Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Academic computer infected

Started by 242chris , Apr 07 2009 11:40 AM

  • Please log in to reply

#1
242chris
Posted 07 April 2009 - 11:40 AM

242chris

    New Member

  • Member
  • Pip
  • 1 posts
A computer in a professors research lab is infected with viruses. Here are the rooter and old timer scans. Malware bites will not run even after renaming.

Microsoft Windows XP Professional (5.1.2600) Service Pack 2

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:111192 Mo/Free:1842 Mo)
D:\ [Fixed] - NTFS - (Total:38130 Mo/Free:1201 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Tue 04/07/2009|13:22

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Windows Defender\MsMpEng.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\GEARSec.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
---------- C:\Program Files\QuickTime\qttask.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\Program Files\Internet Explorer\Iexplore.exe
---------- C:\Program Files\Internet Explorer\Iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

==> VUNDO <==

----------------------\\ ROOTKIT !!


----------------------\\ Rogues..

C:\DOCUME~1\ALLUSE~1\APPLIC~1\CrucialSoft Ltd


1 - "C:\Rooter$\Rooter_1.txt" - Tue 04/07/2009|13:23

----------------------\\ Scan completed at 13:23




OTListIt logfile created on: 4/7/2009 1:33:25 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.12.1 Folder = C:\Documents and Settings\chem\Desktop\Computer Cleaning
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.89% Memory free
3.84 Gb Paging File | 3.48 Gb Available in Paging File | 90.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 85.80 Gb Free Space | 79.01% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 37.17 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PCHEM
Current User Name: chem
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\GEARSec.exe (GEAR Software)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\chem\Desktop\Computer Cleaning\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (DSBrokerService [On_Demand | Stopped]) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (GEARSecurity [Auto | Running]) -- C:\WINDOWS\System32\GEARSec.exe (GEAR Software)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (HP Port Resolver [On_Demand | Stopped]) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE (Hewlett-Packard Company)
SRV - (HP Status Server [On_Demand | Stopped]) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE (Hewlett-Packard Company)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MSSQL$MICROSOFTSMLBIZ [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (Norton Ghost [On_Demand | Stopped]) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SQLAgent$MICROSOFTSMLBIZ [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (Symantec Core LC [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (dsunidrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (FileDisk [System | Running]) -- C:\WINDOWS\System32\drivers\filedisk.sys (Bo Brantén)
DRV - (GearAspiWDM [System | Running]) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SymSnap [Boot | Running]) -- C:\WINDOWS\System32\drivers\SymSnap.sys (StorageCraft)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (utsubfsh [Boot | Running]) -- C:\WINDOWS\system32\drivers\utsubfsh.sys (Microsoft Corporation)
DRV - (V2IMount [System | Running]) -- C:\WINDOWS\System32\drivers\V2iMount.sys (Symantec Corporation)
DRV - (WinDriver6 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\windrvr6.sys (Jungo)
DRV - (Winpn36 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\Winpn36.sys ()
DRV - (XilinxFirmwareEmbeddedLoader [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\xusb_xup.sys (Xilinx, Inc.)
DRV - (XilinxFirmwareEmbeddedLpLoader [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\xusb_emb.sys (Xilinx, Inc.)
DRV - (XilinxFirmwareLoader [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\xusbdfwu.sys (Xilinx, Inc.)
DRV - (XilinxFirmwareLpLoader [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\xusb_xlp.sys (Xilinx, Inc.)
DRV - (XilinxFirmwareXpressLoader [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\xusb_xpr.sys (Xilinx, Inc.)
DRV - (XilinxPC4Driver [Auto | Running]) -- C:\WINDOWS\System32\drivers\XPC4DRVR.SYS (Xilinx, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...l...&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...l...&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...l...&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {36A38930-361A-4675-8186-94BF05C6E5B0} - C:\WINDOWS\system32\cmprop.dll (Alcohol Soft Development Team)
O2 - BHO: (no name) - {4b9ee9e5-9329-46d1-8c5e-1c8ecbd78ec4} - C:\WINDOWS\system32\cwwfst.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddcAtUKC.dll File not found
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (no name) - {DF2FF945-732C-4FB4-8865-F79B69733932} - C:\WINDOWS\system32\khfFwtUM.dll File not found
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} http://zone.msn.com/...eb.1.0.0.15.cab (CPlayFirstChocolatieControl Object)
O16 - DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} http://games.bigfish...eb.1.0.0.11.cab (CPlayFirstFitnessDasControl Object)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.gamehouse...se/ghplayer.cab (GameHouse Games Player)
O16 - DPF: {74EF5274-F439-2168-B543-14745B625C72} http://www.gamehouse...eddingDash2.cab (CPlayFirstWeddingDasControl Object)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.gamehouse...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://www.gamehouse...mesLauncher.cab (SpinTop Games Launcher)
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} http://www.gamehouse...BGamePlayer.cab (Jolly Bear Games Player)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://zone.msn.com/...esPlayer_v6.cab (GoBit Games Player)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://www.gamehouse...zylomplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} http://zone.msn.com/...WebLauncher.cab (SCEWebLauncherCtl Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.gamehouse...opcaploader.cab (PopCapLoader Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (cwwfst.dll) - C:\WINDOWS\system32\cwwfst.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ddcAtUKC: DllName - ddcAtUKC.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WinCtrl32: DllName - WinCtrl32.dll - C:\WINDOWS\system32\WinCtrl32.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddcAtUKC.dll File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\khfFwtUM) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{5e184170-4825-11dc-afd3-00167627a828}\Shell - "" = AutoRun
O33 - MountPoints2\{5e184170-4825-11dc-afd3-00167627a828}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5e184170-4825-11dc-afd3-00167627a828}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/04/07 13:22:43 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/07 13:19:28 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/07 13:19:26 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/07 13:19:25 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/07 13:19:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/07 13:14:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/07 13:13:42 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\chem\Desktop\NTREGOPT.lnk
[2009/04/07 13:13:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/07 13:05:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chem\Desktop\Computer Cleaning
[2009/04/07 12:59:37 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\WinCtrl32.dl_
[2009/03/23 17:52:10 | 21,371,49440 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/23 17:37:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chem\Application Data\SolidWorks
[2009/03/23 16:40:12 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/03/23 16:39:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chem\Application Data\DWGeditor
[2009/03/23 16:39:33 | 00,001,948 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\DWGeditor.lnk
[2009/03/23 16:39:18 | 00,000,000 | ---D | C] -- C:\Program Files\DWGeditor
[2009/03/23 16:38:44 | 00,001,818 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\eDrawings 2006.lnk
[2009/03/23 16:38:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\eDrawings2006
[2009/03/23 12:22:23 | 00,000,042 | ---- | C] () -- C:\WINDOWS\trailer.xws
[2009/03/23 12:22:21 | 00,000,023 | -H-- | C] () -- C:\WINDOWS\yacht.xws
[2009/03/23 12:22:03 | 00,002,231 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SolidWorks Student Edition.lnk
[2009/03/23 12:18:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SolidWorks Shared
[2009/03/23 12:16:14 | 00,000,000 | ---D | C] -- C:\Program Files\SolidWorks
[2009/03/23 12:16:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Solidworks Data
[2009/03/10 12:44:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chem\Local Settings\Application Data\PCHealth
[2009/02/26 12:03:03 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\WinCtrl32.dll
[2009/02/19 11:32:38 | 01,649,717 | -HS- | C] () -- C:\WINDOWS\System32\fyipcnwg.ini
[2009/02/19 11:32:37 | 00,072,704 | ---- | C] () -- C:\WINDOWS\System32\gwncpiyf.dll
[2009/02/19 11:29:37 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\cwwfst.dll
[2009/02/19 11:29:37 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\bmoqxqgb.dll
[2009/02/18 23:32:38 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\queyey.dll
[2009/02/18 23:32:37 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\wuwiewkp.dll
[2009/02/18 23:29:38 | 01,621,689 | -HS- | C] () -- C:\WINDOWS\System32\xsoxhxoa.ini
[2009/02/18 11:29:37 | 01,619,425 | -HS- | C] () -- C:\WINDOWS\System32\ffeuvumw.ini
[2009/02/18 11:26:37 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ufmufbip.dll
[2009/02/18 11:26:37 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\bjeltr.dll
[2009/02/17 23:29:37 | 01,613,944 | -HS- | C] () -- C:\WINDOWS\System32\vhtljtyd.ini
[2009/02/17 23:26:38 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\gllexe.dll
[2009/02/17 23:26:37 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\bophyian.dll
[2009/02/17 11:27:34 | 01,613,647 | -HS- | C] () -- C:\WINDOWS\System32\adcryyoo.ini
[2009/02/17 11:27:33 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\vehayp.dll
[2009/02/17 11:27:33 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\pwblfape.dll
[2009/02/16 23:30:33 | 01,600,058 | -HS- | C] () -- C:\WINDOWS\System32\lrwkjiqn.ini
[2009/02/16 23:27:33 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\tyhqrj.dll
[2009/02/16 23:27:33 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\cikjgawr.dll
[2009/02/16 11:30:33 | 01,599,490 | -HS- | C] () -- C:\WINDOWS\System32\kbqilsrw.ini
[2009/02/16 11:27:34 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\roourx.dll
[2009/02/16 11:27:33 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ehyysmnt.dll
[2009/02/15 23:30:33 | 01,593,556 | -HS- | C] () -- C:\WINDOWS\System32\xxkncmbj.ini
[2009/02/15 23:27:33 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\nihslpjm.dll
[2009/02/15 23:27:33 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\isckjo.dll
[2009/02/15 11:30:33 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\xflzmg.dll
[2009/02/15 11:30:33 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ugjclgpd.dll
[2009/02/15 11:27:33 | 01,593,556 | -HS- | C] () -- C:\WINDOWS\System32\eudupoer.ini
[2009/02/14 23:30:34 | 01,593,556 | -HS- | C] () -- C:\WINDOWS\System32\yllungtu.ini
[2009/02/14 23:27:33 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\waivrxwu.dll
[2009/02/14 23:27:33 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\sfsrmt.dll
[2009/02/14 11:30:34 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\mfmgiv.dll
[2009/02/14 11:30:33 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\olcmnlfo.dll
[2009/02/14 11:27:33 | 01,593,556 | -HS- | C] () -- C:\WINDOWS\System32\pydmomoq.ini
[2009/02/13 23:30:33 | 01,593,556 | -HS- | C] () -- C:\WINDOWS\System32\hugauwod.ini
[2009/02/12 23:29:38 | 01,576,264 | -HS- | C] () -- C:\WINDOWS\System32\sequnudd.ini
[2009/02/11 23:26:43 | 01,576,264 | -HS- | C] () -- C:\WINDOWS\System32\vaqoprcd.ini
[2009/02/10 23:25:33 | 01,530,380 | -HS- | C] () -- C:\WINDOWS\System32\ooiinqjf.ini
[2009/02/10 23:24:53 | 00,004,204 | -HS- | C] () -- C:\WINDOWS\System32\MUtwFfhk.ini2
[2009/02/10 23:24:53 | 00,004,204 | -HS- | C] () -- C:\WINDOWS\System32\MUtwFfhk.ini
[2007/06/15 10:36:11 | 00,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/06/15 10:36:11 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\6099DED076.sys
[2007/05/23 07:33:41 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/15 00:02:15 | 00,000,098 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/01/15 00:01:35 | 00,000,011 | ---- | C] () -- C:\WINDOWS\hplj5200m.ini
[2006/11/02 14:32:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\KGOleSrv.INI
[2006/04/05 01:09:38 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/05 01:03:13 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/05 01:02:36 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/04/05 00:58:41 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/05 00:39:20 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 17:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 00,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\Winpn36.sys
[2004/08/11 17:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:00:37 | 00,000,676 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 17:00:35 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/11 17:00:16 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/04/07 13:24:51 | 00,000,314 | ---- | M] () -- C:\WINDOWS\tasks\szhjhadv.job
[2009/04/07 13:16:32 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/04/07 13:13:42 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\chem\Desktop\NTREGOPT.lnk
[2009/04/07 12:59:37 | 00,031,616 | ---- | M] () -- C:\WINDOWS\System32\drivers\Winpn36.sys
[2009/04/07 12:59:37 | 00,016,896 | ---- | M] () -- C:\WINDOWS\System32\WinCtrl32.dl_
[2009/04/07 12:56:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/07 12:56:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/07 12:56:06 | 21,371,49440 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/07 12:56:06 | 00,016,896 | ---- | M] () -- C:\WINDOWS\System32\WinCtrl32.dll
[2009/04/07 12:54:33 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/23 17:45:43 | 00,002,231 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\SolidWorks Student Edition.lnk
[2009/03/23 17:37:23 | 00,081,480 | ---- | M] () -- C:\Documents and Settings\chem\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/23 17:37:05 | 00,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/23 16:39:33 | 00,001,948 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\DWGeditor.lnk
[2009/03/23 16:38:44 | 00,001,818 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\eDrawings 2006.lnk
[2009/03/23 12:22:23 | 00,000,042 | ---- | M] () -- C:\WINDOWS\trailer.xws
[2009/03/23 12:22:21 | 00,000,023 | -H-- | M] () -- C:\WINDOWS\yacht.xws
[2009/03/15 19:10:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/10 20:48:13 | 00,471,976 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/10 20:48:13 | 00,402,426 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/10 20:48:13 | 00,062,032 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
< End of report >



OTListIt Extras logfile created on: 4/7/2009 1:33:25 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.12.1 Folder = C:\Documents and Settings\chem\Desktop\Computer Cleaning
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.89% Memory free
3.84 Gb Paging File | 3.48 Gb Available in Paging File | 90.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 85.80 Gb Free Space | 79.01% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 37.17 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PCHEM
Current User Name: chem
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.com [@ = Gaussian.GaussView 4.1.Gaussian Input File] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
E:\Temp\InstEng\Setup.exe:*:Enabled:Hewlett-Packard Installer File not found
C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer (Microsoft Corporation)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1CECDCCE-1D2D-46E8-9F02-CCFC93120B55}" = DWGeditor
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}" = Norton Ghost 10.0
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{44F6D111-8407-4E7B-AD20-04B9BE377C3D}" = SolidWorks 2006-2007 Student Edition
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5E863175-E85D-44A6-8968-82507D34AE7F}" = QuickTime
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E44895E5-15CA-48CB-B136-707E5183BEF3}" = eDrawings 2006
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"5Spice Analysis_is1" = 5Spice Analysis 1.40
"Ace DivX Player" = Ace DivX Player
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"AIM_6" = AIM 6
"AOL Toolbar" = AOL Toolbar 5.0
"AOL Toolbar 5.0" =
"DIVXCodec" = DivX Codec 3.1alpha release
"EAGLE 5.0.0" = EAGLE 5.0.0
"ERUNT_is1" = ERUNT 1.1j
"Gaussian 03W" = Gaussian 03W
"GaussView 4.1" = GaussView 4.1
"Hardwood Solitaire III Lite" = Hardwood Solitaire III Lite
"KaleidaGraph 3.5" = KaleidaGraph 3.5
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROSet" = Intel® PRO Network Connections Drivers
"ScrewDrivers Client v4" = ScrewDrivers Client v4
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilinx ISE 9.2i" = Xilinx ISE 9.2i

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MS AntiSpyware 2009 5.7" = MS AntiSpyware 2009
"WinImage" = WinImage

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/14/2008 7:20:55 PM | Computer Name = PCHEM | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/10/2008 11:24:03 AM | Computer Name = PCHEM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module shdocvw.dll, version 6.0.2900.3268, fault address 0x000159c4.

Error - 5/27/2008 2:25:44 PM | Computer Name = PCHEM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x02309350.

Error - 6/4/2008 4:18:20 PM | Computer Name = PCHEM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x02309350.

Error - 6/6/2008 2:29:50 PM | Computer Name = PCHEM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x02309350.

Error - 6/7/2008 5:00:30 PM | Computer Name = PCHEM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x02309350.

Error - 6/7/2008 5:59:29 PM | Computer Name = PCHEM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x02309350.

Error - 6/9/2008 1:45:36 PM | Computer Name = PCHEM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x02309350.

Error - 6/9/2008 3:05:46 PM | Computer Name = PCHEM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x02309350.

Error - 6/9/2008 5:05:01 PM | Computer Name = PCHEM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x02309350.

[ System Events ]
Error - 3/23/2009 5:51:33 PM | Computer Name = PCHEM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/24/2009 12:42:17 PM | Computer Name = PCHEM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/24/2009 12:42:17 PM | Computer Name = PCHEM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/27/2009 8:46:20 PM | Computer Name = PCHEM | Source = WinDefend | ID = 3006
Description = %%827 Real-Time Protection agent has encountered an error when taking
action on spyware or other potentially unwanted software. For more information please
see the following: http://go.microsoft....threatid=132731

Scan
ID: {2EB7A8A7-0F85-4C7C-9887-1B993CE42FDC} User: PCHEM\chem Name: Trojan:Win32/Vundo.JC.dll

ID:
132731 Severity: Severe Category: Trojan Path: file:\\?\globalroot\systemroot\system32\UACsbrxdpaa.dll

Alert
Type: %%805 Action: %%811 Error Code: 0x80508017 Error description: Some actions couldn't
be applied to potentially harmful items. The items might be stored in a read-only
location. Delete the files or folders that contains the items or, for information
on removing read-only permissions from files and folders, see Help and Support.


Error - 3/27/2009 9:08:56 PM | Computer Name = PCHEM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/27/2009 9:08:56 PM | Computer Name = PCHEM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/28/2009 1:34:00 AM | Computer Name = PCHEM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/28/2009 1:34:00 AM | Computer Name = PCHEM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/7/2009 1:16:30 PM | Computer Name = PCHEM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/7/2009 1:16:30 PM | Computer Name = PCHEM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}


< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP