Windows XP Pro sooo slow [Solved], OTListIt2 & Rooter log posted |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
  |
 Apr 21 2009, 04:40 PM
Post
#1
|
|
|
Member  Posts: 89 OS: Windows XP  |
45.48G hard drive with 8.28 free space, not sure what happened but it's suddenly slow as molasses in January. Ran AdAware, CCleaner, HiJack, OTListIt2, Rootkit and MalWarebytes AntiMalware, found a few items but nothing looking terrible, also did a disk clean-up and a defrag. Have AVG free for virus protection. Panda Security is no longer installed.
OTListIt2 log: OTListIt logfile created on: 4/21/2009 7:51:24 PM - Run 1 OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\intel\Desktop\New Folder Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18372) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 367.53 Mb Total Physical Memory | 57.22 Mb Available Physical Memory | 15.57% Memory free 887.42 Mb Paging File | 495.64 Mb Available in Paging File | 55.85% Paging File free Paging file location(s): c:\pagefile.sys 552 1104; %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 9.38 Gb Free Space | 25.17% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: INTEL-5MQ3XL86W Current User Name: intel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Minimal File Age = 30 Days Company Name Whitelist: On ========== Processes (SafeList) ========== PRC - C:\WINNT\Explorer.EXE (Microsoft Corporation) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.) PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe (2Wire Inc.) PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) PRC - C:\WINNT\system32\PRISMSVR.EXE (Conexant Systems, Inc.) PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Documents and Settings\intel\Desktop\New Folder\OTListIt2.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (gupdate1c95b0da6409ea0 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.) SRV - (helpsvc [Auto | Running]) -- C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (Lavasoft Ad-Aware Service [Auto | Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) SRV - (PAVFNSVR [Disabled | Stopped]) -- C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe (Panda Security, S.L.) SRV - (PAVSRV [Disabled | Stopped]) -- C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrv51.exe (Panda Security, S.L.) SRV - (PSHost [Disabled | Stopped]) -- c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE (Panda Software International) SRV - (PSIMSVC [Disabled | Stopped]) -- C:\Program Files\Panda Security\Panda Internet Security 2009\psimsvc.exe (Panda Security S.L.) SRV - (SLService [Auto | Stopped]) -- C:\WINNT\system32\slserv.exe ( ) SRV - (UtilMan [On_Demand | Stopped]) -- C:\WINNT\System32\UtilMan.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (APPFLT [System | Running]) -- C:\WINNT\system32\Drivers\APPFLT.SYS (Panda Security, S.L.) DRV - (AvgLdx86 [System | Running]) -- C:\WINNT\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86 [System | Running]) -- C:\WINNT\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgTdiX [System | Running]) -- C:\WINNT\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Cdr4_2K [System | Running]) -- C:\WINNT\System32\drivers\cdr4_2K.sys (Roxio) DRV - (Cdralw2k [System | Running]) -- C:\WINNT\System32\drivers\cdralw2k.sys (Roxio) DRV - (cdudf [System | Running]) -- C:\WINNT\System32\drivers\cdudf.sys (Roxio) DRV - (cmpci [On_Demand | Running]) -- C:\WINNT\system32\drivers\cmaudio.sys (C-Media Inc) DRV - (ComFiltr [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\COMFiltr.sys () DRV - (DSAFLT [System | Running]) -- C:\WINNT\system32\Drivers\DSAFLT.SYS (Panda Security, S.L.) DRV - (DVDVRRdr [System | Running]) -- C:\WINNT\System32\drivers\DVDVRRdr.sys (Roxio) DRV - (dvd_2K [On_Demand | Stopped]) -- C:\WINNT\System32\drivers\Dvd_2k.sys (Roxio) DRV - (FNETMON [System | Running]) -- C:\WINNT\system32\Drivers\fnetmon.SYS (Panda Security, S.L.) DRV - (gameenum [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\gameenum.sys (Microsoft Corporation) DRV - (IDSFLT [System | Running]) -- C:\WINNT\system32\Drivers\IDSFLT.SYS (Panda Security, S.L.) DRV - (Lbd [Boot | Running]) -- C:\WINNT\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (MDC8021X [Auto | Running]) -- C:\WINNT\system32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications) DRV - (mmc_2K [On_Demand | Running]) -- C:\WINNT\System32\drivers\Mmc_2k.sys (Roxio) DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINNT\system32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (MPE [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\MPE.sys (Microsoft Corporation) DRV - (Mtlmnt5 [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\Mtlmnt5.sys ( ) DRV - (Mtlstrm [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\Mtlstrm.sys ( ) DRV - (NETFLTDI [System | Running]) -- C:\WINNT\system32\Drivers\NETFLTDI.SYS (Panda Security, S.L.) DRV - (NETIMFLT01060034 [On_Demand | Running]) -- C:\WINNT\system32\DRIVERS\neti1634.sys (Panda Security, S.L.) DRV - (NtMtlFax [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\NtMtlFax.sys ( ) DRV - (pavboot [Boot | Running]) -- C:\WINNT\system32\Drivers\pavboot.sys (Panda Security, S.L.) DRV - (pfc [On_Demand | Running]) -- C:\WINNT\system32\drivers\pfc.sys (Padus, Inc.) DRV - (Ptilink [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (pwd_2k [System | Running]) -- C:\WINNT\System32\drivers\pwd_2K.sys (Roxio) DRV - (RecAgent [Boot | Running]) -- C:\WINNT\System32\DRIVERS\RecAgent.sys ( ) DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (SiS300i [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\sis300ip.sys (Silicon Integrated Systems Corporation) DRV - (sisagp [Boot | Running]) -- C:\WINNT\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (SISNIC [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\sisnic.sys (SiS Corporation) DRV - (Slntamr [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\slntamr.sys ( ) DRV - (SlNtHal [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\Slnthal.sys ( ) DRV - (SlWdmSup [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\SlWdmSup.sys ( ) DRV - (tmcomm [Auto | Running]) -- C:\WINNT\system32\drivers\tmcomm.sys (Trend Micro Inc.) DRV - (UdfReadr [System | Running]) -- C:\WINNT\System32\drivers\UdfReadr.sys (Roxio) DRV - (viafilter [On_Demand | Stopped]) -- C:\WINNT\System32\Drivers\viausb.sys (VIA Technologies, Inc.) DRV - (WinUSB [On_Demand | Stopped]) -- C:\WINNT\system32\DRIVERS\WinUSB.sys (Microsoft Corporation) DRV - (WlanUIG [On_Demand | Running]) -- C:\WINNT\system32\DRIVERS\WlanUIG.sys ( ) DRV - (WNMFLT [System | Running]) -- C:\WINNT\system32\Drivers\WNMFLT.SYS (Panda Security, S.L.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 2F 70 BA 3B 94 C9 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - URLSearchHook: {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPeer.dll File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Live Search" FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q=" FF - prefs.js..browser.search.selectedEngine: "Live Search" FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0 FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.0.20080710 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.4.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8 FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX\ [2008/12/10 16:25:46 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/02/02 21:33:53 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\PROGRAM FILES\AVG\AVG8\TOOLBARFF [2009/02/02 21:33:53 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/19 16:41:04 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/28 21:41:44 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 09:27:14 | 00,000,000 | ---D | M] [2008/11/15 03:18:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\mozilla\Extensions [2008/11/15 03:18:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/03/26 11:29:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\mozilla\Firefox\Profiles\7vu3yav0.default\extensions [2009/01/11 11:29:10 | 00,001,632 | ---- | M] () -- C:\Documents and Settings\intel\Application Data\Mozilla\FireFox\Profiles\7vu3yav0.default\searchplugins\live-search.xml [2009/03/19 17:12:34 | 00,002,158 | ---- | M] () -- C:\Documents and Settings\intel\Application Data\Mozilla\FireFox\Profiles\7vu3yav0.default\searchplugins\MySpace.xml [2009/04/20 21:45:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009/03/28 09:27:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/08/24 14:55:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009/03/19 16:45:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009/03/28 09:26:59 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/03/28 09:26:59 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2008/12/02 03:04:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2008/12/02 03:04:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2008/12/02 03:04:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2008/12/02 03:04:40 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2008/12/02 03:04:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2008/12/02 03:04:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2008/12/02 03:04:40 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (734 bytes) - C:\WINNT\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------) O2 - BHO: (Peer2Peer-EN Toolbar) - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPeer.dll File not found O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll (Google Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------) O3 - HKLM\..\Toolbar: (Peer2Peer-EN Toolbar) - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPeer.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DA21BD13-CA22-42E3-A071-98F08F1CA1E7} - C:\Program Files\Peer2Peer-EN\tbPeer.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Synchronization Manager] mobsync.exe /logon (Microsoft Corporation) O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found O4 - Startup: C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe (2Wire Inc.) O4 - Startup: C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll (Google Inc.) O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\intel\Start Menu\Programs\IMVU\Run IMVU.lnk File not found O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\CLUE Classic\Images\stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1226815031659 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1230347220299 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\CLUE Classic\Images\armhelper.ocx (ArmHelper Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINNT\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINNT\system32\avldr.dll (Panda Security, S.L.) O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\system32\wzcdlg.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ] O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINNT\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINNT\System32\lsdelete.exe () ========== Files/Folders - Created Within 30 Days ========== [1 C:\WINNT\System32\*.tmp files] [2009/04/21 18:56:16 | 00,000,000 | ---D | C] -- C:\Rooter$ [2009/04/21 17:19:02 | 00,015,688 | ---- | C] () -- C:\WINNT\System32\lsdelete.exe [2009/04/20 22:23:31 | 00,000,472 | ---- | C] () -- C:\WINNT\tasks\Ad-Aware Update (Weekly).job [2009/04/20 22:22:21 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINNT\System32\drivers\Lbd.sys [2009/04/20 22:22:20 | 00,000,000 | ---D | C] -- C:\WINNT\System32\DRVSTORE [2009/04/20 22:17:09 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINNT\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} [2009/04/20 22:16:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Application Data\Lavasoft [2009/04/20 22:07:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\intel\Desktop\New Folder [2009/04/20 21:46:47 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009/04/20 20:40:06 | 00,000,394 | ---- | C] () -- C:\WINNT\tasks\Schedule Task Weekly.job [2009/04/19 12:15:38 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\pdh.dll [2009/04/19 12:15:35 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\services.exe [2009/04/19 12:15:33 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\fastprox.dll [2009/04/19 12:15:32 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\wmiprvse.exe [2009/04/19 12:15:30 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\wmiprvsd.dll [2009/04/19 12:15:27 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\lsasrv.dll [2009/04/19 12:15:26 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\advapi32.dll [2009/04/19 12:15:23 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ntdll.dll [2009/04/19 12:00:36 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\xpsp4res.dll [2009/04/19 12:00:32 | 01,203,922 | ---- | C] () -- C:\WINNT\System32\dllcache\sysmain.sdb [2009/04/19 12:00:30 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\wordpad.exe [2009/04/11 15:06:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\intel\Application Data\Malwarebytes [2009/04/11 15:05:55 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys [2009/04/11 15:05:50 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys [2009/04/11 15:05:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Application Data\Malwarebytes [2009/04/11 15:05:46 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/04/07 22:48:29 | 02,979,738 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9657.MOV [2009/04/07 22:48:28 | 00,807,125 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9656.JPG [2009/04/07 22:48:26 | 00,858,560 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9655.JPG [2009/04/07 22:48:25 | 00,954,984 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9654.JPG [2009/04/07 22:48:23 | 00,953,082 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9653.JPG [2009/04/07 22:48:22 | 00,908,395 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9652.JPG [2009/04/07 22:48:20 | 00,804,946 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9651.JPG [2009/04/07 22:48:19 | 00,900,495 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9650.JPG [2009/04/07 22:48:17 | 01,009,452 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9649.JPG [2009/04/07 22:48:16 | 00,989,856 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9648.JPG [2009/04/07 22:48:14 | 00,951,622 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9647.JPG [2009/04/07 22:48:12 | 00,942,259 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9646.JPG [2009/04/07 22:48:11 | 00,880,573 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9645.JPG [2009/04/07 22:48:04 | 04,222,046 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9644.MOV [2009/04/07 22:48:02 | 00,959,671 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9643.JPG [2009/04/07 22:48:01 | 00,882,511 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9642.JPG [2009/04/07 22:47:57 | 02,483,422 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9641.MOV [2009/04/07 22:47:55 | 00,905,160 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9640.JPG [2009/04/07 22:47:54 | 00,749,738 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9639.JPG [2009/04/07 22:47:52 | 01,075,513 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9638.JPG [2009/04/07 22:47:50 | 01,085,487 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9637.JPG [2009/04/07 22:47:42 | 04,891,358 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9636.MOV [2009/04/07 22:47:41 | 00,942,048 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9635.JPG [2009/04/07 22:47:39 | 00,936,682 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9634.JPG [2009/04/07 22:47:38 | 00,918,297 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9633.JPG [2009/04/07 22:47:29 | 05,360,310 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9632.MOV [2009/04/07 22:47:28 | 01,020,241 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9631.JPG [2009/04/07 22:47:26 | 01,046,626 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9630.JPG [2009/04/07 22:47:25 | 01,004,528 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9629.JPG [2009/04/07 22:47:21 | 02,762,150 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9628.MOV [2009/04/07 22:47:04 | 10,799,338 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9627.MOV [2009/04/07 22:47:03 | 00,753,065 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9626.JPG [2009/04/07 22:46:57 | 04,197,762 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9625.MOV [2009/04/07 22:46:55 | 00,837,354 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9667.JPG [2009/04/07 22:46:54 | 00,821,312 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9666.JPG [2009/04/07 22:46:53 | 00,827,116 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9665.JPG [2009/04/07 22:46:52 | 00,786,829 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9664.JPG [2009/04/07 22:46:50 | 00,844,209 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9663.JPG [2009/04/07 22:46:49 | 00,975,713 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9662.JPG [2009/04/07 22:46:48 | 01,004,626 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9661.JPG [2009/04/07 22:46:46 | 00,970,487 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9660.JPG [2009/04/07 22:46:45 | 01,001,015 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9659.JPG [2009/04/07 22:46:43 | 00,989,113 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9658.JPG [2009/04/07 22:46:26 | 00,486,300 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\105_0865.JPG [2009/04/07 22:46:26 | 00,458,788 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\105_0864.JPG [2009/04/05 09:39:35 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINNT\System32\drivers\tmcomm.sys [2009/03/31 16:04:12 | 00,000,256 | ---- | C] () -- C:\WINNT\tasks\WGASetup.job [2009/03/31 16:04:10 | 00,000,000 | ---D | C] -- C:\WINNT\System32\KB905474 [2009/03/26 11:20:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\intel\Application Data\MySpace [2009/03/26 11:19:50 | 00,000,000 | ---D | C] -- C:\Program Files\MySpace [2009/02/16 12:54:36 | 00,000,626 | ---- | C] () -- C:\WINNT\ODBC.INI [2008/11/16 13:12:29 | 00,013,880 | ---- | C] () -- C:\WINNT\System32\drivers\COMFiltr.sys [2008/11/15 11:03:07 | 00,001,793 | ---- | C] () -- C:\WINNT\System32\fxsperf.ini [2008/08/18 19:18:36 | 00,000,097 | ---- | C] () -- C:\WINNT\System32\PICSDK.ini [2008/08/18 19:15:29 | 00,000,044 | ---- | C] () -- C:\WINNT\EPCX4800.ini [2008/08/18 18:54:36 | 00,347,648 | R--- | C] ( ) -- C:\WINNT\System32\drivers\WlanUIG.sys [2007/07/13 13:59:52 | 00,528,384 | ---- | C] () -- C:\WINNT\System32\SLLights.dll [2007/07/13 13:59:52 | 00,135,168 | ---- | C] () -- C:\WINNT\System32\SLMOHServ.dll [2007/07/13 13:59:52 | 00,014,968 | ---- | C] ( ) -- C:\WINNT\System32\drivers\winddx.sys [2007/06/17 12:15:16 | 00,000,025 | ---- | C] () -- C:\WINNT\mixerdef.ini [2007/06/17 12:13:31 | 00,000,092 | ---- | C] () -- C:\WINNT\CMISETUP.INI [2007/06/17 12:13:31 | 00,000,026 | ---- | C] () -- C:\WINNT\CMCDPLAY.INI [2007/06/17 10:04:20 | 00,139,264 | ---- | C] () -- C:\WINNT\System32\setuplib.dll [2004/05/03 07:21:44 | 00,196,608 | ---- | C] () -- C:\WINNT\System32\slextspk.dll [2004/05/03 07:19:26 | 00,049,152 | ---- | C] () -- C:\WINNT\System32\coinst.dll [2004/05/03 07:18:50 | 00,163,840 | ---- | C] () -- C:\WINNT\System32\SLGen.dll [2004/05/03 07:10:58 | 00,013,920 | ---- | C] ( ) -- C:\WINNT\System32\drivers\RecAgent.sys [2004/05/03 07:10:50 | 00,632,960 | ---- | C] ( ) -- C:\WINNT\System32\drivers\slntamr.sys [2004/05/03 07:06:08 | 00,095,768 | ---- | C] ( ) -- C:\WINNT\System32\drivers\slnthal.sys [2004/05/03 07:03:04 | 00,230,664 | ---- | C] ( ) -- C:\WINNT\System32\drivers\mtlmnt5.sys [2004/05/03 06:59:14 | 01,302,680 | ---- | C] ( ) -- C:\WINNT\System32\drivers\mtlstrm.sys [2004/05/03 06:55:38 | 00,180,640 | ---- | C] ( ) -- C:\WINNT\System32\drivers\ntmtlfax.sys [2004/05/03 06:44:54 | 00,013,288 | ---- | C] ( ) -- C:\WINNT\System32\drivers\slwdmsup.sys [2001/08/17 17:36:28 | 00,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll [1999/12/07 07:00:00 | 00,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll [1999/12/07 07:00:00 | 00,000,719 | ---- | C] () -- C:\WINNT\win.ini [1999/12/07 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINNT\system.ini [1999/09/25 05:36:24 | 00,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys [1999/09/25 05:36:22 | 00,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys ========== Files - Modified Within 30 Days ========== [1 C:\WINNT\System32\*.tmp files] [6 C:\WINNT\*.tmp files] [2009/04/21 18:52:27 | 35,292,266 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\incavi.avm [2009/04/21 18:52:27 | 00,017,763 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\microavi.avg [2009/04/21 18:42:37 | 00,000,256 | ---- | M] () -- C:\WINNT\tasks\WGASetup.job [2009/04/21 18:42:01 | 00,013,646 | ---- | M] () -- C:\WINNT\System32\wpa.dbl [2009/04/21 18:40:10 | 00,000,882 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachine.job [2009/04/21 18:40:02 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT [2009/04/21 18:39:38 | 00,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat [2009/04/21 18:39:30 | 38,545,4080 | -HS- | M] () -- C:\hiberfil.sys [2009/04/21 18:04:32 | 02,449,216 | -H-- | M] () -- C:\Documents and Settings\intel\Local Settings\Application Data\IconCache.db [2009/04/21 18:01:27 | 00,000,719 | ---- | M] () -- C:\WINNT\win.ini [2009/04/21 18:01:27 | 00,000,227 | ---- | M] () -- C:\WINNT\system.ini [2009/04/21 18:01:27 | 00,000,207 | RHS- | M] () -- C:\boot.ini [2009/04/21 16:20:14 | 00,000,068 | ---- | M] () -- C:\WINNT\System32\drivers\etc\NetFlt.cfg.bck [2009/04/21 16:20:14 | 00,000,068 | ---- | M] () -- C:\WINNT\System32\drivers\etc\NetFlt.cfg [2009/04/21 16:18:11 | 00,000,104 | ---- | M] () -- C:\WINNT\System32\drivers\etc\NetAdapt.cfg.bck [2009/04/21 16:18:11 | 00,000,104 | ---- | M] () -- C:\WINNT\System32\drivers\etc\NetAdapt.cfg [2009/04/21 16:17:59 | 00,000,064 | ---- | M] () -- C:\WINNT\System32\drivers\etc\NetAR.wlt.bck [2009/04/21 16:17:59 | 00,000,064 | ---- | M] () -- C:\WINNT\System32\drivers\etc\NetAR.wlt [2009/04/20 22:25:55 | 00,324,556 | ---- | M] () -- C:\WINNT\System32\drivers\APPFCONT.DAT.bck [2009/04/20 22:25:54 | 00,324,556 | ---- | M] () -- C:\WINNT\System32\drivers\APPFCONT.DAT [2009/04/20 22:23:31 | 00,000,472 | ---- | M] () -- C:\WINNT\tasks\Ad-Aware Update (Weekly).job [2009/04/20 20:40:08 | 00,000,394 | ---- | M] () -- C:\WINNT\tasks\Schedule Task Weekly.job [2009/04/19 16:30:08 | 00,397,692 | ---- | M] () -- C:\WINNT\System32\perfh009.dat [2009/04/19 16:30:08 | 00,060,522 | ---- | M] () -- C:\WINNT\System32\perfc009.dat [2009/04/19 16:30:07 | 00,465,980 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI [2009/04/19 12:05:59 | 00,434,673 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\miniavi.avg [2009/04/11 16:09:29 | 00,509,440 | -HS- | M] () -- C:\Documents and Settings\intel\My Documents\Thumbs.db [2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys [2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys [2009/04/06 09:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\MRT.exe [2009/04/05 09:36:50 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINNT\System32\drivers\tmcomm.sys [2009/03/27 01:58:38 | 01,203,922 | ---- | M] () -- C:\WINNT\System32\dllcache\sysmain.sdb < End of report > Extras List Log: OTListIt Extras logfile created on: 4/21/2009 7:51:24 PM - Run 1 OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\intel\Desktop\New Folder Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18372) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 367.53 Mb Total Physical Memory | 57.22 Mb Available Physical Memory | 15.57% Memory free 887.42 Mb Paging File | 495.64 Mb Available in Paging File | 55.85% Paging File free Paging file location(s): c:\pagefile.sys 552 1104; %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 9.38 Gb Free Space | 25.17% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: INTEL-5MQ3XL86W Current User Name: intel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Minimal File Age = 30 Days Company Name Whitelist: On ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .js [@ = JSFile] -- C:\Program Files\Panda Security\Panda Internet Security 2009\PAVSCRIP.EXE (Panda Security, S.L.) .jse [@ = JSEFile] -- C:\Program Files\Panda Security\Panda Internet Security 2009\PAVSCRIP.EXE (Panda Security, S.L.) .vbe [@ = VBEFile] -- C:\Program Files\Panda Security\Panda Internet Security 2009\PAVSCRIP.EXE (Panda Security, S.L.) .vbs [@ = VBSFile] -- C:\Program Files\Panda Security\Panda Internet Security 2009\PAVSCRIP.EXE (Panda Security, S.L.) .wsf [@ = WSFFile] -- C:\Program Files\Panda Security\Panda Internet Security 2009\PAVSCRIP.EXE (Panda Security, S.L.) .wsh [@ = WSHFile] -- C:\Program Files\Panda Security\Panda Internet Security 2009\PAVSCRIP.EXE (Panda Security, S.L.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.) C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation) C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire () %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation) C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger "{0D555D04-78C9-41F7-A1ED-4EC837140FCD}" = Panda Internet Security 2009 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11 "{2A9C3F41-DACA-37AB-84FB-2E6193C42151}" = Google Gears "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}" = Easy CD & DVD Creator 6 "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = 2Wire Wireless Client "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 "{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "Ad-Aware" = Ad-Aware "Ad-Aware SE Personal" = Ad-Aware SE Personal "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "AVG8Uninstall" = AVG Free 8.0 "CCleaner" = CCleaner (remove only) "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "EPSON Printer and Utilities" = EPSON Printer Software "EPSON Scanner" = EPSON Scan "ie8" = Windows Internet Explorer 8 Release Candidate 1 "LimeWire" = LimeWire PRO 4.12.3 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8) "PCI Audio Driver" = PCI Audio Driver "PhotoFiltre" = PhotoFiltre "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "Silent Package Run-Time Sample" = EPSON CX 4200 4800 Guide "SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver "SLAMRNTV" = NetoDragon 56K Voice Modem "VIA USB Filter Driver (VLink)" = VIA USB Filter Driver (Vlink) "Warcraft II BNE" = Warcraft II BNE "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "winusb0100" = Microsoft WinUsb 1.0 "WinZip" = WinZip "WMFDist11" = Windows Media Format 11 runtime "Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7 "Yahoo! Messenger" = Yahoo! Messenger ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 4/21/2009 6:20:01 PM | Computer Name = INTEL-5MQ3XL86W | Source = Application Hang | ID = 1002 Description = Hanging application hh.exe, version 5.2.3790.2453, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/21/2009 6:20:02 PM | Computer Name = INTEL-5MQ3XL86W | Source = Application Hang | ID = 1002 Description = Hanging application hh.exe, version 5.2.3790.2453, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/21/2009 6:20:02 PM | Computer Name = INTEL-5MQ3XL86W | Source = Application Hang | ID = 1002 Description = Hanging application hh.exe, version 5.2.3790.2453, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/21/2009 6:20:12 PM | Computer Name = INTEL-5MQ3XL86W | Source = Application Hang | ID = 1002 Description = Hanging application hh.exe, version 5.2.3790.2453, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/21/2009 6:20:58 PM | Computer Name = INTEL-5MQ3XL86W | Source = Application Hang | ID = 1002 Description = Hanging application hh.exe, version 5.2.3790.2453, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/21/2009 8:11:41 PM | Computer Name = INTEL-5MQ3XL86W | Source = Application Hang | ID = 1002 Description = Hanging application OTListIt2.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/21/2009 8:11:42 PM | Computer Name = INTEL-5MQ3XL86W | Source = Application Hang | ID = 1002 Description = Hanging application OTListIt2.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/21/2009 8:22:37 PM | Computer Name = INTEL-5MQ3XL86W | Source = Application Hang | ID = 1002 Description = Hanging application OTListIt2.exe, version 2.0.14.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/21/2009 8:22:38 PM | Computer Name = INTEL-5MQ3XL86W | Source = Application Hang | ID = 1002 Description = Hanging application OTListIt2.exe, version 2.0.14.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/21/2009 8:22:38 PM | Computer Name = INTEL-5MQ3XL86W | Source = Application Hang | ID = 1002 Description = Hanging application OTListIt2.exe, version 2.0.14.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ Application Events ] Error - 4/21/2009 6:20:01 PM | Computer Name = INTEL-5MQ3XL86W | Source = Application Hang | ID = 1002 Description = Hanging application hh.exe, version 5.2.3790.2453, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/21/2009 6:20:02 PM | Computer Name = INTEL-5MQ3XL86W | Source = Application Hang | ID = 1002 Description = Hanging application hh.exe, version 5.2.3790.2453, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/21/2009 6:20:02 PM | Computer Name = INTEL-5MQ3XL86W | Source = Application Hang | ID = 1002 Description = Hanging application hh.exe, version 5.2.3790.2453, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/21/2009 6:20:12 PM | Computer Name = INTEL-5MQ3XL86W | Source = Application Hang | ID = 1002 Description = Hanging application hh.exe, version 5.2.3790.2453, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/21/2009 6:20:58 PM | Computer Name = INTEL-5MQ3XL86W | Source = Application Hang | ID = 1002 Description = Hanging application hh.exe, version 5.2.3790.2453, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/21/2009 8:11:41 PM | Computer Name = INTEL-5MQ3XL86W | Source = Application Hang | ID = 1002 Description = Hanging application OTListIt2.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/21/2009 8:11:42 PM | Computer Name = INTEL-5MQ3XL86W | Source = Application Hang | ID = 1002 Description = Hanging application OTListIt2.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/21/2009 8:22:37 PM | Computer Name = INTEL-5MQ3XL86W | Source = Application Hang | ID = 1002 Description = Hanging application OTListIt2.exe, version 2.0.14.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/21/2009 8:22:38 PM | Computer Name = INTEL-5MQ3XL86W | Source = Application Hang | ID = 1002 Description = Hanging application OTListIt2.exe, version 2.0.14.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/21/2009 8:22:38 PM | Computer Name = INTEL-5MQ3XL86W | Source = Application Hang | ID = 1002 Description = Hanging application OTListIt2.exe, version 2.0.14.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 4/20/2009 9:24:03 PM | Computer Name = INTEL-5MQ3XL86W | Source = Service Control Manager | ID = 7016 Description = The SmartLinkService service has reported an invalid current state 0. Error - 4/20/2009 9:24:16 PM | Computer Name = INTEL-5MQ3XL86W | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect. Error - 4/20/2009 9:24:18 PM | Computer Name = INTEL-5MQ3XL86W | Source = Service Control Manager | ID = 7000 Description = The Application Layer Gateway Service service failed to start due to the following error: %%1053 Error - 4/21/2009 5:16:57 PM | Computer Name = INTEL-5MQ3XL86W | Source = Service Control Manager | ID = 7000 Description = The Zune Bus Enumerator Driver service failed to start due to the following error: %%2 Error - 4/21/2009 5:16:57 PM | Computer Name = INTEL-5MQ3XL86W | Source = Service Control Manager | ID = 7000 Description = The Panda anti-virus driver service failed to start due to the following error: %%2 Error - 4/21/2009 5:16:57 PM | Computer Name = INTEL-5MQ3XL86W | Source = Service Control Manager | ID = 7001 Description = The Panda anti-virus service service depends on the Panda anti-virus driver service which failed to start because of the following error: %%2 Error - 4/21/2009 5:18:11 PM | Computer Name = INTEL-5MQ3XL86W | Source = Service Control Manager | ID = 7016 Description = The SmartLinkService service has reported an invalid current state 0. Error - 4/21/2009 7:41:27 PM | Computer Name = INTEL-5MQ3XL86W | Source = Service Control Manager | ID = 7000 Description = The Zune Bus Enumerator Driver service failed to start due to the following error: %%2 Error - 4/21/2009 7:41:27 PM | Computer Name = INTEL-5MQ3XL86W | Source = Service Control Manager | ID = 7000 Description = The Panda anti-virus driver service failed to start due to the following error: %%2 Error - 4/21/2009 7:42:06 PM | Computer Name = INTEL-5MQ3XL86W | Source = Service Control Manager | ID = 7016 Description = The SmartLinkService service has reported an invalid current state 0. < End of report > And the Rooter log: Microsoft Windows XP Professional (5.1.2600) Service Pack 3 A:\ [Removable] (Total:0 Mo/Free:0 Mo) C:\ [Fixed] - NTFS - (Total:38154 Mo/Free:1411 Mo) D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo) E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo) Tue 04/21/2009|18:56 ----------------------\\ Processes.. --Locked-- [System Process] ---------- System ---------- \SystemRoot\System32\smss.exe ---------- \??\C:\WINNT\system32\csrss.exe ---------- \??\C:\WINNT\system32\winlogon.exe ---------- C:\WINNT\system32\services.exe ---------- C:\WINNT\system32\lsass.exe ---------- C:\WINNT\system32\svchost.exe ---------- C:\WINNT\system32\svchost.exe ---------- C:\WINNT\System32\svchost.exe ---------- C:\WINNT\system32\svchost.exe ---------- C:\WINNT\System32\svchost.exe ---------- C:\WINNT\System32\svchost.exe ---------- C:\WINNT\Explorer.EXE ---------- C:\WINNT\system32\spoolsv.exe ---------- C:\Program Files\Java\jre6\bin\jusched.exe ---------- C:\Program Files\Google\Update\GoogleUpdate.exe ---------- C:\WINNT\System32\svchost.exe ---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe ---------- C:\WINNT\system32\ctfmon.exe ---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe ---------- C:\Program Files\Java\jre6\bin\jqs.exe ---------- C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe ---------- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe ---------- C:\WINNT\system32\PRISMSVR.EXE ---------- C:\WINNT\System32\svchost.exe ---------- C:\PROGRA~1\AVG\AVG8\avgemc.exe ---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe ---------- C:\Program Files\AVG\AVG8\avgcsrvx.exe ---------- C:\WINNT\System32\alg.exe ---------- C:\WINNT\system32\wuauclt.exe ---------- C:\Program Files\Mozilla Firefox\firefox.exe ---------- C:\WINNT\system32\wuauclt.exe ---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe ---------- C:\WINNT\system32\cmd.exe ---------- C:\Rooter$\RK.exe ----------------------\\ Search.. C:\WINNT\System32\export\instdss5.dll ==> TDSS.. <== ----------------------\\ ROOTKIT !! 1 - "C:\Rooter$\Rooter_1.txt" - Tue 04/21/2009|19:01 ----------------------\\ Scan completed at 19:01 Edited to remove HiJack Log and add the Rooter and OTListIt2 log This post has been edited by ColtsFan18: Apr 21 2009, 07:14 PM |
 |
 
|
|
Apr 26 2009, 02:23 PM
Post
#2
|
|
 Trusted Helper  Posts: 4,530 From: London, UK OS: XP |
Hello ColtsFan18
welcome to geekstogo  and sorry to keep you waiting.We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review. also: We will run OTListIt again, but go for a shortened log:
andrewuk |
|
|
|
|
Apr 26 2009, 09:11 PM
Post
#3
|
|
|
Member Posts: 89 OS: Windows XP |
ComboFix Log:
ComboFix 09-04-25.A3 - intel 04/26/2009 21:46.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.368.188 [GMT -5:00] Running from: c:\documents and settings\intel\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\winnt\Web\default.htt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_IAS ((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-4-27 ))))))))))))))))))))))))))))))) . 2009-04-26 03:23 . 2009-04-26 03:23 23392 ----a-w c:\winnt\system32\nscompat.tlb 2009-04-26 03:23 . 2009-04-26 03:23 16832 ----a-w c:\winnt\system32\amcompat.tlb 2009-04-26 02:44 . 2009-04-26 02:53 -------- d-----w c:\program files\Zune 2009-04-26 01:59 . 2009-04-26 01:59 -------- d-----w c:\program files\ResetDRM 2009-04-26 00:14 . 2009-04-26 01:54 -------- d-----w c:\program files\Windows Media Connect 2 2009-04-26 00:12 . 2009-04-26 00:12 -------- d-----w C:\VersalSoft 2009-04-26 00:11 . 2009-04-26 00:11 -------- d-----w c:\program files\VersalSoft 2009-04-26 00:11 . 2009-04-26 00:11 -------- d-----w c:\program files\Universal 2009-04-25 21:15 . 2009-04-26 03:45 1374 ----a-w c:\winnt\imsins.BAK 2009-04-25 19:12 . 2009-01-09 19:19 1089593 -c----w c:\winnt\system32\dllcache\ntprint.cat 2009-04-25 03:21 . 2009-04-25 03:21 -------- d-----w c:\documents and settings\I hate this computer\Local Settings\Application Data\Mozilla 2009-04-25 00:27 . 2009-04-25 00:27 -------- d-sh--w c:\documents and settings\I hate this computer\PrivacIE 2009-04-25 00:27 . 2009-04-25 00:27 -------- d-----w c:\documents and settings\I hate this computer\Local Settings\Application Data\Google 2009-04-25 00:27 . 2009-04-25 00:27 -------- d-sh--w c:\documents and settings\I hate this computer\IETldCache 2009-04-25 00:25 . 2009-04-25 00:28 -------- d-----w c:\documents and settings\I hate this computer\Application Data\AVGTOOLBAR 2009-04-24 20:31 . 2009-04-24 20:31 127128 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-04-24 20:27 . 2009-04-24 20:27 -------- d-----w c:\winnt\system32\XPSViewer 2009-04-24 20:27 . 2009-04-24 20:27 -------- d-----w c:\program files\MSBuild 2009-04-24 20:26 . 2009-04-24 20:26 -------- d-----w c:\program files\Reference Assemblies 2009-04-24 20:01 . 2009-04-24 23:42 -------- d-----w c:\winnt\SxsCaPendDel 2009-04-24 03:30 . 2008-07-06 12:06 89088 -c----w c:\winnt\system32\dllcache\filterpipelineprintproc.dll 2009-04-24 03:30 . 2008-07-06 12:06 117760 ------w c:\winnt\system32\prntvpt.dll 2009-04-24 03:30 . 2008-07-06 10:50 597504 -c----w c:\winnt\system32\dllcache\printfilterpipelinesvc.exe 2009-04-24 03:30 . 2008-07-06 12:06 575488 -c----w c:\winnt\system32\dllcache\xpsshhdr.dll 2009-04-24 03:30 . 2008-07-06 12:06 575488 ------w c:\winnt\system32\xpsshhdr.dll 2009-04-24 03:30 . 2008-07-06 12:06 1676288 -c----w c:\winnt\system32\dllcache\xpssvcs.dll 2009-04-24 03:30 . 2008-07-06 12:06 1676288 ------w c:\winnt\system32\xpssvcs.dll 2009-04-24 03:30 . 2009-04-24 03:32 -------- d-----w C:\13e1d3daf38210c8217863fd 2009-04-24 02:22 . 2009-04-24 02:40 -------- d-----w C:\3940cbcba9fc6ae53115 2009-04-22 01:16 . 2009-04-22 01:21 -------- d-----w c:\program files\ERUNT 2009-04-21 23:56 . 2009-04-22 00:02 -------- d-----w C:\Rooter$ 2009-04-21 22:19 . 2009-03-09 19:06 15688 ----a-w c:\winnt\system32\lsdelete.exe 2009-04-21 03:22 . 2009-03-09 19:06 64160 ----a-w c:\winnt\system32\drivers\Lbd.sys 2009-04-21 03:22 . 2009-04-21 03:22 -------- dc----w c:\winnt\system32\DRVSTORE 2009-04-21 03:17 . 2009-04-21 03:17 -------- dc-h--w c:\documents and settings\All Users.WINNT\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-04-21 03:16 . 2009-04-21 03:22 -------- d-----w c:\documents and settings\All Users.WINNT\Application Data\Lavasoft 2009-04-21 02:46 . 2009-04-21 02:46 -------- d-----w c:\program files\CCleaner 2009-04-19 17:15 . 2009-03-06 14:22 284160 -c----w c:\winnt\system32\dllcache\pdh.dll 2009-04-19 17:15 . 2009-02-06 11:11 110592 -c----w c:\winnt\system32\dllcache\services.exe 2009-04-19 17:15 . 2009-02-09 12:10 473600 -c----w c:\winnt\system32\dllcache\fastprox.dll 2009-04-19 17:15 . 2009-02-06 10:10 227840 -c----w c:\winnt\system32\dllcache\wmiprvse.exe 2009-04-19 17:15 . 2009-02-09 12:10 453120 -c----w c:\winnt\system32\dllcache\wmiprvsd.dll 2009-04-19 17:15 . 2009-02-09 12:10 729088 -c----w c:\winnt\system32\dllcache\lsasrv.dll 2009-04-19 17:15 . 2009-02-09 12:10 617472 -c----w c:\winnt\system32\dllcache\advapi32.dll 2009-04-19 17:15 . 2009-02-09 12:10 714752 -c----w c:\winnt\system32\dllcache\ntdll.dll 2009-04-19 17:00 . 2008-05-03 11:55 2560 ------w c:\winnt\system32\xpsp4res.dll 2009-04-19 17:00 . 2009-03-27 06:58 1203922 -c----w c:\winnt\system32\dllcache\sysmain.sdb 2009-04-19 17:00 . 2008-04-21 12:08 215552 -c----w c:\winnt\system32\dllcache\wordpad.exe 2009-04-11 20:06 . 2009-04-11 20:06 -------- d-----w c:\documents and settings\intel\Application Data\Malwarebytes 2009-04-11 20:05 . 2009-04-06 20:32 15504 ----a-w c:\winnt\system32\drivers\mbam.sys 2009-04-11 20:05 . 2009-04-06 20:32 38496 ----a-w c:\winnt\system32\drivers\mbamswissarmy.sys 2009-04-11 20:05 . 2009-04-11 20:05 -------- d-----w c:\documents and settings\All Users.WINNT\Application Data\Malwarebytes 2009-04-11 20:05 . 2009-04-11 20:06 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-05 14:39 . 2009-04-05 14:36 102664 ----a-w c:\winnt\system32\drivers\tmcomm.sys 2009-04-05 14:36 . 2009-04-05 14:41 -------- d-----w c:\documents and settings\intel\.housecall6.6 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-27 02:58 . 2009-04-21 23:39 4924 ----a-w C:\aaw7boot.log 2009-04-26 03:50 . 2007-03-19 03:04 -------- d---a-w c:\program files\Google 2009-04-26 03:09 . 2008-11-16 07:17 2068 ----a-w c:\winnt\system32\d3d9caps.dat 2009-04-25 22:01 . 2009-04-25 22:01 57744 ----a-w c:\documents and settings\ZUNE SUCKS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-25 00:18 . 2009-04-25 00:18 57744 ----a-w c:\documents and settings\I hate this computer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-22 00:01 . 2009-04-22 00:01 2086 ----a-w C:\Rooter.txt 2009-04-21 03:25 . 2008-11-16 17:20 324556 ----a-w c:\winnt\system32\drivers\APPFCONT.DAT.bck 2009-04-21 03:25 . 2008-11-16 17:20 324556 ----a-w c:\winnt\system32\drivers\APPFCONT.DAT 2009-04-21 03:16 . 2007-07-13 19:35 -------- d-----w c:\program files\Lavasoft 2009-04-21 02:59 . 2006-05-14 16:23 -------- d---a-w c:\program files\Trend Micro 2009-04-21 01:25 . 2009-03-26 16:19 -------- d-----w c:\program files\MySpace 2009-03-26 16:20 . 2009-03-26 16:20 -------- d-----w c:\documents and settings\intel\Application Data\MySpace 2009-03-20 18:45 . 2009-01-18 23:40 -------- d-----w c:\program files\Warcraft II BNE 2009-03-19 21:41 . 2009-03-19 21:44 410984 ----a-w c:\winnt\system32\deploytk.dll 2009-03-19 21:40 . 2007-03-30 05:36 -------- d---a-w c:\program files\Java 2009-03-06 14:22 . 2001-08-23 12:00 284160 ----a-w c:\winnt\system32\pdh.dll 2009-03-01 14:45 . 2008-11-16 17:20 1132 ----a-w c:\winnt\system32\drivers\APPFLTR.CFG.bck 2009-03-01 14:45 . 2008-11-16 17:20 1132 ----a-w c:\winnt\system32\drivers\APPFLTR.CFG 2009-03-01 14:44 . 2008-11-16 18:12 13880 ----a-w c:\winnt\system32\drivers\COMFiltr.sys 2009-02-25 12:23 . 2008-11-16 06:45 57744 ----a-w c:\documents and settings\intel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-02-09 12:10 . 2001-08-23 12:00 729088 ----a-w c:\winnt\system32\lsasrv.dll 2009-02-09 12:10 . 2001-08-23 12:00 714752 ----a-w c:\winnt\system32\ntdll.dll 2009-02-09 12:10 . 2001-08-23 12:00 617472 ----a-w c:\winnt\system32\advapi32.dll 2009-02-09 12:10 . 2001-08-23 12:00 401408 ----a-w c:\winnt\system32\rpcss.dll 2009-02-09 11:13 . 2001-08-23 12:00 1846784 ----a-w c:\winnt\system32\win32k.sys 2009-02-08 00:02 . 2001-08-17 13:48 2066048 ----a-w c:\winnt\system32\ntkrnlpa.exe 2009-02-07 00:52 . 2009-02-07 00:52 49504 ----a-w c:\winnt\system32\sirenacm.dll 2009-02-06 11:11 . 2001-08-23 12:00 110592 ----a-w c:\winnt\system32\services.exe 2009-02-06 11:08 . 2001-08-23 12:00 2189056 ----a-w c:\winnt\system32\ntoskrnl.exe 2009-02-06 10:39 . 2001-08-23 12:00 35328 ----a-w c:\winnt\system32\sc.exe 2009-02-03 19:59 . 2001-08-23 12:00 56832 ----a-w c:\winnt\system32\secur32.dll 2009-02-03 02:34 . 2009-02-03 02:34 10520 ----a-w c:\winnt\system32\avgrsstx.dll 2007-06-17 14:02 . 2006-05-14 15:45 271 --sh--w c:\program files\desktop.ini 2007-03-13 00:53 . 2007-03-13 00:54 774144 ----a-w c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\winnt\system32\dumprep 0 -u" [X] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-19 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-03 1601304] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416] "InternetDownload_upgrade"="c:\program files\VersalSoft\InternetDownload\InternetDownload.exe" [2009-01-05 361472] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312] "Synchronization Manager"="mobsync.exe" - c:\winnt\system32\mobsync.exe [2008-04-14 143360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528] "tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\intel\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] c:\documents and settings\All Users.WINNT\Start Menu\Programs\Startup\ 2Wire Wireless Client.lnk - c:\program files\2Wire 802.11g Wireless\PRISMCFG.exe [2008-5-18 335979] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-03 02:34 10520 ----a-w c:\winnt\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2008-03-18 22:58 58672 ----a-w c:\winnt\system32\avldr.dll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "aux"= mmdrv.dll "wave2"= "wave3"= "wave4"= "wave5"= "wave6"= "wave7"= "wave8"= "wave9"= "midi1"= "midi2"= "midi3"= "midi4"= "midi5"= "midi6"= "midi7"= "midi8"= "midi9"= "aux1"= "aux2"= "aux3"= "aux4"= "aux5"= "aux6"= "aux7"= "aux8"= "aux9"= "mixer1"= "mixer2"= "mixer3"= "mixer4"= "mixer5"= "mixer6"= "mixer7"= "mixer8"= "mixer9"= "wave1"= serwvdrv.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PSIMSVC"=2 (0x2) "PSHost"=2 (0x2) "PAVSRV"=2 (0x2) "PAVFNSVR"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R2 gupdate1c95b0da6409ea0;Google Update Service (gupdate1c95b0da6409ea0);c:\program files\Google\Update\GoogleUpdate.exe [2008-12-10 133104] R3 ComFiltr;Panda Anti-Dialer;c:\winnt\system32\DRIVERS\COMFiltr.sys [2009-03-01 13880] R3 viafilter;VIA USB Filter;c:\winnt\System32\Drivers\viausb.sys [2001-08-20 9038] S0 Lbd;Lbd;c:\winnt\system32\DRIVERS\Lbd.sys [2009-03-09 64160] S0 pavboot;Panda boot driver;c:\winnt\system32\Drivers\pavboot.sys [2008-06-19 28544] S1 APPFLT;App Filter Plugin;c:\winnt\system32\Drivers\APPFLT.SYS [2008-06-25 73728] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winnt\System32\Drivers\avgldx86.sys [2009-02-03 325128] S1 AvgTdiX;AVG Free8 Network Redirector;c:\winnt\System32\Drivers\avgtdix.sys [2009-02-03 107272] S1 cdudf;cdudf; [x] S1 DSAFLT;DSA Filter Plugin;c:\winnt\system32\Drivers\DSAFLT.SYS [2008-06-18 52992] S1 DVDVRRdr;DVDVRRdr; [x] S1 FNETMON;NetMon Filter Plugin;c:\winnt\system32\Drivers\fnetmon.SYS [2008-03-28 22072] S1 IDSFLT;Ids Filter Plugin;c:\winnt\system32\Drivers\IDSFLT.SYS [2008-06-18 193792] S1 NETFLTDI;Panda Net Driver [TDI Layer];c:\winnt\system32\Drivers\NETFLTDI.SYS [2008-07-11 20:58 158848] S1 WNMFLT;Wifi Monitor Filter Plugin;c:\winnt\system32\Drivers\WNMFLT.SYS [2008-06-18 46720] S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-03 903960] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-03 298264] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632] S3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\winnt\system32\DRIVERS\neti1634.sys [2008-06-26 197888] S3 WlanUIG;2Wire 802.11g USB Driver;c:\winnt\system32\DRIVERS\WlanUIG.sys [2004-05-17 347648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] panda REG_MULTI_SZ Gwmsrv . Contents of the 'Scheduled Tasks' folder 2009-04-21 c:\winnt\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06] 2009-04-27 c:\winnt\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-10 21:23] . - - - - ORPHANS REMOVED - - - - BHO-{da21bd13-ca22-42e3-a071-98f08f1ca1e7} - c:\program files\Peer2Peer-EN\tbPeer.dll Toolbar-{da21bd13-ca22-42e3-a071-98f08f1ca1e7} - c:\program files\Peer2Peer-EN\tbPeer.dll WebBrowser-{DA21BD13-CA22-42E3-A071-98F08F1CA1E7} - c:\program files\Peer2Peer-EN\tbPeer.dll SafeBoot-sglfb.sys SafeBoot-tga.sys . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\intel\Start Menu\Programs\IMVU\Run IMVU.lnk Trusted Zone: microsoft.com\www DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\intel\Application Data\Mozilla\Firefox\Profiles\7vu3yav0.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. . ------- File Associations ------- . JSEFile=c:\progra~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* VBEFile=c:\progra~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* VBSFile=c:\progra~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-26 22:00 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(808) c:\winnt\system32\avldr.dll - - - - - - - > 'explorer.exe'(2888) c:\program files\Windows Media Player\wmpband.dll c:\winnt\system32\IEFRAME.dll c:\winnt\system32\WPDShServiceObj.dll c:\winnt\system32\PortableDeviceTypes.dll c:\winnt\system32\PortableDeviceApi.dll c:\winnt\system32\OneX.DLL c:\winnt\system32\eappprxy.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\winnt\system32\ZuneBusEnum.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\winnt\system32\PRISMSVR.exe c:\winnt\system32\notepad.exe . ************************************************************************** . Completion time: 2009-04-27 22:08 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-27 03:08 Pre-Run: 5,220,413,440 bytes free Post-Run: 6,673,555,456 bytes free 303 --- E O F --- 2009-04-25 21:20 |
|
|
|
|
Apr 26 2009, 09:31 PM
Post
#4
|
|
|
Member Posts: 89 OS: Windows XP |
And OTList as requested:
OTListIt logfile created on: 4/26/2009 10:13:26 PM - Run 2 OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\intel\Desktop\New Folder Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 367.53 Mb Total Physical Memory | 43.82 Mb Available Physical Memory | 11.92% Memory free 887.26 Mb Paging File | 624.22 Mb Available in Paging File | 70.35% Paging File free Paging file location(s): c:\pagefile.sys 552 1104; %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 6.23 Gb Free Space | 16.72% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: INTEL-5MQ3XL86W Current User Name: intel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Minimal File Age = 30 Days Company Name Whitelist: On ========== Files/Folders - Created Within 30 Days ========== [3 C:\WINNT\System32\*.tmp files] [6 C:\WINNT\*.tmp files] [2009/04/26 21:43:49 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe [2009/04/26 21:43:49 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe [2009/04/26 21:43:49 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe [2009/04/26 21:43:49 | 00,111,104 | ---- | C] () -- C:\WINNT\vFind.exe [2009/04/26 21:43:49 | 00,098,816 | ---- | C] () -- C:\WINNT\sed.exe [2009/04/26 21:43:49 | 00,080,412 | ---- | C] () -- C:\WINNT\grep.exe [2009/04/26 21:43:49 | 00,068,096 | ---- | C] () -- C:\WINNT\zip.exe [2009/04/26 21:43:49 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe [2009/04/26 21:37:53 | 00,000,000 | ---D | C] -- C:\Qoobox [2009/04/26 21:36:18 | 03,006,230 | R--- | C] () -- C:\Documents and Settings\intel\Desktop\ComboFix.exe [2009/04/25 22:55:28 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\intel\Desktop\IE7.lnk [2009/04/25 22:46:23 | 00,000,000 | -H-D | C] -- C:\WINNT\ie7 [2009/04/25 22:44:45 | 00,000,000 | -H-D | C] -- C:\WINNT\$NtServicePackUninstallIDNMitigationAPIs$ [2009/04/25 22:43:19 | 00,000,000 | -H-D | C] -- C:\WINNT\$NtServicePackUninstallNLSDownlevelMapping$ [2009/04/25 22:23:36 | 00,023,392 | ---- | C] () -- C:\WINNT\System32\nscompat.tlb [2009/04/25 22:23:36 | 00,016,832 | ---- | C] () -- C:\WINNT\System32\amcompat.tlb [2009/04/25 21:46:09 | 00,000,628 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Zune.lnk [2009/04/25 21:44:29 | 00,000,000 | ---D | C] -- C:\Program Files\Zune [2009/04/25 21:41:17 | 00,000,239 | ---- | C] () -- C:\Documents and Settings\intel\Desktop\Add or Remove Programs.lnk [2009/04/25 21:39:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\intel\Desktop\x86 [2009/04/25 21:38:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\intel\Desktop\x64 [2009/04/25 21:01:01 | 00,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\spmsg.dll [2009/04/25 20:59:16 | 00,000,000 | ---D | C] -- C:\Program Files\ResetDRM [2009/04/25 19:14:38 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2 [2009/04/25 19:12:44 | 00,000,000 | ---D | C] -- C:\VersalSoft [2009/04/25 19:11:51 | 00,000,000 | ---D | C] -- C:\Program Files\VersalSoft [2009/04/25 19:11:04 | 00,000,000 | ---D | C] -- C:\Program Files\Universal [2009/04/25 16:15:41 | 00,001,374 | ---- | C] () -- C:\WINNT\imsins.BAK [2009/04/25 14:12:02 | 01,089,593 | ---- | C] () -- C:\WINNT\System32\dllcache\ntprint.cat [2009/04/24 15:27:35 | 00,000,000 | ---D | C] -- C:\WINNT\System32\XPSViewer [2009/04/24 15:27:16 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild [2009/04/24 15:26:43 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies [2009/04/24 15:01:27 | 00,000,000 | ---D | C] -- C:\WINNT\SxsCaPendDel [2009/04/23 22:30:53 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\prntvpt.dll [2009/04/23 22:30:53 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\filterpipelineprintproc.dll [2009/04/23 22:30:52 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\printfilterpipelinesvc.exe [2009/04/23 22:30:51 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\xpsshhdr.dll [2009/04/23 22:30:51 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\xpsshhdr.dll [2009/04/23 22:30:50 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\xpssvcs.dll [2009/04/23 22:30:50 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\xpssvcs.dll [2009/04/23 22:30:48 | 00,000,000 | ---D | C] -- C:\13e1d3daf38210c8217863fd [2009/04/23 21:22:51 | 00,000,000 | ---D | C] -- C:\3940cbcba9fc6ae53115 [2009/04/21 20:22:46 | 00,000,000 | ---D | C] -- C:\WINNT\ERDNT [2009/04/21 20:21:43 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\intel\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/04/21 20:16:55 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/04/21 18:56:16 | 00,000,000 | ---D | C] -- C:\Rooter$ [2009/04/21 17:19:02 | 00,015,688 | ---- | C] () -- C:\WINNT\System32\lsdelete.exe [2009/04/20 22:23:31 | 00,000,472 | ---- | C] () -- C:\WINNT\tasks\Ad-Aware Update (Weekly).job [2009/04/20 22:22:21 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINNT\System32\drivers\Lbd.sys [2009/04/20 22:22:20 | 00,000,000 | ---D | C] -- C:\WINNT\System32\DRVSTORE [2009/04/20 22:17:09 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINNT\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} [2009/04/20 22:16:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Application Data\Lavasoft [2009/04/20 22:07:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\intel\Desktop\New Folder [2009/04/20 21:46:47 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009/04/20 20:40:06 | 00,000,394 | ---- | C] () -- C:\WINNT\tasks\Schedule Task Weekly.job [2009/04/19 12:15:38 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\pdh.dll [2009/04/19 12:15:35 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\services.exe [2009/04/19 12:15:33 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\fastprox.dll [2009/04/19 12:15:32 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\wmiprvse.exe [2009/04/19 12:15:30 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\wmiprvsd.dll [2009/04/19 12:15:27 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\lsasrv.dll [2009/04/19 12:15:26 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\advapi32.dll [2009/04/19 12:15:23 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ntdll.dll [2009/04/19 12:00:36 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\xpsp4res.dll [2009/04/19 12:00:32 | 01,203,922 | ---- | C] () -- C:\WINNT\System32\dllcache\sysmain.sdb [2009/04/19 12:00:30 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\wordpad.exe [2009/04/11 15:06:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\intel\Application Data\Malwarebytes [2009/04/11 15:05:55 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys [2009/04/11 15:05:50 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys [2009/04/11 15:05:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Application Data\Malwarebytes [2009/04/11 15:05:46 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/04/07 22:48:29 | 02,979,738 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9657.MOV [2009/04/07 22:48:28 | 00,807,125 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9656.JPG [2009/04/07 22:48:26 | 00,858,560 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9655.JPG [2009/04/07 22:48:25 | 00,954,984 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9654.JPG [2009/04/07 22:48:23 | 00,953,082 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9653.JPG [2009/04/07 22:48:22 | 00,908,395 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9652.JPG [2009/04/07 22:48:20 | 00,804,946 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9651.JPG [2009/04/07 22:48:19 | 00,900,495 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9650.JPG [2009/04/07 22:48:17 | 01,009,452 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9649.JPG [2009/04/07 22:48:16 | 00,989,856 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9648.JPG [2009/04/07 22:48:14 | 00,951,622 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9647.JPG [2009/04/07 22:48:12 | 00,942,259 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9646.JPG [2009/04/07 22:48:11 | 00,880,573 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9645.JPG [2009/04/07 22:48:04 | 04,222,046 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9644.MOV [2009/04/07 22:48:02 | 00,959,671 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9643.JPG [2009/04/07 22:48:01 | 00,882,511 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9642.JPG [2009/04/07 22:47:57 | 02,483,422 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9641.MOV [2009/04/07 22:47:55 | 00,905,160 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9640.JPG [2009/04/07 22:47:54 | 00,749,738 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9639.JPG [2009/04/07 22:47:52 | 01,075,513 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9638.JPG [2009/04/07 22:47:50 | 01,085,487 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9637.JPG [2009/04/07 22:47:42 | 04,891,358 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9636.MOV [2009/04/07 22:47:41 | 00,942,048 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9635.JPG [2009/04/07 22:47:39 | 00,936,682 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9634.JPG [2009/04/07 22:47:38 | 00,918,297 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9633.JPG [2009/04/07 22:47:29 | 05,360,310 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9632.MOV [2009/04/07 22:47:28 | 01,020,241 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9631.JPG [2009/04/07 22:47:26 | 01,046,626 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9630.JPG [2009/04/07 22:47:25 | 01,004,528 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9629.JPG [2009/04/07 22:47:21 | 02,762,150 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9628.MOV [2009/04/07 22:47:04 | 10,799,338 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9627.MOV [2009/04/07 22:47:03 | 00,753,065 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9626.JPG [2009/04/07 22:46:57 | 04,197,762 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9625.MOV [2009/04/07 22:46:55 | 00,837,354 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9667.JPG [2009/04/07 22:46:54 | 00,821,312 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9666.JPG [2009/04/07 22:46:53 | 00,827,116 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9665.JPG [2009/04/07 22:46:52 | 00,786,829 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9664.JPG [2009/04/07 22:46:50 | 00,844,209 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9663.JPG [2009/04/07 22:46:49 | 00,975,713 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9662.JPG [2009/04/07 22:46:48 | 01,004,626 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9661.JPG [2009/04/07 22:46:46 | 00,970,487 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9660.JPG [2009/04/07 22:46:45 | 01,001,015 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9659.JPG [2009/04/07 22:46:43 | 00,989,113 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\DSCN9658.JPG [2009/04/07 22:46:26 | 00,486,300 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\105_0865.JPG [2009/04/07 22:46:26 | 00,458,788 | ---- | C] () -- C:\Documents and Settings\intel\My Documents\105_0864.JPG [2009/04/05 09:39:35 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINNT\System32\drivers\tmcomm.sys [2009/02/16 12:54:36 | 00,000,626 | ---- | C] () -- C:\WINNT\ODBC.INI [2008/11/16 13:12:29 | 00,013,880 | ---- | C] () -- C:\WINNT\System32\drivers\COMFiltr.sys [2008/11/15 11:03:07 | 00,001,793 | ---- | C] () -- C:\WINNT\System32\fxsperf.ini [2008/08/18 19:18:36 | 00,000,097 | ---- | C] () -- C:\WINNT\System32\PICSDK.ini [2008/08/18 19:15:29 | 00,000,044 | ---- | C] () -- C:\WINNT\EPCX4800.ini [2008/08/18 18:54:36 | 00,347,648 | R--- | C] ( ) -- C:\WINNT\System32\drivers\WlanUIG.sys [2007/07/13 13:59:52 | 00,528,384 | ---- | C] () -- C:\WINNT\System32\SLLights.dll [2007/07/13 13:59:52 | 00,135,168 | ---- | C] () -- C:\WINNT\System32\SLMOHServ.dll [2007/07/13 13:59:52 | 00,014,968 | ---- | C] ( ) -- C:\WINNT\System32\drivers\winddx.sys [2007/06/17 12:15:16 | 00,000,025 | ---- | C] () -- C:\WINNT\mixerdef.ini [2007/06/17 12:13:31 | 00,000,092 | ---- | C] () -- C:\WINNT\CMISETUP.INI [2007/06/17 12:13:31 | 00,000,026 | ---- | C] () -- C:\WINNT\CMCDPLAY.INI [2007/06/17 10:04:20 | 00,139,264 | ---- | C] () -- C:\WINNT\System32\setuplib.dll [2004/05/03 07:21:44 | 00,196,608 | ---- | C] () -- C:\WINNT\System32\slextspk.dll [2004/05/03 07:19:26 | 00,049,152 | ---- | C] () -- C:\WINNT\System32\coinst.dll [2004/05/03 07:18:50 | 00,163,840 | ---- | C] () -- C:\WINNT\System32\SLGen.dll [2004/05/03 07:10:58 | 00,013,920 | ---- | C] ( ) -- C:\WINNT\System32\drivers\RecAgent.sys [2004/05/03 07:10:50 | 00,632,960 | ---- | C] ( ) -- C:\WINNT\System32\drivers\slntamr.sys [2004/05/03 07:06:08 | 00,095,768 | ---- | C] ( ) -- C:\WINNT\System32\drivers\slnthal.sys [2004/05/03 07:03:04 | 00,230,664 | ---- | C] ( ) -- C:\WINNT\System32\drivers\mtlmnt5.sys [2004/05/03 06:59:14 | 01,302,680 | ---- | C] ( ) -- C:\WINNT\System32\drivers\mtlstrm.sys [2004/05/03 06:55:38 | 00,180,640 | ---- | C] ( ) -- C:\WINNT\System32\drivers\ntmtlfax.sys [2004/05/03 06:44:54 | 00,013,288 | ---- | C] ( ) -- C:\WINNT\System32\drivers\slwdmsup.sys [2001/08/17 17:36:28 | 00,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll [1999/12/07 07:00:00 | 00,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll [1999/12/07 07:00:00 | 00,000,734 | ---- | C] () -- C:\WINNT\win.ini [1999/12/07 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINNT\system.ini [1999/09/25 05:36:24 | 00,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys [1999/09/25 05:36:22 | 00,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys ========== Files - Modified Within 30 Days ========== [3 C:\WINNT\System32\*.tmp files] [6 C:\WINNT\*.tmp files] [2009/04/26 22:01:04 | 00,000,227 | ---- | M] () -- C:\WINNT\system.ini [2009/04/26 22:00:03 | 00,013,646 | ---- | M] () -- C:\WINNT\System32\wpa.dbl [2009/04/26 21:59:06 | 00,000,027 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts [2009/04/26 21:58:45 | 00,000,882 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachine.job [2009/04/26 21:58:43 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT [2009/04/26 21:58:32 | 00,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat [2009/04/26 21:58:29 | 38,545,4080 | -HS- | M] () -- C:\hiberfil.sys [2009/04/26 21:36:30 | 03,006,230 | R--- | M] () -- C:\Documents and Settings\intel\Desktop\ComboFix.exe [2009/04/26 12:21:03 | 35,437,904 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\incavi.avm [2009/04/25 22:55:28 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\intel\Desktop\IE7.lnk [2009/04/25 22:54:04 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\intel\My Documents\desktop.ini [2009/04/25 22:45:13 | 00,001,374 | ---- | M] () -- C:\WINNT\imsins.BAK [2009/04/25 22:23:36 | 00,023,392 | ---- | M] () -- C:\WINNT\System32\nscompat.tlb [2009/04/25 22:23:36 | 00,016,832 | ---- | M] () -- C:\WINNT\System32\amcompat.tlb [2009/04/25 22:09:48 | 00,002,068 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat [2009/04/25 21:46:09 | 00,000,628 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Zune.lnk [2009/04/25 21:41:17 | 00,000,239 | ---- | M] () -- C:\Documents and Settings\intel\Desktop\Add or Remove Programs.lnk [2009/04/25 20:21:58 | 00,316,640 | ---- | M] () -- C:\WINNT\WMSysPr9.prx [2009/04/25 20:16:09 | 02,735,276 | -H-- | M] () -- C:\Documents and Settings\intel\Local Settings\Application Data\IconCache.db [2009/04/25 20:01:21 | 00,000,734 | ---- | M] () -- C:\WINNT\win.ini [2009/04/25 13:59:03 | 00,111,104 | ---- | M] () -- C:\WINNT\vFind.exe [2009/04/24 18:42:42 | 00,208,896 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT [2009/04/24 15:32:02 | 00,514,054 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI [2009/04/24 15:32:02 | 00,437,752 | ---- | M] () -- C:\WINNT\System32\perfh009.dat [2009/04/24 15:32:02 | 00,069,238 | ---- | M] () -- C:\WINNT\System32\perfc009.dat [2009/04/24 11:33:30 | 00,032,111 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\microavi.avg [2009/04/21 20:21:43 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\intel\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/04/21 18:01:27 | 00,000,207 | RHS- | M] () -- C:\boot.ini [2009/04/21 16:20:14 | 00,000,068 | ---- | M] () -- C:\WINNT\System32\drivers\etc\NetFlt.cfg.bck [2009/04/21 16:20:14 | 00,000,068 | ---- | M] () -- C:\WINNT\System32\drivers\etc\NetFlt.cfg [2009/04/21 16:18:11 | 00,000,104 | ---- | M] () -- C:\WINNT\System32\drivers\etc\NetAdapt.cfg.bck [2009/04/21 16:18:11 | 00,000,104 | ---- | M] () -- C:\WINNT\System32\drivers\etc\NetAdapt.cfg [2009/04/21 16:17:59 | 00,000,064 | ---- | M] () -- C:\WINNT\System32\drivers\etc\NetAR.wlt.bck [2009/04/21 16:17:59 | 00,000,064 | ---- | M] () -- C:\WINNT\System32\drivers\etc\NetAR.wlt [2009/04/20 22:25:55 | 00,324,556 | ---- | M] () -- C:\WINNT\System32\drivers\APPFCONT.DAT.bck [2009/04/20 22:25:54 | 00,324,556 | ---- | M] () -- C:\WINNT\System32\drivers\APPFCONT.DAT [2009/04/20 22:23:31 | 00,000,472 | ---- | M] () -- C:\WINNT\tasks\Ad-Aware Update (Weekly).job [2009/04/20 20:40:08 | 00,000,394 | ---- | M] () -- C:\WINNT\tasks\Schedule Task Weekly.job [2009/04/19 12:05:59 | 00,434,673 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\miniavi.avg [2009/04/11 16:09:29 | 00,509,440 | -HS- | M] () -- C:\Documents and Settings\intel\My Documents\Thumbs.db [2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys [2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys [2009/04/06 09:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\MRT.exe [2009/04/05 09:36:50 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINNT\System32\drivers\tmcomm.sys ========== LOP Check ========== [2009/04/20 22:17:09 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data [2009/04/20 22:17:11 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} [2008/09/29 21:30:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Adobe [2009/02/02 21:33:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\avg8 [2008/11/16 12:20:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Backup [2008/11/29 14:32:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Google [2009/04/20 22:22:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Lavasoft [2009/04/11 15:05:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Malwarebytes [2009/04/25 19:55:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Microsoft [2008/12/04 19:50:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\NCH Software [2008/11/16 12:19:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Panda Security [2008/12/21 17:15:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\PC Drivers HeadQuarters [2008/05/18 19:06:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Prism [2008/10/30 10:25:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\TEMP [2008/11/23 15:53:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Windows Genuine Advantage [2008/11/16 11:52:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Yahoo! [2009/04/11 15:06:47 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\intel\Application Data [2008/11/16 02:19:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Adobe [2008/11/29 14:32:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Any Video Converter [2009/02/04 18:40:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\AVGTOOLBAR [2008/11/15 03:15:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Google [2009/03/20 22:02:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Help [2007/06/17 09:09:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Identities [2007/07/13 14:35:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Lavasoft [2008/08/18 19:27:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Leadertech [2007/06/17 10:53:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Macromedia [2009/04/11 15:06:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Malwarebytes [2009/03/26 14:39:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\intel\Application Data\Microsoft [2008/05/18 19:13:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Mozilla [2009/03/26 11:20:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\MySpace [2008/08/24 12:08:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Roxio [2008/10/26 12:14:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Sun [2008/09/09 20:38:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\uTorrent [2008/11/16 00:54:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Yahoo! [2009/04/20 22:23:31 | 00,000,472 | ---- | M] () -- C:\WINNT\Tasks\Ad-Aware Update (Weekly).job [1999/12/07 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINNT\Tasks\desktop.ini [2009/04/26 21:58:45 | 00,000,882 | ---- | M] () -- C:\WINNT\Tasks\GoogleUpdateTaskMachine.job [2009/04/26 21:58:43 | 00,000,006 | -H-- | M] () -- C:\WINNT\Tasks\SA.DAT [2009/04/20 20:40:08 | 00,000,394 | ---- | M] () -- C:\WINNT\Tasks\Schedule Task Weekly.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:7C9E34A2 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:FDDD8917 < End of report > |
|
|
|
|
Apr 27 2009, 08:50 AM
Post
#5
|
|
|
Trusted Helper Posts: 4,530 From: London, UK OS: XP |
firstly, could you see if you can install the Recovery Console as discribed in the combofix instructions - it is a key reovery tool if things go wrong.
and then . . . . . ====STEP 1==== there are still remnants of Panda to remove: 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: CODE File:: c:\winnt\system32\avldr.dll c:\winnt\system32\DRIVERS\COMFiltr.sys c:\winnt\system32\Drivers\pavboot.sys c:\winnt\system32\Drivers\APPFLT.SYS c:\winnt\system32\Drivers\DSAFLT.SYS c:\winnt\system32\Drivers\fnetmon.SYS c:\winnt\system32\Drivers\IDSFLT.SYS c:\winnt\system32\Drivers\NETFLTDI.SYS c:\winnt\system32\Drivers\WNMFLT.SYS :\winnt\system32\DRIVERS\neti1634.sys Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midimapper"="midimap.dll" "msacm.imaadpcm"="imaadp32.acm" "msacm.msadpcm"="msadp32.acm" "msacm.msg711"="msg711.acm" "msacm.msgsm610"="msgsm32.acm" "msacm.trspch"="tssoft32.acm" "vidc.cvid"="iccvid.dll" "VIDC.I420"="i420vfw.dll" "vidc.iv31"="ir32_32.dll" "vidc.iv32"="ir32_32.dll" "vidc.iv41"="ir41_32.ax" "VIDC.IYUV"="iyuv_32.dll" "vidc.mrle"="msrle32.dll" "vidc.msvc"="msvidc32.dll" "VIDC.YVYU"="msyuv.dll" "wavemapper"="msacm32.drv" "msacm.msg723"="msg723.acm" "vidc.M263"="msh263.drv" "vidc.M261"="msh261.drv" "msacm.msaudio1"="msaud32.acm" "msacm.sl_anet"="sl_anet.acm" "msacm.iac2"="C:\\WINDOWS\\system32\\iac25_32.ax" "vidc.iv50"="ir50_32.dll" "wave"="wdmaud.drv" "midi"="wdmaud.drv" "mixer"="wdmaud.drv" "VIDC.WMV3"="wmv9vcm.dll" "VIDC.VP40"="vp4vfw.dll" "msacm.voxacm160"="vct3216.acm" "MSVideo"="vfwwdm32.dll" "MSVideo8"="VfWWDM32.dll" "wave1"="wdmaud.drv" "midi1"="wdmaud.drv" "mixer1"="wdmaud.drv" "aux"="wdmaud.drv" "vidc.VP70"="vp7vfw.dll" "vidc.X264"="x264vfw.dll" "VIDC.FPS1"="frapsvid.dll" "vidc.VP60"="vp6vfw.dll" "vidc.VP61"="vp6vfw.dll" "vidc.VP62"="vp6vfw.dll" "vidc.DIVX"="DivX.dll" "VIDC.UYVY"="msyuv.dll" "VIDC.YUY2"="msyuv.dll" "VIDC.YVU9"="tsbyuv.dll" "VIDC.DRAW"="DVIDEO.DLL" "VIDC.YV12"="yv12vfw.dll" "wave2"="wdmaud.drv" "midi2"="wdmaud.drv" "mixer2"="wdmaud.drv" "aux1"="wdmaud.drv" "wave3"="wdmaud.drv" "midi3"="wdmaud.drv" "mixer3"="wdmaud.drv" "aux2"="wdmaud.drv" "VIDC.MSUD"="msulvc05.dll" "wave4"="wdmaud.drv" "midi4"="wdmaud.drv" "mixer4"="wdmaud.drv" "aux3"="wdmaud.drv" Driver:: ComFiltr pavboot APPFLT DSAFLT FNETMON IDSFLT NETFLTDI WNMFLT NETIMFLT01060034 Save this as CFScript.txt, in the same location as ComboFix.exe  Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. ====STEP 2==== We will also fix your file associations: Download SREng
====STEP 3==== Follow these instructions closely:
In your next reply could i see: 1. the combofix log 2. the OTListIT log The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts. andrewuk |
|
|
|
|
Apr 28 2009, 10:57 AM
Post
#6
|
|
|
Member Posts: 89 OS: Windows XP |
Hello! After I ran the ComboFix the internet connection quit. I have new parts on the way but it will be 2-3 days before they arrive. When it's running again I'll post the new log and download that and get them posted.
|
|
|
|
|
Apr 28 2009, 02:14 PM
Post
#7
|
|
|
Trusted Helper Posts: 4,530 From: London, UK OS: XP |
see this page here and scroll to the bottom where it starts Manually restoring the Internet connection and follow those instructions.
|
|
|
|
|
Apr 28 2009, 08:32 PM
Post
#8
|
|
|
Member Posts: 89 OS: Windows XP |
I did all that including creating a new connection and forcing IP addresses, uninstalling and reinstalling the wireless software, doing the Run:cmd:ipconfig thingy which wasn't finding the wireless adapter and spent an hour on the phone with our ISP, I'm 99.9% sure it's the antenna. It should be here tomorrow with new software.
|
|
|
|
|
May 6 2009, 12:39 PM
Post
#9
|
|
|
Member Posts: 89 OS: Windows XP |
ComboFixLog:
ComboFix 09-04-25.A3 - intel 05/06/2009 13:27.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.368.69 [GMT -5:00] Running from: c:\documents and settings\intel\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\intel\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . - REDUCED FUNCTIONALITY MODE - FILE :: :\winnt\system32\DRIVERS\neti1634.sys c:\winnt\system32\avldr.dll c:\winnt\system32\Drivers\APPFLT.SYS c:\winnt\system32\DRIVERS\COMFiltr.sys c:\winnt\system32\Drivers\DSAFLT.SYS c:\winnt\system32\Drivers\fnetmon.SYS c:\winnt\system32\Drivers\IDSFLT.SYS c:\winnt\system32\Drivers\NETFLTDI.SYS c:\winnt\system32\Drivers\pavboot.sys c:\winnt\system32\Drivers\WNMFLT.SYS . ((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-5-6 ))))))))))))))))))))))))))))))) . 2009-05-06 17:51 . 2009-05-06 17:51 -------- d-----w c:\winnt\LastGood 2009-05-06 17:51 . 2006-08-24 18:44 477696 ----a-w c:\winnt\system32\drivers\ZD1211BU.sys 2009-05-06 17:51 . 2005-06-08 23:44 29184 ----a-w c:\winnt\system32\drivers\BRGSp50a64.sys 2009-05-06 17:51 . 2005-06-08 23:44 20608 ----a-w c:\winnt\system32\drivers\BRGSp50.sys 2009-05-06 17:51 . 2005-03-18 20:35 31744 ----a-w c:\winnt\system32\drivers\ZDPSp50a64.sys 2009-05-06 17:51 . 2004-10-25 18:40 17664 ----a-w c:\winnt\system32\drivers\ZDPSp50.sys 2009-05-06 17:51 . 2009-05-06 17:51 -------- d-----w c:\program files\2WIRE, Inc 2009-05-06 17:40 . 2009-05-06 17:40 -------- d-----w c:\documents and settings\intel\Application Data\2Wire 2009-05-06 17:38 . 2009-05-06 17:38 -------- d-----w c:\documents and settings\All Users.WINNT\Application Data\2Wire 2009-05-06 17:38 . 2009-05-06 17:53 -------- d-----w c:\program files\2Wire Wireless Manager 2009-05-06 17:20 . 2004-01-14 16:30 17151 ----a-w c:\winnt\system32\ZDPNDIS5.SYS 2009-05-06 17:20 . 2004-01-14 16:25 81920 ----a-w c:\winnt\system32\ZDPN50.DLL 2009-05-06 17:20 . 2005-07-12 19:44 15872 ----a-w c:\winnt\system32\InsDrvZD64.DLL 2009-05-06 17:20 . 2004-03-23 21:38 28672 ----a-w c:\winnt\system32\InsDrvZD.dll 2009-05-06 17:20 . 2003-03-14 17:24 24576 ----a-w c:\winnt\system32\ZyDelReg.exe 2009-04-28 03:57 . 2009-04-28 03:57 -------- d-----w c:\documents and settings\All Users.WINNT\Application Data\Prism 2009-04-28 03:56 . 2009-04-28 03:56 -------- d-----w c:\program files\2Wire 802.11g Wireless 2009-04-26 03:23 . 2009-04-26 03:23 23392 ----a-w c:\winnt\system32\nscompat.tlb 2009-04-26 03:23 . 2009-04-26 03:23 16832 ----a-w c:\winnt\system32\amcompat.tlb 2009-04-26 02:44 . 2009-04-26 02:53 -------- d-----w c:\program files\Zune 2009-04-26 01:59 . 2009-04-26 01:59 -------- d-----w c:\program files\ResetDRM 2009-04-26 00:14 . 2009-04-26 01:54 -------- d-----w c:\program files\Windows Media Connect 2 2009-04-26 00:12 . 2009-04-26 00:12 -------- d-----w C:\VersalSoft 2009-04-26 00:11 . 2009-04-26 00:11 -------- d-----w c:\program files\VersalSoft 2009-04-26 00:11 . 2009-04-26 00:11 -------- d-----w c:\program files\Universal 2009-04-25 21:15 . 2009-04-26 03:45 1374 ----a-w c:\winnt\imsins.BAK 2009-04-25 19:12 . 2009-01-09 19:19 1089593 -c----w c:\winnt\system32\dllcache\ntprint.cat 2009-04-25 03:21 . 2009-04-25 03:21 -------- d-----w c:\documents and settings\I hate this computer\Local Settings\Application Data\Mozilla 2009-04-25 00:27 . 2009-04-25 00:27 -------- d-sh--w c:\documents and settings\I hate this computer\PrivacIE 2009-04-25 00:27 . 2009-04-25 00:27 -------- d-----w c:\documents and settings\I hate this computer\Local Settings\Application Data\Google 2009-04-25 00:27 . 2009-04-25 00:27 -------- d-sh--w c:\documents and settings\I hate this computer\IETldCache 2009-04-24 20:31 . 2009-04-24 20:31 127128 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-04-24 20:27 . 2009-04-24 20:27 -------- d-----w c:\winnt\system32\XPSViewer 2009-04-24 20:27 . 2009-04-24 20:27 -------- d-----w c:\program files\MSBuild 2009-04-24 20:26 . 2009-04-24 20:26 -------- d-----w c:\program files\Reference Assemblies 2009-04-24 20:01 . 2009-04-24 23:42 -------- d-----w c:\winnt\SxsCaPendDel 2009-04-24 03:30 . 2008-07-06 12:06 89088 -c----w c:\winnt\system32\dllcache\filterpipelineprintproc.dll 2009-04-24 03:30 . 2008-07-06 12:06 117760 ------w c:\winnt\system32\prntvpt.dll 2009-04-24 03:30 . 2008-07-06 10:50 597504 -c----w c:\winnt\system32\dllcache\printfilterpipelinesvc.exe 2009-04-24 03:30 . 2008-07-06 12:06 575488 -c----w c:\winnt\system32\dllcache\xpsshhdr.dll 2009-04-24 03:30 . 2008-07-06 12:06 575488 ------w c:\winnt\system32\xpsshhdr.dll 2009-04-24 03:30 . 2008-07-06 12:06 1676288 -c----w c:\winnt\system32\dllcache\xpssvcs.dll 2009-04-24 03:30 . 2008-07-06 12:06 1676288 ------w c:\winnt\system32\xpssvcs.dll 2009-04-24 03:30 . 2009-04-24 03:32 -------- d-----w C:\13e1d3daf38210c8217863fd 2009-04-24 02:22 . 2009-04-24 02:40 -------- d-----w C:\3940cbcba9fc6ae53115 2009-04-22 01:16 . 2009-04-22 01:21 -------- d-----w c:\program files\ERUNT 2009-04-21 23:56 . 2009-04-22 00:02 -------- d-----w C:\Rooter$ 2009-04-21 22:19 . 2009-03-09 19:06 15688 ----a-w c:\winnt\system32\lsdelete.exe 2009-04-21 03:22 . 2009-03-09 19:06 64160 ----a-w c:\winnt\system32\drivers\Lbd.sys 2009-04-21 03:22 . 2009-04-21 03:22 -------- dc----w c:\winnt\system32\DRVSTORE 2009-04-21 03:17 . 2009-04-21 03:17 -------- dc-h--w c:\documents and settings\All Users.WINNT\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-04-21 03:16 . 2009-04-21 03:22 -------- d-----w c:\documents and settings\All Users.WINNT\Application Data\Lavasoft 2009-04-21 02:46 . 2009-04-21 02:46 -------- d-----w c:\program files\CCleaner 2009-04-19 17:15 . 2009-03-06 14:22 284160 -c----w c:\winnt\system32\dllcache\pdh.dll 2009-04-19 17:15 . 2009-02-06 11:11 110592 -c----w c:\winnt\system32\dllcache\services.exe 2009-04-19 17:15 . 2009-02-09 12:10 473600 -c----w c:\winnt\system32\dllcache\fastprox.dll 2009-04-19 17:15 . 2009-02-06 10:10 227840 -c----w c:\winnt\system32\dllcache\wmiprvse.exe 2009-04-19 17:15 . 2009-02-09 12:10 453120 -c----w c:\winnt\system32\dllcache\wmiprvsd.dll 2009-04-19 17:15 . 2009-02-09 12:10 729088 -c----w c:\winnt\system32\dllcache\lsasrv.dll 2009-04-19 17:15 . 2009-02-09 12:10 617472 -c----w c:\winnt\system32\dllcache\advapi32.dll 2009-04-19 17:15 . 2009-02-09 12:10 714752 -c----w c:\winnt\system32\dllcache\ntdll.dll 2009-04-19 17:00 . 2008-05-03 11:55 2560 ------w c:\winnt\system32\xpsp4res.dll 2009-04-19 17:00 . 2009-03-27 06:58 1203922 -c----w c:\winnt\system32\dllcache\sysmain.sdb 2009-04-19 17:00 . 2008-04-21 12:08 215552 -c----w c:\winnt\system32\dllcache\wordpad.exe 2009-04-11 20:06 . 2009-04-11 20:06 -------- d-----w c:\documents and settings\intel\Application Data\Malwarebytes 2009-04-11 20:05 . 2009-04-06 20:32 15504 ----a-w c:\winnt\system32\drivers\mbam.sys 2009-04-11 20:05 . 2009-04-06 20:32 38496 ----a-w c:\winnt\system32\drivers\mbamswissarmy.sys 2009-04-11 20:05 . 2009-04-11 20:05 -------- d-----w c:\documents and settings\All Users.WINNT\Application Data\Malwarebytes 2009-04-11 20:05 . 2009-04-11 20:06 -------- d-----w c:\program files\Malwarebytes' Anti-Malware . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-06 17:51 . 2007-03-12 02:29 -------- d--h--w c:\program files\InstallShield Installation Information 2009-05-06 17:32 . 2009-04-21 23:39 7612 ----a-w C:\aaw7boot.log 2009-04-28 02:41 . 2008-11-16 06:45 57744 ----a-w c:\documents and settings\intel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-28 02:33 . 2006-05-14 16:15 -------- d---a-w c:\program files\SiSLan 2009-04-28 01:27 . 2007-07-13 19:35 -------- d-----w c:\program files\Lavasoft 2009-04-28 01:27 . 2007-07-13 19:35 -------- d-----w c:\documents and settings\intel\Application Data\Lavasoft 2009-04-26 03:50 . 2007-03-19 03:04 -------- d---a-w c:\program files\Google 2009-04-26 03:09 . 2008-11-16 07:17 2068 ----a-w c:\winnt\system32\d3d9caps.dat 2009-04-25 22:01 . 2009-04-25 22:01 57744 ----a-w c:\documents and settings\ZUNE SUCKS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-25 00:18 . 2009-04-25 00:18 57744 ----a-w c:\documents and settings\I hate this computer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-22 00:01 . 2009-04-22 00:01 2086 ----a-w C:\Rooter.txt 2009-04-21 03:25 . 2008-11-16 17:20 324556 ----a-w c:\winnt\system32\drivers\APPFCONT.DAT.bck 2009-04-21 03:25 . 2008-11-16 17:20 324556 ----a-w c:\winnt\system32\drivers\APPFCONT.DAT 2009-04-21 02:59 . 2006-05-14 16:23 -------- d---a-w c:\program files\Trend Micro 2009-04-21 01:25 . 2009-03-26 16:19 -------- d-----w c:\program files\MySpace 2009-04-05 14:36 . 2009-04-05 14:39 102664 ----a-w c:\winnt\system32\drivers\tmcomm.sys 2009-03-26 16:20 . 2009-03-26 16:20 -------- d-----w c:\documents and settings\intel\Application Data\MySpace 2009-03-20 18:45 . 2009-01-18 23:40 -------- d-----w c:\program files\Warcraft II BNE 2009-03-19 21:41 . 2009-03-19 21:44 410984 ----a-w c:\winnt\system32\deploytk.dll 2009-03-19 21:40 . 2007-03-30 05:36 -------- d---a-w c:\program files\Java 2009-03-06 14:22 . 2001-08-23 12:00 284160 ----a-w c:\winnt\system32\pdh.dll 2009-02-09 12:10 . 2001-08-23 12:00 729088 ----a-w c:\winnt\system32\lsasrv.dll 2009-02-09 12:10 . 2001-08-23 12:00 714752 ----a-w c:\winnt\system32\ntdll.dll 2009-02-09 12:10 . 2001-08-23 12:00 617472 ----a-w c:\winnt\system32\advapi32.dll 2009-02-09 12:10 . 2001-08-23 12:00 401408 ----a-w c:\winnt\system32\rpcss.dll 2009-02-09 11:13 . 2001-08-23 12:00 1846784 ----a-w c:\winnt\system32\win32k.sys 2009-02-08 00:02 . 2001-08-17 13:48 2066048 ----a-w c:\winnt\system32\ntkrnlpa.exe 2009-02-07 00:52 . 2009-02-07 00:52 49504 ----a-w c:\winnt\system32\sirenacm.dll 2009-02-06 11:11 . 2001-08-23 12:00 110592 ----a-w c:\winnt\system32\services.exe 2009-02-06 11:08 . 2001-08-23 12:00 2189056 ----a-w c:\winnt\system32\ntoskrnl.exe 2009-02-06 10:39 . 2001-08-23 12:00 35328 ----a-w c:\winnt\system32\sc.exe 2007-06-17 14:02 . 2006-05-14 15:45 271 --sh--w c:\program files\desktop.ini 2007-03-13 00:53 . 2007-03-13 00:54 774144 ----a-w c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((( SnapShot@2009-04-27_03.00.57 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-06 17:33 . 2009-05-06 17:33 16384 c:\winnt\Temp\Perflib_Perfdata_558.dat + 2007-10-01 21:20 . 2007-10-01 21:20 32160 c:\winnt\system32\PCTINDIS5.sys + 2008-11-15 15:59 . 2001-09-14 08:26 31744 c:\winnt\system32\drivers\sisnic.sys + 2009-05-06 17:39 . 2009-05-06 17:53 81920 c:\winnt\Installer\{3CE11B98-C61C-4692-9E0E-59934761C3BE}\NewShortcut5_606B50C2D7824A96AEDE24F444A04841.exe + 2007-10-01 21:20 . 2007-10-01 21:20 245408 c:\winnt\system32\unicows.dll + 2007-10-01 21:20 . 2007-10-01 21:20 138016 c:\winnt\system32\PCTIN50.dll + 2009-05-06 17:16 . 2009-05-06 17:16 176128 c:\winnt\ERDNT\AutoBackup\5-6-2009\Users\00000002\UsrClass.dat + 2009-05-06 17:16 . 2005-10-20 17:02 163328 c:\winnt\ERDNT\AutoBackup\5-6-2009\ERDNT.EXE + 2009-05-01 20:28 . 2009-05-01 20:28 176128 c:\winnt\ERDNT\AutoBackup\5-1-2009\Users\00000002\UsrClass.dat + 2009-05-01 20:28 . 2005-10-20 17:02 163328 c:\winnt\ERDNT\AutoBackup\5-1-2009\ERDNT.EXE + 2009-04-30 02:19 . 2009-04-30 02:19 176128 c:\winnt\ERDNT\AutoBackup\4-29-2009\Users\00000002\UsrClass.dat + 2009-04-30 02:19 . 2005-10-20 17:02 163328 c:\winnt\ERDNT\AutoBackup\4-29-2009\ERDNT.EXE + 2009-04-27 10:58 . 2009-04-27 10:58 176128 c:\winnt\ERDNT\AutoBackup\4-27-2009\Users\00000002\UsrClass.dat + 2009-04-27 10:58 . 2005-10-20 17:02 163328 c:\winnt\ERDNT\AutoBackup\4-27-2009\ERDNT.EXE + 2003-03-19 04:12 . 2003-03-19 04:12 1047552 c:\winnt\system32\MFC71u.dll + 2001-09-06 02:00 . 2001-09-06 02:00 1700352 c:\winnt\system32\gdiplus.dll + 2009-05-06 17:16 . 2009-05-06 17:16 4726784 c:\winnt\ERDNT\AutoBackup\5-6-2009\Users\00000001\ntuser.dat + 2009-05-01 20:28 . 2009-05-01 20:28 4726784 c:\winnt\ERDNT\AutoBackup\5-1-2009\Users\00000001\ntuser.dat + 2009-04-30 02:19 . 2009-04-30 02:19 4726784 c:\winnt\ERDNT\AutoBackup\4-29-2009\Users\00000001\ntuser.dat + 2009-04-27 10:58 . 2009-04-27 10:58 4726784 c:\winnt\ERDNT\AutoBackup\4-27-2009\Users\00000001\ntuser.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2009-03-19 21:41 320920 ----a-w c:\program files\Java\jre6\bin\ssv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] 2009-01-22 21:41 408448 ----a-w c:\program files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] 2009-04-26 03:50 2133056 ----a-r c:\program files\google\GoogleToolbar1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] 2009-03-19 21:41 34816 ----a-w c:\program files\Java\jre6\bin\jp2ssv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}] 2009-03-13 17:38 1687552 ----a-w c:\program files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] 2009-03-19 21:41 73728 ----a-w c:\program files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\winnt\system32\dumprep 0 -u" [X] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-19 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "InternetDownload_upgrade"="c:\program files\VersalSoft\InternetDownload\InternetDownload.exe" [2009-01-05 361472] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312] "2Wire Wireless Manager"="c:\program files\2Wire Wireless Manager\2Wire.exe" [2007-10-01 61440] "PRISMSVR.EXE"="c:\winnt\system32\PRISMSVR.EXE" [2004-04-14 290905] "Synchronization Manager"="mobsync.exe" - c:\winnt\system32\mobsync.exe [2008-04-14 143360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528] "tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\intel\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] c:\documents and settings\All Users.WINNT\Start Menu\Programs\Startup\ 2Wire Wireless Client.lnk - c:\program files\2Wire 802.11g Wireless\PRISMCFG.EXE [2009-4-27 335979] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\winnt\system32\webcheck.dll [2006-11-08 231424] "WPDShServiceObj"= {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll [2006-10-19 133632] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave5"= "wave6"= "wave7"= "wave8"= "wave9"= "midi5"= "midi6"= "midi7"= "midi8"= "midi9"= "aux4"= "aux5"= "aux6"= "aux7"= "aux8"= "aux9"= "mixer5"= "mixer6"= "mixer7"= "mixer8"= "mixer9"= [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PSIMSVC"=2 (0x2) "PSHost"=2 (0x2) "PAVSRV"=2 (0x2) "PAVFNSVR"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R2 gupdate1c95b0da6409ea0;Google Update Service (gupdate1c95b0da6409ea0);c:\program files\Google\Update\GoogleUpdate.exe [2008-12-10 133104] R3 viafilter;VIA USB Filter;c:\winnt\System32\Drivers\viausb.sys [2001-08-20 9038] R3 WlanUIG;2Wire 802.11g USB Driver;c:\winnt\system32\DRIVERS\WlanUIG.sys [2004-05-17 347648] S0 Lbd;Lbd;c:\winnt\system32\DRIVERS\Lbd.sys [2009-03-09 64160] S1 cdudf;cdudf; [x] S1 DVDVRRdr;DVDVRRdr; [x] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632] S3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\winnt\system32\DRIVERS\neti1634.sys [2008-06-26 197888] --- Other Services/Drivers In Memory --- *NewlyCreated* - PCTINDIS5 *NewlyCreated* - REMOTEACCESS *Deregistered* - ALG *Deregistered* - AudioSrv *Deregistered* - BITS *Deregistered* - Browser *Deregistered* - CryptSvc *Deregistered* - DcomLaunch *Deregistered* - Dhcp *Deregistered* - dmserver *Deregistered* - Dnscache *Deregistered* - ERSvc *Deregistered* - EventSystem *Deregistered* - FastUserSwitchingCompatibility *Deregistered* - Fax *Deregistered* - Gpc *Deregistered* - gupdate1c95b0da6409ea0 *Deregistered* - helpsvc *Deregistered* - HidServ *Deregistered* - HTTP *Deregistered* - ImapiService *Deregistered* - IpNat *Deregistered* - IPSEC *Deregistered* - JavaQuickStarterService *Deregistered* - KSecDD *Deregistered* - lanmanserver *Deregistered* - lanmanworkstation *Deregistered* - Lavasoft Ad-Aware Service *Deregistered* - Lbd *Deregistered* - LmHosts *Deregistered* - MDC8021X *Deregistered* - MDM *Deregistered* - mmc_2K *Deregistered* - mnmdd *Deregistered* - MountMgr *Deregistered* - MRxDAV *Deregistered* - MRxSmb *Deregistered* - Msfs *Deregistered* - MSIServer *Deregistered* - mssmbios *Deregistered* - Mtlstrm *Deregistered* - Mup *Deregistered* - NDIS *Deregistered* - Ndisuio *Deregistered* - NdisWan *Deregistered* - NDProxy *Deregistered* - NetBIOS *Deregistered* - NetBT *Deregistered* - NETIMFLT01060034 *Deregistered* - Netman *Deregistered* - Nla *Deregistered* - Npfs *Deregistered* - Ntfs *Deregistered* - NtmsSvc *Deregistered* - Null *Deregistered* - PartMgr *Deregistered* - ParVdm *Deregistered* - PCTINDIS5 *Deregistered* - PolicyAgent *Deregistered* - PptpMiniport *Deregistered* - ProtectedStorage *Deregistered* - RasAcd *Deregistered* - Rasl2tp *Deregistered* - RasMan *Deregistered* - RasPppoe *Deregistered* - Raspti *Deregistered* - Rdbss *Deregistered* - RDPCDD *Deregistered* - rdpdr *Deregistered* - RecAgent *Deregistered* - RemoteAccess *Deregistered* - RemoteRegistry *Deregistered* - RpcSs *Deregistered* - SamSs *Deregistered* - Schedule *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - SharedAccess *Deregistered* - ShellHWDetection *Deregistered* - SlNtHal *Deregistered* - SLService *Deregistered* - SlWdmSup *Deregistered* - Spooler *Deregistered* - sr *Deregistered* - srservice *Deregistered* - Srv *Deregistered* - SSDPSRV *Deregistered* - StiSvc *Deregistered* - swenum *Deregistered* - TapiSrv *Deregistered* - Tcpip *Deregistered* - TermDD *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - tmcomm *Deregistered* - TrkWks *Deregistered* - UdfReadr *Deregistered* - Update *Deregistered* - VgaSave *Deregistered* - VolSnap *Deregistered* - W32Time *Deregistered* - Wanarp *Deregistered* - Wdf01000 *Deregistered* - WebClient *Deregistered* - winmgmt *Deregistered* - wscsvc *Deregistered* - wuauserv *Deregistered* - WZCSVC *Deregistered* - zumbus *Deregistered* - ZuneBusEnum [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] panda REG_MULTI_SZ Gwmsrv . Contents of the 'Scheduled Tasks' folder 2009-04-28 c:\winnt\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06] 2009-05-06 c:\winnt\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-10 21:23] . - - - - ORPHANS REMOVED - - - - WebBrowser-{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) WebBrowser-{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) WebBrowser-{A057A204-BACC-4D26-9990-79A187E2698E} - (no file) SharedTaskScheduler-{8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\System32\browseui.dll ShellExecuteHooks-{AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll SSODL-PostBootReminder-{7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll SafeBoot-Wdf01000.sys . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 mStart Page = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\intel\Start Menu\Programs\IMVU\Run IMVU.lnk IE: {{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe Trusted Zone: microsoft.com\www Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\winnt\system32\urlmon.dll Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\winnt\system32\urlmon.dll Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\winnt\system32\urlmon.dll Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - c:\winnt\system32\urlmon.dll Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - c:\winnt\system32\urlmon.dll Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - c:\winnt\system32\urlmon.dll Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - c:\winnt\system32\urlmon.dll Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - c:\winnt\system32\urlmon.dll Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\winnt\system32\itss.dll Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - c:\progra~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - c:\winnt\system32\urlmon.dll Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - c:\winnt\system32\urlmon.dll Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\winnt\system32\itss.dll Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - c:\progra~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\winnt\system32\msvidctl.dll Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\winnt\system32\itss.dll DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\CLUE Classic\Images\armhelper.ocx FF - ProfilePath - c:\documents and settings\intel\Application Data\Mozilla\Firefox\Profiles\7vu3yav0.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-06 13:29 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(768) c:\winnt\system32\adsldpc.dll - - - - - - - > 'explorer.exe'(4008) c:\program files\Windows Media Player\wmpband.dll c:\winnt\system32\ieframe.dll c:\winnt\system32\WPDShServiceObj.dll c:\winnt\system32\PortableDeviceTypes.dll c:\winnt\system32\PortableDeviceApi.dll c:\winnt\system32\OneX.DLL c:\winnt\system32\eappprxy.dll . Completion time: 2009-05-06 13:34 ComboFix-quarantined-files.txt 2009-05-06 18:33 ComboFix2.txt 2009-04-28 02:00 ComboFix3.txt 2009-04-27 03:08 Pre-Run: 7,460,499,456 bytes free Post-Run: 7,515,525,120 bytes free 444 --- E O F --- 2009-04-25 21:20 OTListIT log: OTListIt logfile created on: 5/6/2009 1:06:50 PM - Run 3 OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\intel\Desktop\New Folder Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 367.53 Mb Total Physical Memory | 176.36 Mb Available Physical Memory | 47.98% Memory free 887.50 Mb Paging File | 737.68 Mb Available in Paging File | 83.12% Paging File free Paging file location(s): c:\pagefile.sys 552 1104; %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 6.98 Gb Free Space | 18.73% Space Free | Partition Type: NTFS Drive D: | 138.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: INTEL-5MQ3XL86W Current User Name: intel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Minimal File Age = 30 Days Company Name Whitelist: On ========== Win32 Services (SafeList) ========== SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (gupdate1c95b0da6409ea0 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.) SRV - (helpsvc [Auto | Running]) -- C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (idsvc [Unknown | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (PAVFNSVR [Disabled | Stopped]) -- C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe (Panda Security, S.L.) SRV - (PAVSRV [Disabled | Stopped]) -- C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrv51.exe (Panda Security, S.L.) SRV - (PSHost [Disabled | Stopped]) -- c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE (Panda Software International) SRV - (PSIMSVC [Disabled | Stopped]) -- C:\Program Files\Panda Security\Panda Internet Security 2009\psimsvc.exe (Panda Security S.L.) SRV - (SLService [Auto | Running]) -- C:\WINNT\system32\slserv.exe ( ) SRV - (UtilMan [On_Demand | Stopped]) -- C:\WINNT\System32\UtilMan.exe (Microsoft Corporation) SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) SRV - (ZuneBusEnum [Auto | Running]) -- C:\WINNT\system32\ZuneBusEnum.exe (Microsoft Corporation) SRV - (ZuneNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation) SRV - (ZuneWlanCfgSvc [On_Demand | Stopped]) -- C:\WINNT\system32\ZuneWlanCfgSvc.exe (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value Default_Secondary_Page_URL = 0 bytes IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value Secondary Start Pages = 0 bytes IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...mp;sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 62 AA 0A 48 C5 C9 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Live Search" FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q=" FF - prefs.js..browser.search.selectedEngine: "Live Search" FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9 FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/24 22:21:59 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/22 21:27:57 | 00,000,000 | ---D | M] [2008/11/15 03:18:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\mozilla\Extensions [2008/11/15 03:18:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/04/27 22:01:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\mozilla\Firefox\Profiles\7vu3yav0.default\extensions [2009/01/11 11:29:10 | 00,001,632 | ---- | M] () -- C:\Documents and Settings\intel\Application Data\Mozilla\FireFox\Profiles\7vu3yav0.default\searchplugins\live-search.xml [2009/03/19 17:12:34 | 00,002,158 | ---- | M] () -- C:\Documents and Settings\intel\Application Data\Mozilla\FireFox\Profiles\7vu3yav0.default\searchplugins\MySpace.xml [2009/05/01 17:01:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009/04/22 21:27:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/08/24 14:55:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009/03/19 16:45:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009/04/22 21:27:46 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/04/22 21:27:46 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2008/12/02 03:04:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2008/12/02 03:04:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2008/12/02 03:04:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2008/12/02 03:04:40 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2008/12/02 03:04:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2008/12/02 03:04:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2008/12/02 03:04:40 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (27 bytes) - C:\WINNT\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (E-Zsoft VideoDownloaderToolBar) - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll (Google Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.) O3 - HKLM\..\Toolbar: (E-Zsoft VideoDownloaderToolBar) - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Key error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found O4 - HKLM..\Run: [2Wire Wireless Manager] "C:\Program Files\2Wire Wireless Manager\2Wire.exe" -a (2Wire) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) O4 - HKLM..\Run: [InternetDownload_upgrade] "C:\Program Files\VersalSoft\InternetDownload\InternetDownload.exe" /upgrade File not found O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Synchronization Manager] mobsync.exe /logon (Microsoft Corporation) O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found O4 - HKLM..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE (2Wire Inc.) O4 - Startup: C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\intel\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll (Google Inc.) O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\intel\Start Menu\Programs\IMVU\Run IMVU.lnk File not found O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: microsoft.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\CLUE Classic\Images\stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1226815031659 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1230347220299 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\CLUE Classic\Images\armhelper.ocx (ArmHelper Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\system32\wzcdlg.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINNT\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINNT\System32\lsdelete.exe () ========== LOP Check ========== [2009/05/06 12:38:56 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data [2009/04/20 22:17:11 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} [2009/05/06 12:38:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\2Wire [2008/09/29 21:30:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Adobe [2008/11/16 12:20:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Backup [2008/11/29 14:32:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Google [2009/04/20 22:22:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Lavasoft [2009/04/11 15:05:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Malwarebytes [2009/04/25 19:55:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Microsoft [2008/12/04 19:50:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\NCH Software [2008/11/16 12:19:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Panda Security [2008/12/21 17:15:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\PC Drivers HeadQuarters [2009/04/27 22:57:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Prism [2008/10/30 10:25:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\TEMP [2008/11/23 15:53:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Windows Genuine Advantage [2008/11/16 11:52:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Yahoo! [2009/05/06 12:40:08 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\intel\Application Data [2009/05/06 12:40:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\2Wire [2008/11/16 02:19:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Adobe [2008/11/29 14:32:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Any Video Converter [2008/11/15 03:15:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Google [2009/03/20 22:02:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Help [2007/06/17 09:09:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Identities [2009/04/27 20:27:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Lavasoft [2008/08/18 19:27:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Leadertech [2007/06/17 10:53:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Macromedia [2009/04/11 15:06:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Malwarebytes [2009/04/27 20:28:19 | 00,000,000 | --SD | M] -- C:\Documents and Settings\intel\Application Data\Microsoft [2008/05/18 19:13:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Mozilla [2009/03/26 11:20:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\MySpace [2008/08/24 12:08:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Roxio [2008/10/26 12:14:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Sun [2008/09/09 20:38:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\uTorrent [2008/11/16 00:54:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\intel\Application Data\Yahoo! [2009/04/27 22:22:02 | 00,000,472 | ---- | M] () -- C:\WINNT\Tasks\Ad-Aware Update (Weekly).job [1999/12/07 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINNT\Tasks\desktop.ini [2009/05/06 12:33:20 | 00,000,882 | ---- | M] () -- C:\WINNT\Tasks\GoogleUpdateTaskMachine.job [2009/05/06 12:33:18 | 00,000,006 | -H-- | M] () -- C:\WINNT\Tasks\SA.DAT [2009/04/27 12:00:02 | 00,000,394 | ---- | M] () -- C:\WINNT\Tasks\Schedule Task Weekly.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:7C9E34A2 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:FDDD8917 < End of report > |
|
|
|
|
May 6 2009, 12:43 PM
Post
#10
|
|
|
Member Posts: 89 OS: Windows XP |
Also, I have tried to install the Recovery Console but I keep getting a message that it could not be installed.
|
|
|
|
|
May 7 2009, 02:49 PM
Post
#11
|
|
|
Trusted Helper Posts: 4,530 From: London, UK OS: XP |
in this post we will do some general scans to clear out the remnants and ensure nothing else sneaked onto your machine.
the scans will likely take 4 hours, quite possibly much longer. so just let them run. ====STEP 1==== Please download ATF Cleaner by Atribune. Caution: This program is for Windows 2000, XP and Vista only
Under Main choose: Select All Click the Empty Selected button.
Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. For Technical Support, double-click the e-mail address located at the bottom of each menu. ====STEP 2==== we will update and re-run your malwarebytes: double click the malwarebytes icon on your desktop to open the program
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. ====STEP 3==== Download and scan with SUPERAntiSpyware Free for Home Users
====STEP 4==== Please do an online scan with Kaspersky WebScanner (this will identify any issues, we will clear them in the following post) Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.
Upgrading Java:
====STEP 5==== Please run the MGA Diagnostic Tool and post back the report it shall produce:
In your next reply could i see: 1. the malwarebytes log 2. the superantispyware log 3. the kaspersky scan 4. the MGA Diagnostic Report 5. some idea of how your machine is running now The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts. andrewuk |
|
|
|
|
May 10 2009, 04:25 PM
Post
#12
|
|
|
Trusted Helper Posts: 4,530 From: London, UK OS: XP |
still with us?
|
|
|
|
|
May 10 2009, 05:52 PM
Post
#13
|
|
|
Member Posts: 89 OS: Windows XP |
Still here, I'm going to start the scans in the morning, sorry, some family stuff came up and I haven't been on.
|
|
|
|
|
May 10 2009, 06:07 PM
Post
#14
|
|
|
Trusted Helper Posts: 4,530 From: London, UK OS: XP |
QUOTE Still here, I'm going to start the scans in the morning, sorry, some family stuff came up and I haven't been on. no problem, i will be around 
|
|
|
|
|
May 11 2009, 09:58 PM
Post
#15
|
|
|
Member Posts: 89 OS: Windows XP |
Everything is complete except the Kaspersky scan and that will be running through the night, I'll be on in the morning to post the results of all the scans. Thanks for being so patient.
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
1 / 1,591 | 11th March 2005 - 05:42 AM captintong started - last by Retired Tech |
|||||
|
1 / 576 | 10th June 2005 - 06:03 PM TheMoneyMan1 started - last by bobthemailman |
|||||
 |
23 / 697 | 28th May 2009 - 07:18 PM newnoi started - last by JSntgRvr |
|||||
|
 |
0 / 162 | 8th October 2009 - 04:17 AM Shuh started - last by Shuh |
||||
|
Time is now: 7th November 2009 - 07:27 PM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising