Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dr. Watson Post mortum debugging


  • Please log in to reply

#1
ovsa

ovsa

    New Member

  • Member
  • Pip
  • 2 posts
i have run through all the malware removal processes as you listed.

I get a "Windows Exeplorer has encountered a problem......." message everytime i open "my pictures"

After afew attempts i then get the Dr. Watson Postmotem Debugging" message and the computer freezes up.

Here are the logs from OTL and rooter. Hope somebody can help me with this.

Thank You

Windows XP Home

OTListIt logfile created on: 4/21/2009 6:27:47 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\victor.VICTORLAPTOP\Local Settings\Temporary Internet Files\Content.IE5\1FI4H92X
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1006.42 Mb Total Physical Memory | 559.41 Mb Available Physical Memory | 55.58% Memory free
2.37 Gb Paging File | 1.93 Gb Available in Paging File | 81.32% Paging File free
Paging file location(s): c:\pagefile.sys 1512 3024;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS2 | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 33.73 Gb Free Space | 60.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VICTORLAPTOP
Current User Name: victor
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS2\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS2\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Program Files\Shaw Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE (F-Secure Corp.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS2\system32\lxctcoms.exe ( )
PRC - C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe (F-Secure Corp.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS2\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Shaw Secure\Common\FSLAUNCH.EXE (F-Secure Corporation)
PRC - C:\Documents and Settings\victor.VICTORLAPTOP\Local Settings\Temporary Internet Files\Content.IE5\1FI4H92X\OTListIt2[1].exe (OldTimer Tools)
PRC - C:\WINDOWS2\notepad.exe (Microsoft Corporation)
PRC - C:\WINDOWS2\notepad.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (DVD-RAM_Service [Auto | Running]) -- C:\WINDOWS2\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
SRV - (F-Secure Gatekeeper Handler Starter [Auto | Running]) -- C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (FSAUA [On_Demand | Stopped]) -- C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe (F-Secure Corporation)
SRV - (FSDFWD [On_Demand | Stopped]) -- C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe (F-Secure Corporation)
SRV - (FSMA [Auto | Running]) -- C:\Program Files\Shaw Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSORSPClient [On_Demand | Stopped]) -- C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS2\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (lxct_device [Auto | Running]) -- C:\WINDOWS2\system32\lxctcoms.exe ( )
SRV - (TuneUp.Defrag [On_Demand | Stopped]) -- C:\WINDOWS2\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp [Auto | Running]) -- C:\WINDOWS2\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (CAMCAUD [On_Demand | Running]) -- C:\WINDOWS2\system32\drivers\camcaud.sys (Conexant Systems Inc.)
DRV - (CAMCHALA [On_Demand | Running]) -- C:\WINDOWS2\system32\drivers\camchal.sys (Conexant Systems Inc.)
DRV - (F-Secure Filter [Disabled | Stopped]) -- C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSfilter.sys ()
DRV - (F-Secure Gatekeeper [On_Demand | Running]) -- C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (F-Secure HIPS [System | Running]) -- C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (F-Secure Recognizer [Disabled | Stopped]) -- C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSrec.sys ()
DRV - (fsbts [Boot | Running]) -- C:\WINDOWS2\system32\Drivers\fsbts.sys ()
DRV - (FSFW [Boot | Running]) -- C:\WINDOWS2\System32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS2\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HSFHWICH [On_Demand | Running]) -- C:\WINDOWS2\system32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS2\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS2\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (meiudf [System | Running]) -- C:\WINDOWS2\System32\Drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS2\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS2\system32\DRIVERS\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS2\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS2\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SMBBATT [On_Demand | Running]) -- C:\WINDOWS2\system32\DRIVERS\SMBBATT.sys (Microsoft Corporation)
DRV - (SMBHC [System | Running]) -- C:\WINDOWS2\system32\DRIVERS\SMBHC.sys (Microsoft Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS2\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (w29n51 [On_Demand | Running]) -- C:\WINDOWS2\system32\DRIVERS\w29n51.sys (Intel® Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS2\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.theglobeandmail.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/11/27 11:23:33 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS2\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash (F-Secure Corporation)
O4 - HKLM..\Run: [LXCTCATS] rundll32 C:\WINDOWS2\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected] (Lexmark International Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [shawnotify] c:\progra~1\shaw\update\siuloader.exe /notify (Shaw Cablesystems)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra 'Tools' menuitem : Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS2\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS2\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/04/21 06:27:35 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/21 06:23:53 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/20 21:53:29 | 00,000,000 | ---D | C] -- C:\WINDOWS2\ERDNT
[2009/04/20 21:52:29 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\NTREGOPT.lnk
[2009/04/20 21:52:29 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\ERUNT.lnk
[2009/04/20 21:52:27 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/20 17:30:35 | 00,001,734 | ---- | C] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\HijackThis.lnk
[2009/04/20 17:30:34 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/20 17:25:45 | 00,000,667 | ---- | C] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\shexview.cfg
[2009/04/20 17:18:23 | 00,017,400 | ---- | C] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\shexview.chm
[2009/04/20 17:18:22 | 00,038,912 | ---- | C] (NirSoft) -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\shexview.exe
[2009/04/20 17:18:02 | 00,049,665 | ---- | C] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\shexview.zip
[2009/04/18 19:56:24 | 00,253,952 | ---- | C] () -- C:\DOCUME~1\VICTOR~1.VIC\My Documents\magazine project.doc
[2009/04/17 18:42:04 | 00,000,000 | ---D | C] -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\куба 2009
** - C:\DOCUME~1\VICTOR~1.VIC\Desktop\???? 2009
[2009/04/16 12:49:46 | 01,346,403 | ---- | C] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\PFTAUSW-090407U.zip
[2009/04/15 15:51:08 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\pdh.dll
[2009/04/15 15:51:04 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\sc.exe
[2009/04/15 15:51:00 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\rpcss.dll
[2009/04/15 15:50:55 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\services.exe
[2009/04/15 15:50:50 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\fastprox.dll
[2009/04/15 15:50:46 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmiprvse.exe
[2009/04/15 15:50:42 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wmiprvsd.dll
[2009/04/15 15:50:38 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\lsasrv.dll
[2009/04/15 15:50:34 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\advapi32.dll
[2009/04/15 15:50:30 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\ntdll.dll
[2009/04/15 15:48:46 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\xpsp4res.dll
[2009/04/15 15:48:43 | 01,203,922 | ---- | C] () -- C:\WINDOWS2\System32\dllcache\sysmain.sdb
[2009/04/15 15:48:42 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\dllcache\wordpad.exe
[2009/04/14 09:39:00 | 03,363,840 | ---- | C] () -- C:\DOCUME~1\VICTOR~1.VIC\My Documents\A animal life production.ppt
[2009/04/06 08:35:59 | 00,805,474 | ---- | C] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\victor passport.jpg
[2009/04/04 11:37:07 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2009/04/04 11:37:07 | 00,000,000 | ---D | C] -- C:\Program Files\movie maker
[2009/04/04 11:14:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\victor.VICTORLAPTOP\Application Data\vlc
[2009/04/04 11:09:12 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/04/01 22:11:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\victor.VICTORLAPTOP\Local Settings\Application Data\PCHealth
[2009/04/01 12:45:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\victor.VICTORLAPTOP\Local Settings\Application Data\WinAVI
[2009/04/01 12:45:39 | 00,000,000 | ---D | C] -- C:\Program Files\WinAVI Video Converter
[2009/04/01 11:04:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\victor.VICTORLAPTOP\Application Data\Media Player Classic
[2009/04/01 10:52:31 | 00,000,547 | ---- | C] () -- C:\WINDOWS2\System32\ff_vfw.dll.manifest
[2009/04/01 10:52:30 | 00,067,584 | ---- | C] () -- C:\WINDOWS2\System32\ff_vfw.dll
[2009/04/01 10:52:28 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS2\System32\pthreadGC2.dll
[2009/04/01 10:52:26 | 00,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2009/03/22 18:38:54 | 00,025,600 | ---- | C] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\SEPTEMBER 2009.doc
[2009/03/10 11:03:42 | 00,000,120 | ---- | C] () -- C:\WINDOWS2\QUICKEN.INI
[2009/02/12 09:42:15 | 00,001,793 | ---- | C] () -- C:\WINDOWS2\System32\fxsperf.ini
[2009/02/08 12:11:49 | 00,000,379 | ---- | C] () -- C:\WINDOWS2\ODBC.INI
[2009/02/07 15:37:55 | 00,000,754 | ---- | C] () -- C:\WINDOWS2\WORDPAD.INI
[2009/02/01 19:47:02 | 00,002,036 | R--- | C] () -- C:\WINDOWS2\SVPW32Str.ini
[2009/02/01 19:47:01 | 00,011,122 | R--- | C] () -- C:\WINDOWS2\HWSetupStr.ini
[2009/02/01 11:40:24 | 00,040,960 | ---- | C] () -- C:\WINDOWS2\System32\lxctpmon.dll
[2009/02/01 11:40:24 | 00,032,768 | ---- | C] () -- C:\WINDOWS2\System32\LXCTFXPU.DLL
[2009/02/01 11:35:10 | 00,274,432 | ---- | C] () -- C:\WINDOWS2\System32\LXCTinst.dll
[2009/02/01 11:35:09 | 00,409,600 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxctinpa.dll
[2009/02/01 11:35:09 | 00,393,216 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxctiesc.dll
[2009/02/01 11:35:08 | 00,983,040 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxctusb1.dll
[2009/02/01 11:35:06 | 01,187,840 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxctserv.dll
[2009/02/01 11:35:05 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxctpmui.dll
[2009/02/01 11:35:05 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxctprox.dll
[2009/02/01 11:35:05 | 00,094,208 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxctpplc.dll
[2009/02/01 11:35:04 | 00,528,384 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxctlmpm.dll
[2009/02/01 11:35:02 | 00,696,320 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxcthbn3.dll
[2009/02/01 11:35:01 | 00,204,800 | ---- | C] () -- C:\WINDOWS2\System32\lxctgrd.dll
[2009/02/01 11:34:59 | 00,421,888 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxctcomm.dll
[2009/02/01 11:34:58 | 00,667,648 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxctcomc.dll
[2009/02/01 11:13:02 | 00,033,408 | ---- | C] () -- C:\WINDOWS2\System32\drivers\fsbts.sys
[2009/02/01 10:40:36 | 00,072,192 | ---- | C] () -- C:\WINDOWS2\System32\zlib.dll
[2008/11/11 23:59:50 | 00,040,960 | ---- | C] () -- C:\WINDOWS2\System32\lxctvs.dll
[2008/11/11 23:59:44 | 00,335,872 | ---- | C] () -- C:\WINDOWS2\System32\lxctcoin.dll
[2008/04/14 06:00:00 | 00,000,477 | ---- | C] () -- C:\WINDOWS2\win.ini
[2008/04/14 06:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS2\system.ini
[2006/06/20 07:40:14 | 00,692,224 | ---- | C] () -- C:\WINDOWS2\System32\lxctdrs.dll
[2006/05/18 05:01:34 | 00,065,536 | ---- | C] () -- C:\WINDOWS2\System32\lxctcaps.dll
[2006/05/03 08:31:04 | 00,061,440 | ---- | C] () -- C:\WINDOWS2\System32\lxctcnv4.dll
[1999/01/22 12:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS2\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2009/04/21 06:22:43 | 00,000,330 | -H-- | M] () -- C:\WINDOWS2\tasks\MP Scheduled Scan.job
[2009/04/21 06:19:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS2\tasks\SA.DAT
[2009/04/21 06:19:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS2\bootstat.dat
[2009/04/20 21:59:07 | 00,013,744 | ---- | M] () -- C:\WINDOWS2\System32\wpa.dbl
[2009/04/20 21:52:29 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\NTREGOPT.lnk
[2009/04/20 21:52:29 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\ERUNT.lnk
[2009/04/20 18:03:06 | 00,000,508 | ---- | M] () -- C:\WINDOWS2\tasks\Scheduled scanning task.job
[2009/04/20 17:30:35 | 00,001,734 | ---- | M] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\HijackThis.lnk
[2009/04/20 17:25:45 | 00,000,667 | ---- | M] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\shexview.cfg
[2009/04/20 17:18:04 | 00,049,665 | ---- | M] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\shexview.zip
[2009/04/20 16:55:59 | 00,000,664 | ---- | M] () -- C:\WINDOWS2\System32\d3d9caps.dat
[2009/04/18 19:56:25 | 00,253,952 | ---- | M] () -- C:\DOCUME~1\VICTOR~1.VIC\My Documents\magazine project.doc
[2009/04/17 17:53:30 | 00,000,378 | ---- | M] () -- C:\WINDOWS2\tasks\1-Click Maintenance.job
[2009/04/16 14:25:46 | 00,027,136 | ---- | M] () -- C:\DOCUME~1\VICTOR~1.VIC\My Documents\Sanchez resume.doc
[2009/04/16 12:49:48 | 01,346,403 | ---- | M] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\PFTAUSW-090407U.zip
[2009/04/16 07:36:15 | 00,369,538 | ---- | M] () -- C:\WINDOWS2\System32\PerfStringBackup.INI
[2009/04/16 07:36:15 | 00,320,642 | ---- | M] () -- C:\WINDOWS2\System32\perfh009.dat
[2009/04/16 07:36:15 | 00,044,310 | ---- | M] () -- C:\WINDOWS2\System32\perfc009.dat
[2009/04/14 12:07:05 | 03,363,840 | ---- | M] () -- C:\DOCUME~1\VICTOR~1.VIC\My Documents\A animal life production.ppt
[2009/04/14 09:18:36 | 00,002,139 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1.WIN\Desktop\iTunes.lnk
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS2\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS2\System32\drivers\mbam.sys
[2009/04/06 11:17:38 | 00,017,400 | ---- | M] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\shexview.chm
[2009/04/06 11:10:12 | 00,038,912 | ---- | M] (NirSoft) -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\shexview.exe
[2009/04/06 08:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\System32\MRT.exe
[2009/04/06 08:35:59 | 00,805,474 | ---- | M] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\victor passport.jpg
[2009/04/05 19:03:49 | 00,000,029 | ---- | M] () -- C:\WINDOWS2\System32\package.lst
[2009/04/03 21:07:06 | 00,042,496 | ---- | M] () -- C:\Documents and Settings\victor.VICTORLAPTOP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/02 20:08:07 | 00,025,600 | ---- | M] () -- C:\DOCUME~1\VICTOR~1.VIC\Desktop\SEPTEMBER 2009.doc
[2009/03/27 00:58:38 | 01,203,922 | ---- | M] () -- C:\WINDOWS2\System32\dllcache\sysmain.sdb
< End of report >

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:57223 Mo/Free:1773 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Tue 04/21/2009| 6:23

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS2\system32\csrss.exe
---------- \??\C:\WINDOWS2\system32\winlogon.exe
---------- C:\WINDOWS2\system32\services.exe
---------- C:\WINDOWS2\system32\lsass.exe
---------- C:\WINDOWS2\system32\svchost.exe
---------- C:\WINDOWS2\system32\svchost.exe
---------- C:\Program Files\Windows Defender\MsMpEng.exe
---------- C:\WINDOWS2\System32\svchost.exe
---------- C:\WINDOWS2\system32\svchost.exe
---------- C:\WINDOWS2\system32\svchost.exe
---------- C:\WINDOWS2\Explorer.EXE
---------- C:\WINDOWS2\system32\spoolsv.exe
---------- C:\Program Files\Windows Defender\MSASCui.exe
---------- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\WINDOWS2\system32\ctfmon.exe
---------- C:\Program Files\Skype\Phone\Skype.exe
---------- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
---------- C:\WINDOWS2\system32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\WINDOWS2\system32\DVDRAMSV.exe
---------- C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
---------- C:\Program Files\Shaw Secure\Common\FSMA32.EXE
---------- C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS2\system32\lxctcoms.exe
---------- C:\WINDOWS2\system32\svchost.exe
---------- C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
---------- C:\WINDOWS2\System32\alg.exe
---------- C:\WINDOWS2\system32\wuauclt.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS2\system32\wscntfy.exe
---------- C:\Program Files\Shaw Secure\Common\FSLAUNCH.EXE
---------- C:\WINDOWS2\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Tue 04/21/2009| 6:24

----------------------\\ Scan completed at 6:24
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP