSQL_3.7.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Excel_Extract_Data_&_Emails_Software_7.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\EZ_Backup_IncrediMail_Pro_4.7.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\FileVan_for_DOS_2.60.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Flowers_Pack_2.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Folderprint_Assistant_1.0_(Key).zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\FontsOnCD_0.9.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Free_Barbie_Wallpaper_1_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Free_MSN_Emoticons_Pack_3_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Galerie_3.4.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\GCS_DayCare_9.0_Key+Serial.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Get_Anonymous_1.2.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\GradeBook_For_Windows_2.5.1.1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\HaHa_Mobile_Ringtones--Polyphonic_and_Realtone_Creator_3.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Half-Life_CPU_Frenzy_Map.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\HDOB_1.01.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\High_Road_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Home_Mortgage_Refinance_Calculator_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\HTTP-Tunnel_NG_3.3.1784.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Kaspersky.Antivirus.v6.0.2.614.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Kicking_&_Screaming_Screensaver.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Kikoz_Bookmarks_Pro_2.0.6.8.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\KILLTHESPYWARE_9.3.0.10_With_Crack.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Learn_To_Speak_German_3.2_(Patch).zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\LingvoSoft_English-Azerbaijani_Talking_Dictionary_3.1.41.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\LingvoSoft_Suite_2007_English_-_Hungarian_2.0.23.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Link_Advisor_1.0.0.35_[Key+Serial].zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Link_Exchange_Manager_1.26_Crack.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Look_'Trojan'_Stop_2007_Build_703688_(Key).zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\ManageMore_Simple_Start_Edition_6.0_Serial.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Mars_Notebook_1.41.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\NetLimiter_2_Lite_2.0.10.1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\NikSaver_1.6.2_build_192.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Nokia.F-Secure.Antivirus.2005(6630).zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\PC_On_Point_3.9.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\PDF_Printer_Driver_and_Batch_Converter_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\PestPatrol_4.4.4.81.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Photo_Recovery_Wizard.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\PictureNook_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Plato_DVD_to_PSP_Converter_6.72_KeyGen.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\PowerTCP_Sockets_for_.NET_1.0.4.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Project_Center_2005_1.2.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\QuizMaker_Pro_6.1.1_[Patch].zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Rad_FTP_Applet_1.51.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Red_Orchestra_mod_(Unreal_Tournament_2003)_v1.1_to_v1.2_patch.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\RegCell_1.1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Return_to_Castle_Wolfenstein_Wild_West_mod.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Robot-Manager_3.1_Patch.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\ScalePhobia_1.2.2.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\She_1.05_[Serial].zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Sidebar_Icons_0.6.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Simnor_Web_Button_Studio_2007_With_Crack.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\SkimEdit_3.05.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\SmoothView_1.0.2.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Space_War_3.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\SQL_Password_1.5.470_[With_Crack].zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Streaming_Flag_Screen_saver_1.1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Super_AJAX_Programming_Seed_1.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\TSkinForm_2.1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\TVs_&_Webcams_3.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\TweakXP.com_Tweaking_Utility_1.6_build_4.9.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\uCertify_PrepKit_-_C220-602_CompTIA_A+_(IT_Technician)_8.02.05.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Ultra_Atom_Time_Synchronizer_1.0.2007.201_[Cracked].zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Unreal_Tournament_2003_-_Lost_Cavern_deathmatch_map.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\URL_Snooper_2.18.01_beta.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\VentaFax_Business_5.8.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Virtual_BassLine_3.5_[With_Crack].zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\ViVi_DVD_to_iPod_Converter_3.1.5.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Voxengo_r8brain_PRO_1.5_Patch.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\WAP_Proof_2.0.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Warcraft_III_-_AR_Natural_PicNic_map.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Warcraft_III_The_Frozen_Throne_UMSWE_4.1_editor.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Web_Palette_Pro_1.0.0_(Cracked).zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Website_Toolbox_Pro_1.0.6.0_Cracked.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Win2PDF_3.1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Windows_2000_IrDA_Driver_Access_Violation_Patch_MS01-046.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\WinTools.net_Extra_Edition_8.3.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\WinTricks_4.0k.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\XPFit_1.2.1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\Yoga_2.4.zip
C:\Documents and Settings\nlusr01472\Application Data\m\shared\zTexter_SMS_Messanger_1.zip
C:\Documents and Settings\nlusr01472\Application Data\m\srvlist.oct
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\1602894.exe
C:\WINDOWS\system32\drivers\downld\1615823.exe
C:\WINDOWS\system32\drivers\downld\1817243.exe
C:\WINDOWS\system32\drivers\downld\1833766.exe
C:\WINDOWS\system32\drivers\downld\1843801.exe
C:\WINDOWS\system32\drivers\downld\1855658.exe
C:\WINDOWS\system32\drivers\downld\2029658.exe
C:\WINDOWS\system32\drivers\downld\2050668.exe
C:\WINDOWS\system32\drivers\downld\2062685.exe
C:\WINDOWS\system32\drivers\downld\2070236.exe
C:\WINDOWS\system32\drivers\downld\2072369.exe
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\ssprs.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))
.

2008-05-15 08:45 . 2008-05-15 08:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-15 08:45 . 2008-05-15 08:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-15 00:22 . 2008-05-15 00:23 <DIR> d-------- C:\Program Files\Panda Security
2008-05-14 15:45 . 2008-05-14 15:45 <DIR> d-------- C:\Program Files\openpages.info
2008-05-14 12:30 . 2008-05-14 14:18 68 --a------ C:\WINDOWS\Wininit.ini
2008-05-09 13:18 . 2008-05-09 13:18 1,025 --a------ C:\WINDOWS\system32\sysprs7.tgz
2008-05-09 13:18 . 2008-05-09 13:18 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll
2008-05-09 13:18 . 2008-05-09 13:18 1,025 --a------ C:\WINDOWS\system32\clauth2.dll
2008-05-09 13:18 . 2008-05-09 13:18 1,025 --a------ C:\WINDOWS\system32\clauth1.dll
2008-05-09 13:18 . 2008-05-12 15:52 219 --a------ C:\WINDOWS\system32\lsprst7.tgz
2008-05-09 13:18 . 2008-05-12 15:52 87 --a------ C:\WINDOWS\system32\ssprs.tgz
2008-05-09 00:20 . 2008-05-09 00:20 <DIR> d-------- C:\Program Files\Rainbow Technologies
2008-05-09 00:20 . 2013-10-24 22:24 127 --a------ C:\WINDOWS\system32\lservrc
2008-05-09 00:19 . 2005-06-02 15:07 141,312 -ra------ C:\WINDOWS\system32\drivers\MtxDma0.sys
2008-05-09 00:19 . 2005-06-02 15:07 134,144 -ra------ C:\WINDOWS\system32\drivers\MtxAux.sys
2008-05-09 00:19 . 2005-06-02 15:07 118,784 -ra------ C:\WINDOWS\system32\MtxWinCi.dll
2008-05-08 21:07 . 2008-05-08 21:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-01 16:05 . 2008-05-01 16:06 <DIR> d-------- C:\Documents and Settings\nlusr01472\Application Data\Media Player Classic
2008-05-01 12:48 . 2002-11-15 14:11 77,824 --a------ C:\WINDOWS\system32\MMSwitch.dll
2008-05-01 12:48 . 2002-11-18 17:15 62,464 --a------ C:\WINDOWS\system32\MMSwitch.ax
2008-05-01 12:48 . 2002-11-18 17:02 40,960 --a------ C:\WINDOWS\system32\MMAVILNG.exe
2008-04-27 19:04 . 2008-04-27 19:05 <DIR> d-------- C:\Documents and Settings\nlusr01472\Application Data\NeroDCTemplates
2008-04-26 08:42 . 2008-04-26 08:42 2,491 --a------ C:\WINDOWS\system32\NMMediaServer.cfg
2008-04-22 10:15 . 2007-08-21 10:12 21,760 --a------ C:\WINDOWS\system32\drivers\point32.sys
2008-04-22 10:15 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-22 10:15 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-04-22 10:14 . 2008-04-22 10:14 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-22 10:14 . 2008-04-22 10:15 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
2008-04-21 15:21 . 2008-04-21 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-04-19 14:06 . 2008-05-12 17:48 126 --a------ C:\WINDOWS\password.ini
2008-04-16 14:39 . 2008-04-16 14:39 <DIR> d-------- C:\Documents and Settings\nlusr01472W1\ASPNET
2008-04-16 14:39 . 2008-04-16 14:39 <DIR> d-------- C:\Documents and Settings\nlusr01472W1
2008-04-16 14:39 . 2008-04-29 11:06 <DIR> d-------- C:\Documents and Settings\nlusr01472\VSWebCache
2008-04-16 14:39 . 2008-05-15 03:02 1,024 --ah----- C:\Documents and Settings\nlusr01472W1\ASPNET\NTUSER.dat.LOG
2008-04-16 11:13 . 2008-04-16 11:13 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-15 16:02 . 2008-04-15 16:02 <DIR> d-------- C:\Program Files\Common Files\Janus Systems
2008-04-15 15:59 . 2008-04-15 15:59 <DIR> d-------- C:\Program Files\Common Files\Karamasoft WebControls
2008-04-15 15:39 . 2008-04-15 15:42 <DIR> d-------- C:\Program Files\Common Files\Infragistics
2008-04-15 15:29 . 2008-04-15 15:29 <DIR> d-------- C:\Program Files\Common Files\Basic Date Picker
2008-04-15 15:29 . 2008-04-15 15:29 <DIR> d-------- C:\Program Files\Basic Date Picker
2008-04-15 09:22 . 2008-04-15 09:22 <DIR> d-------- C:\spoolerlogs
2008-04-15 00:03 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-15 00:03 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-04-15 00:00 . 2004-08-03 22:58 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-15 00:00 . 2004-08-03 22:58 100,992 --a--c--- C:\WINDOWS\system32\dllcache\bthpan.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 00:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-05-14 12:56 --------- d-----w C:\Documents and Settings\nlusr01472\Application Data\Babylon
2008-05-08 22:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-08 22:06 --------- d-----w C:\Documents and Settings\nlusr01472\Application Data\Azureus
2008-05-08 18:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-08 12:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-08 12:52 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-05-01 16:00 --------- d-----w C:\Program Files\Apple Software Update
2008-04-29 15:08 --------- d-----w C:\Program Files\PLSQL Developer
2008-04-24 08:25 --------- d-----w C:\Program Files\Common Files\Crystal Decisions
2008-04-14 21:25 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-14 08:07 --------- d-----w C:\Program Files\HTML Help Workshop
2008-04-14 07:52 --------- d-----w C:\Program Files\Microsoft ACT
2008-04-13 13:43 --------- d-----w C:\Program Files\NeroInstall.bak
2008-04-13 13:40 --------- d-----w C:\Documents and Settings\nlusr01472\Application Data\Nero
2008-04-13 13:37 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-13 13:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-04-13 12:11 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-12 18:34 --------- d-----w C:\Program Files\Java
2008-04-12 14:55 --------- d-----w C:\Documents and Settings\nlusr01472\Application Data\ErrorSweeper
2008-04-09 11:07 --------- d-----w C:\Program Files\CheckPoint
2008-04-09 08:21 --------- d-----w C:\Program Files\Motorola
2008-04-07 11:10 --------- d-----w C:\Documents and Settings\nlusr01472\Application Data\Skype
2008-03-27 22:02 97,600 -c--a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-03-27 10:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-28 11:04 238,888 ----a-w C:\WINDOWS\NuNInst.exe
2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-07-23 12:25 24,192 -c--a-w C:\Documents and Settings\nlusr01472\usbsermptxp.sys
2007-07-23 12:25 22,768 -c--a-w C:\Documents and Settings\nlusr01472\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86C510E9-97EF-4749-914F-0280247BE3A6}]
2006-07-18 23:20 111616 --a--c--- C:\WINDOWS\VirtualDNS.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@={8D2223A2-B3C6-4e32-B096-CDD11F628C60}

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 13:04 97064 --a------ D:\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 23:08 1211176]
"Systweak Memory Optimizer"="d:\program files\advanced system optimizer\memtuneup.exe" [2007-06-22 11:55 119024]
"\\fp-casa-2\EPSON Stylus DX4000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.exe" [2006-09-21 04:01 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [2007-03-27 15:06 136768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 21:10 335872]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 19:09 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 19:08 618496]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-12-11 08:50 241664]
"Babylon Client"="D:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2006-08-15 11:09 2663480]
"McAfeeFireTray"="C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe" [2008-05-15 03:29 655420]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2008-05-15 03:29 81990]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 12:28 684032]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"SecurDisc"="D:\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 13:04 2049320]
"InCD"="D:\Nero\Nero8\InCD\InCD.exe" [2008-02-28 13:03 1083176]
"NBKeyScan"="D:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 04:05 110592 C:\WINDOWS\system32\bthprops.cpl]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 21:01 1037736]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"ApacheTomcatMonitor"="D:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6w.exe" [2008-01-29 00:39 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=Addition to Administrators.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1379413555-1093665156-2662568585-2847\Scripts\Logon\0\0]
"Script"=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1379413555-1093665156-2662568585-2847\Scripts\Logon\1\0]
"Script"=DTMT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1379413555-1093665156-2662568585-2847\Scripts\Logon\1\1]
"Script"=MigrUsAcc.LogonSc.bat

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PerfectDiskRx]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"Mobile Backup"=C:\PROGRA~1\CA\BRIGHT~1\Client\rwclient.exe -Login
"CloneCDTray"="F:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpSvc.exe"=
"C:\\WINDOWS\\system32\\wbem\\unsecapp.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:@xpsp2res.dll,-22002
"135:TCP"= 135:TCP:RPC
"2701:TCP"= 2701:TCP:RInformation
"2701:UDP"= 2701:UDP:RInformation
"2702:TCP"= 2702:TCP:RControl
"2702:UDP"= 2702:UDP:RControl
"2703:TCP"= 2703:TCP:Chat
"2703:UDP"= 2703:UDP:Chat
"2704:TCP"= 2704:TCP:FileTransfer
"2704:UDP"= 2704:UDP:FileTransfer
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 FSM;CA File System Monitor;C:\WINDOWS\system32\drivers\fsmnt.sys [2005-07-07 11:59]
R0 MtxDma0;Matrox Dma Manager (0);C:\WINDOWS\system32\drivers\MtxDma0.sys [2005-06-02 15:07]
R1 CAFCR;CA File Change Recorder;C:\WINDOWS\system32\drivers\cafcr.sys [2005-07-07 16:20]
R2 BjsPort;Canon BJ Scanner Port Driver;C:\WINDOWS\system32\drivers\BjsPort.SYS [1999-09-27 11:47]
R2 CA BrightStor ARCserve Backup for Laptops & Desktops Scheduler;CA BrightStor ARCserve Backup for Laptops & Desktops Scheduler;C:\Program Files\CA\BrightStor ARCserve Backup for Laptops & Desktops\Client\ScheduleSrvc.exe [2005-10-26 13:05]
R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe [2007-04-13 03:50]
R2 NeroRegInCDSrv;Nero Registry InCD Service;D:\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 13:04]
R2 OFADriver;CA Backup Agent for Open Files Driver;C:\WINDOWS\system32\drivers\ofant.sys [2005-11-10 19:53]
R2 OpenFileAgent;CA Backup Agent for Open Files;"C:\Program Files\CA\BrightStor ARCserve Backup for Laptops & Desktops\Client\BAOF\Ofant.exe" [2005-11-10 19:52]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-07-29 04:49]
S2 pgsql-8.2;PostgreSQL Database Server 8.2;"C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2" -D "C:\Program Files\PostgreSQL\8.2\data\" []
S3 Engine;Engine;F:\Program Files\VB Decompiler Lite\Engine.sys [2007-09-19 10:09]
S3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-07-24 18:50]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-06-18 15:19]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-04 17:04]
S3 MusCDriverV32;MusCDriverV32;C:\WINDOWS\system32\drivers\MusCDriverV32.sys [2007-06-15 12:29]
S3 OracleOraHome81Agent;OracleOraHome81Agent;D:\oracle\ora81\bin\dbsnmp.exe [2000-11-11 23:48]
S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;D:\oracle\ora81\BIN\ONRSD.EXE [2000-10-19 11:55]
S3 OracleOraHome81DataGatherer;OracleOraHome81DataGatherer;D:\oracle\ora81\bin\vppdc.exe [2000-11-11 23:48]
S3 OracleOraHome81HTTPServer;OracleOraHome81HTTPServer;D:\oracle\ora81\Apache\Apache\Apache.exe [2000-11-09 09:12]
S3 OracleOraHome81TNSListener;OracleOraHome81TNSListener;D:\oracle\ora81\BIN\TNSLSNR []
S3 OracleServiceORACLE;OracleServiceORACLE;d:\oracle\ora81\bin\ORACLE.EXE ORACLE []
S3 OracleServiceXE;OracleServiceXE;d:\oracle10g\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE []
S3 OracleXETNSListener;OracleXETNSListener;D:\oracle10g\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-02 00:49]
S3 ose;Office Source Engine;"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [2003-07-28 12:28]
S3 pgsql-8.3;PostgreSQL Database Server 8.3;"C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "C:\Program Files\PostgreSQL\8.3\data\" []
S3 prepdrvr;SMS Process Event Driver;C:\WINDOWS\system32\CCM\prepdrv.sys [2007-04-13 03:50]
S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2007-06-15 12:27]
S3 Tomcat6;Apache Tomcat;"D:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe" //RS//Tomcat6 []
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;d:\oracle10g\app\oracle\product\10.2.0\server\Bin\extjob.exe XE []


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 06:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-15 01:30:01 C:\WINDOWS\Tasks\ErrorSweeper Scheduled Scan.job"
- C:\Program Files\ErrorSweeper\ErrorSweeper.ex
- C:\Program Files\ErrorSweeper
"2008-04-22 08:15:37 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 08:45:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\QTFont.for 1409 bytes
C:\WINDOWS\QTFont.qfn 54156 bytes

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\h0m3-2\\EPSON Stylus DX4000 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIBEE.EXE /FU \"C:\\DOCUME~1\\nlusr01472\\LOCALS~1\\Temp\\E_S3C.tmp\" /EF \"HKCU\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\OracleOraHome81TNSListener]
"ImagePath"="D:\oracle\ora81\BIN\TNSLSNR "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\imapi.exe
D:\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Network Associates\Common Framework\Mctray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
.
**************************************************************************
.
Completion time: 2008-05-15 8:49:07 - machine was rebooted [nlusr01472]
ComboFix-quarantined-files.txt 2008-05-15 06:49:02

Pre-Run: 1,151,234,048 bytes free
Post-Run: 991,682,560 bytes free

553 --- E O F --- 2008-05-06 18:25:21




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:50, on 2008-05-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\BrightStor ARCserve Backup for Laptops & Desktops\Client\ScheduleSrvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\imapi.exe
D:\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\Program Files\CA\BrightStor ARCserve Backup for Laptops & Desktops\Client\BAOF\Ofant.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
D:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Nero\Nero8\InCD\NBHGui.exe
D:\Nero\Nero8\InCD\InCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6w.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\program files\advanced system optimizer\memtuneup.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = intl-prox:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = vz.atso.com;*.nl.eu.atso.com;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Babylon Client] D:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] D:\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] D:\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ApacheTomcatMonitor] "D:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6w.exe" //MS//Tomcat6
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Systweak Memory Optimizer] d:\program files\advanced system optimizer\memtuneup.exe
O4 - HKCU\..\Run: [\\fp-casa-2\EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\DOCUME~1\nlusr01472\LOCALS~1\Temp\E_S3C.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://src.atso.com/itnet/global/
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nl.nlroot.adnet
O17 - HKLM\Software\..\Telephony: DomainName = nl.nlroot.adnet
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nl.nlroot.adnet
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = nl.nlroot.adnet
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = nl.nlroot.adnet
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = nl.nlroot.adnet
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CA BrightStor ARCserve Backup for Laptops & Desktops Scheduler - Computer Associates International, Inc. - C:\Program Files\CA\BrightStor ARCserve Backup for Laptops & Desktops\Client\ScheduleSrvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - D:\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: CA Backup Agent for Open Files (OpenFileAgent) - Computer Associates - C:\Program Files\CA\BrightStor ARCserve Backup for Laptops & Desktops\Client\BAOF\Ofant.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\oracle10g\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
O23 - Service: OracleOraHome81Agent - Oracle Corporation - D:\oracle\ora81\bin\dbsnmp.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - D:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: OracleOraHome81DataGatherer - Oracle Corporation - D:\oracle\ora81\bin\vppdc.exe
O23 - Service: OracleOraHome81HTTPServer - Unknown owner - D:\oracle\ora81\Apache\Apache\Apache.exe
O23 - Service: OracleOraHome81PagingServer - Unknown owner - (no file)
O23 - Service: OracleOraHome81TNSListener - Unknown owner - D:\oracle\ora81\BIN\TNSLSNR.exe
O23 - Service: OracleServiceORACLE - Oracle Corporation - d:\oracle\ora81\bin\ORACLE.EXE
O23 - Service: OracleServiceXE - Oracle Corporation - d:\oracle10g\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - D:\oracle10g\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - D:\oracle10g\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - D:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe

--
End of file - 12733 bytes



I'm performing an online scan (panda) and will provide a log asap.
What should i do next ?

Thanks
Gemon is offline   Reply With Quote