Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SVCHOST.EXE (Network Service) My CPU Running at 100% [Solved]

Started by SpicyNHot , Jul 01 2009 10:04 AM

  • This topic is locked This topic is locked

#1
SpicyNHot
Posted 01 July 2009 - 10:04 AM

SpicyNHot

    Member

  • Member
  • PipPip
  • 54 posts
SVCHOST.EXE (Network Service) My CPU is Running at 100% and System Idle Process (System) is 00.. This occurs everytime I log on to the internet (any browser it does this matter) and cpu rises at 100% in SVCHOST.EXE (Network Service).. When I disable it in window task manager it goes back down to 00 and System Idle Process goes back to normal 99%... Also sometimes when I log on booting up it does the same thing before I click the internet.. Can someone please help me with this matter? thanks for your time.. :)

In additional here are my logs scans

MBAM Log, OTL logs, and Rooter log

1st log from MBAM

Malwarebytes' Anti-Malware 1.38
Database version: 2357
Windows 5.1.2600 Service Pack 3

7/1/2009 3:43:24 AM
mbam-log-2009-07-01 (03-43-24).txt

Scan type: Quick Scan
Objects scanned: 112514
Time elapsed: 9 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


2nd log OTL logs

OTL logfile created on: 7/1/2009 11:21:33 AM - Run 1
OTL by OldTimer - Version 3.0.5.3 Folder = C:\Program Files
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.48 Mb Total Physical Memory | 117.45 Mb Available Physical Memory | 26.25% Memory free
1.03 Gb Paging File | 0.73 Gb Available in Paging File | 70.66% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.71 Gb Total Space | 32.68 Gb Free Space | 63.19% Space Free | Partition Type: NTFS
Drive D: | 4.18 Gb Total Space | 1.01 Gb Free Space | 24.13% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-C44D19AF4E
Current User Name: LEB
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Documents and Settings\LEB\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Documents and Settings\LEB\Local Settings\Temp\bwgo0001fb91.exe (BackWeb Technologies Inc. )
PRC - C:\Documents and Settings\LEB\Local Settings\Temp\bwgo0002139d.exe ()
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcsync.exe (McAfee, Inc.)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LVCOMSer [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVSrvLauncher [Auto | Stopped]) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (McciCMService [Auto | Running]) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WinSock Extention Manager [Auto | Stopped]) -- File not found
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (BsStor [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\bsstor.sys (B.H.A Co.,Ltd.)
DRV - (BsUDF [Auto | Running]) -- C:\WINDOWS\System32\drivers\bsudf.sys (ahead software)
DRV - (fasttx2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (FETND5BV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - (FETNDISB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (LVcKap [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LVcKap.sys (Logitech Inc.)
DRV - (LVMVDrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys (Logitech Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVUSBSta [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (MREMP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (pepifilter [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\lv302af.sys (Logitech Inc.)
DRV - (PID_PEPI [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LV302V32.SYS (Logitech Inc.)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiS315 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp [System | Running]) -- C:\WINDOWS\System32\DRIVERS\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaagp1 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (viagfx [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 44 9B 27 95 8C C9 01 [binary data]
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.myyahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.262
FF - prefs.js..extensions.enabledItems: [email protected]:1.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {239c61a8-e55f-11db-8314-0800200c9a66}:2.0.7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.64
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.48
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/01/28 14:43:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/30 23:39:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/06/24 18:17:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/25 13:38:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/25 13:38:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.5\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2009/06/25 13:38:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.5\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2009/06/25 13:38:27 | 00,000,000 | ---D | M]

[2008/06/17 18:54:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LEB\Application Data\mozilla\Extensions
[2008/06/17 18:54:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LEB\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/01 01:06:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LEB\Application Data\mozilla\Firefox\Profiles\oss5lmv5.default\extensions
[2009/06/30 09:36:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LEB\Application Data\mozilla\Firefox\Profiles\oss5lmv5.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2009/07/01 00:40:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LEB\Application Data\mozilla\Firefox\Profiles\oss5lmv5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/06/17 18:56:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LEB\Application Data\mozilla\Firefox\Profiles\oss5lmv5.default\extensions\{239c61a8-e55f-11db-8314-0800200c9a66}
[2009/01/14 16:57:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LEB\Application Data\mozilla\Firefox\Profiles\oss5lmv5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/06/03 17:28:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LEB\Application Data\mozilla\Firefox\Profiles\oss5lmv5.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2009/06/28 10:20:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LEB\Application Data\mozilla\Firefox\Profiles\oss5lmv5.default\extensions\[email protected]
[2009/04/22 15:40:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LEB\Application Data\mozilla\Firefox\Profiles\oss5lmv5.default\extensions\[email protected]
[2009/04/22 15:40:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LEB\Application Data\mozilla\Firefox\Profiles\oss5lmv5.default\extensions\[email protected]
[2008/09/04 22:45:19 | 00,001,769 | ---- | M] () -- C:\Documents and Settings\LEB\Application Data\Mozilla\FireFox\Profiles\oss5lmv5.default\searchplugins\aim-search.xml
[2009/07/01 01:06:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/12 14:39:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/09/05 19:35:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/06/12 14:38:56 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/12 14:38:56 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/08/06 16:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/10/17 14:29:52 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/09/19 17:55:20 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2005/12/05 22:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/06/12 14:39:01 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 20:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/01/28 14:42:04 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/06/25 13:38:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/25 13:38:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/25 13:38:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/25 13:38:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/25 13:38:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/25 13:38:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/25 13:38:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/01/28 14:44:50 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/01/28 14:40:21 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/01/19 19:28:04 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/19 19:28:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/19 19:28:04 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/19 19:28:04 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/19 19:28:04 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/19 19:28:04 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/19 19:28:04 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (656353 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
O1 - Hosts: 127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 acestats.com
O1 - Hosts: 127.0.0.1 www.acestats.com
O1 - Hosts: 17348 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\LEB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 15 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: adobe.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: apexlearning.com ([courses] https in Trusted sites)
O15 - HKCU\..Trusted Domains: meez.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rude.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([avatars] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 413 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1211428021697 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1178944453984 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1178944447156 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/28 06:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/01 03:58:54 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2009/07/01 03:54:18 | 00,173,119 | ---- | C] (Eric_71) -- C:\Program Files\Rooter.exe
[2009/07/01 03:21:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\LEB\Application Data\Malwarebytes
[2009/07/01 03:21:53 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/01 03:21:50 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/01 03:21:47 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/01 03:21:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/01 03:21:46 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/01 03:17:15 | 03,561,752 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2009/07/01 03:09:32 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\LEB\Desktop\NTREGOPT.lnk
[2009/07/01 03:09:32 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\LEB\Desktop\ERUNT.lnk
[2009/07/01 03:09:31 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/01 03:02:41 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Program Files\erunt_setup.exe
[2009/07/01 02:43:47 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Program Files\TFC.exe
[2009/06/30 09:42:20 | 00,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2405187568-2829553228-3810535007-1014UA.job
[2009/06/30 09:42:17 | 00,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2405187568-2829553228-3810535007-1014Core.job
[2009/06/29 19:40:51 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\LEB\My Documents\info 12345.bmp
[2009/06/29 19:34:12 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\LEB\My Documents\prt loggo123info.bmp
[2009/06/29 19:25:26 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\LEB\My Documents\123INFO.bmp
[2009/06/29 12:02:05 | 00,000,655 | ---- | C] () -- C:\Documents and Settings\LEB\My Documents\My feelins on awards bet.rtf
[2009/06/25 13:41:18 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/06/25 13:37:17 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/06/09 16:16:47 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/06/09 16:16:47 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2008/12/18 15:54:01 | 00,060,416 | ---- | C] () -- C:\WINDOWS\System32\rbap350.dll
[2008/09/19 17:57:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 17:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 17:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/19 17:54:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/01 23:57:11 | 00,058,163 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/02/11 15:12:36 | 00,000,056 | ---- | C] () -- C:\WINDOWS\CoverDes.INI
[2008/01/20 10:19:21 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/12/01 22:16:44 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/17 21:01:47 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6s.DLL
[2007/11/17 20:32:30 | 00,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/08/26 21:32:53 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/07/18 17:42:42 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/06/23 03:29:17 | 00,000,006 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2007/06/18 14:49:10 | 00,000,116 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/06/09 18:15:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2007/05/14 09:58:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/05/12 00:12:42 | 00,000,070 | ---- | C] () -- C:\WINDOWS\CB9F1FD7.ini
[2004/10/27 17:57:22 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/26 22:45:58 | 00,013,949 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/26 22:45:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/26 22:19:17 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/10/26 21:33:02 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/26 21:33:02 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/26 21:32:36 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/26 21:04:20 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/26 20:44:44 | 00,000,572 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/26 20:44:15 | 00,000,719 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/10/26 20:44:10 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2004/09/17 17:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/09/14 02:35:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 06:14:46 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 06:14:46 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/11 02:04:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[2009/07/01 11:17:22 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/01 11:16:52 | 00,009,865 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/07/01 11:16:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/01 11:16:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/01 11:16:02 | 46,929,1008 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/01 03:58:55 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2009/07/01 03:54:19 | 00,173,119 | ---- | M] (Eric_71) -- C:\Program Files\Rooter.exe
[2009/07/01 03:47:27 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/07/01 03:47:11 | 00,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2405187568-2829553228-3810535007-1014UA.job
[2009/07/01 03:21:53 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/01 03:17:18 | 03,561,752 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2009/07/01 03:09:32 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\LEB\Desktop\NTREGOPT.lnk
[2009/07/01 03:09:32 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\LEB\Desktop\ERUNT.lnk
[2009/07/01 03:02:43 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Program Files\erunt_setup.exe
[2009/07/01 02:43:50 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Program Files\TFC.exe
[2009/07/01 01:00:24 | 00,000,328 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/07/01 00:01:14 | 00,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F0A4E253-4708-4298-BDD3-369574E61AF2}.job
[2009/06/30 09:47:01 | 00,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2405187568-2829553228-3810535007-1014Core.job
[2009/06/29 19:40:52 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\LEB\My Documents\info 12345.bmp
[2009/06/29 19:34:13 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\LEB\My Documents\prt loggo123info.bmp
[2009/06/29 19:25:28 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\LEB\My Documents\123INFO.bmp
[2009/06/29 12:02:05 | 00,000,655 | ---- | M] () -- C:\Documents and Settings\LEB\My Documents\My feelins on awards bet.rtf
[2009/06/25 13:09:08 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/11 12:08:49 | 00,259,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/01 12:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >

Continue 2nd log from OTL - Extras log

OTL Extras logfile created on: 7/1/2009 11:21:34 AM - Run 1
OTL by OldTimer - Version 3.0.5.3 Folder = C:\Program Files
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.48 Mb Total Physical Memory | 117.45 Mb Available Physical Memory | 26.25% Memory free
1.03 Gb Paging File | 0.73 Gb Available in Paging File | 70.66% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.71 Gb Total Space | 32.68 Gb Free Space | 63.19% Space Free | Partition Type: NTFS
Drive D: | 4.18 Gb Total Space | 1.01 Gb Free Space | 24.13% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-C44D19AF4E
Current User Name: LEB
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes (Apple Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger (Logitech Inc.)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink File not found
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server File not found
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player (Microsoft Corporation)
C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java™ Platform SE binary (Sun Microsystems, Inc.)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\ATT-HSI\McciBrowser.exe:*:Enabled:motivebrowser.exe (Motive Communications, Inc.)
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Disabled:BackWeb for Presario (Hewlett-Packard)
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent (McAfee, Inc.)
C:\Program Files\BitZip\bitzip.exe:*:Disabled:bitzip File not found
C:\Program Files\HP\Photosmart Essential\UserTrackUtility.exe:*:Disabled:Enable HP Product Improvement Data Collection ()
C:\Program Files\HP\Photosmart Essential\HP_IZE.exe:*:Disabled:HP Photosmart Essential (Hewlett-Packard, Co.)
C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Disabled:Java™ Platform SE binary File not found
C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe:*:Disabled:Java™ Platform SE binary File not found
C:\Program Files\Last.fm\LastFM.exe:*:Disabled:Last.fm File not found
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger (Logitech Inc.)
C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Disabled:MySpaceIM ()
C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus (Vuze Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5C74694C-A687-E3EB-FF18-B018D4A76ECD}" = Adobe Media Player
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{8653730A-683D-4C42-BB18-6471291D5DEA}" = Canon MP Navigator 1.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C5C649A8-1D21-4C83-9B08-7B3752E580F4}" = Safari
"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D335AC77-6F59-46D6-9082-F74A9F7E0FC3}" = Canon MP Drivers 7.0
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D95ED581-3C67-4BB4-AA50-DDCC6A97226D}" = ArcSoft PhotoStudio 5.5
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AIM_6" = AIM 6
"ATTToolbar" = AT&T Toolbar
"BackWeb-6750491 Uninstaller" = Compaq Connections
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"ERUNT_is1" = ERUNT 1.1j
"Help and Support Additions" = Help and Support Additions
"HijackThis" = HijackThis 1.99.1
"Hijackthis_is1" = Hijackthis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD (Ahead Software)
"InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library
"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MerlinReportAgent" = ATT High Speed Internet Service Report Agent
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MP3 Rocket" = MP3 Rocket
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MySpaceIM" = MySpaceIM
"Netscape Navigator (9.0.0.5)" = Netscape Navigator (9.0.0.5)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = NeroMediaPlayer
"ObjectDock" = ObjectDock
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"QcDrv" = Logitech® Camera Driver
"S3" = VIA/S3G Display Driver
"ST6UNST #1" = FreeDVD Codec Installer Version 1.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6b
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Vuze" = Vuze
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/23/2009 4:59:15 PM | Computer Name = YOUR-C44D19AF4E | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 2/26/2009 4:38:00 PM | Computer Name = YOUR-C44D19AF4E | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2144 (0x860) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\hp\support\HPSysInfo.exe

by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 3/6/2009 9:38:12 PM | Computer Name = YOUR-C44D19AF4E | Source = Application Error | ID = 1000
Description = Faulting application mcshell.exe, version 8.1.133.0, faulting module
jscript.dll, version 5.8.6001.18372, fault address 0x00027b1f.

Error - 3/6/2009 9:38:26 PM | Computer Name = YOUR-C44D19AF4E | Source = Application Error | ID = 1001
Description = Fault bucket 1117522635.

Error - 3/13/2009 7:17:30 PM | Computer Name = YOUR-C44D19AF4E | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2896 (0xb50) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\hp\support\HPSysInfo.exe

by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 3/17/2009 5:06:47 PM | Computer Name = YOUR-C44D19AF4E | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3334, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/17/2009 5:06:48 PM | Computer Name = YOUR-C44D19AF4E | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3334, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/17/2009 5:08:16 PM | Computer Name = YOUR-C44D19AF4E | Source = Application Hang | ID = 1001
Description = Fault bucket 1154546923.

Error - 3/17/2009 5:08:16 PM | Computer Name = YOUR-C44D19AF4E | Source = Application Hang | ID = 1001
Description = Fault bucket 1154546923.

Error - 3/18/2009 3:28:34 PM | Computer Name = YOUR-C44D19AF4E | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3040 (0xbe0) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\hp\support\HPSysInfo.exe

by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

[ System Events ]
Error - 7/1/2009 12:56:13 AM | Computer Name = YOUR-C44D19AF4E | Source = Service Control Manager | ID = 7034
Description = The DNS Client service terminated unexpectedly. It has done this
1 time(s).

Error - 7/1/2009 2:53:48 AM | Computer Name = YOUR-C44D19AF4E | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 7/1/2009 2:54:01 AM | Computer Name = YOUR-C44D19AF4E | Source = Service Control Manager | ID = 7000
Description = The WinSock Extention Manager service failed to start due to the following
error: %%2

Error - 7/1/2009 2:56:17 AM | Computer Name = YOUR-C44D19AF4E | Source = Service Control Manager | ID = 7034
Description = The DNS Client service terminated unexpectedly. It has done this
1 time(s).

Error - 7/1/2009 3:46:40 AM | Computer Name = YOUR-C44D19AF4E | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 7/1/2009 3:46:57 AM | Computer Name = YOUR-C44D19AF4E | Source = Service Control Manager | ID = 7000
Description = The WinSock Extention Manager service failed to start due to the following
error: %%2

Error - 7/1/2009 3:47:39 AM | Computer Name = YOUR-C44D19AF4E | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
fasttx2k SISAGP

Error - 7/1/2009 3:50:00 AM | Computer Name = YOUR-C44D19AF4E | Source = Service Control Manager | ID = 7034
Description = The DNS Client service terminated unexpectedly. It has done this
1 time(s).

Error - 7/1/2009 11:16:21 AM | Computer Name = YOUR-C44D19AF4E | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 0011D8987070 has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Error - 7/1/2009 11:16:22 AM | Computer Name = YOUR-C44D19AF4E | Source = Service Control Manager | ID = 7000
Description = The WinSock Extention Manager service failed to start due to the following
error: %%2


< End of report >

3rd log from rooter.exe


Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 6 Model 10 Stepping 0, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.0.11 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:51 Go - Free:32 Go )
D:\ [Fixed-FAT32] .. ( Total:4 Go - Free:1 Go )
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
.
Scan : 11:34.59
Path : C:\Program Files\Rooter.exe
User : LEB ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (564)
______ \??\C:\WINDOWS\system32\csrss.exe (668)
______ \??\C:\WINDOWS\system32\winlogon.exe (692)
______ C:\WINDOWS\system32\services.exe (736)
______ C:\WINDOWS\system32\lsass.exe (748)
______ C:\WINDOWS\system32\svchost.exe (996)
______ C:\WINDOWS\system32\svchost.exe (1072)
______ C:\WINDOWS\System32\svchost.exe (1164)
______ C:\WINDOWS\system32\svchost.exe (1224)
______ C:\WINDOWS\system32\svchost.exe (1292)
______ C:\WINDOWS\system32\spoolsv.exe (1528)
______ C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (1568)
______ C:\WINDOWS\system32\svchost.exe (1656)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1688)
______ C:\Program Files\Bonjour\mDNSResponder.exe (1700)
______ C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (1752)
______ C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (1808)
______ C:\Program Files\Common Files\Motive\McciCMService.exe (1904)
______ C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (1988)
______ c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (2028)
______ c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (188)
______ C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (212)
______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (312)
______ C:\Program Files\McAfee\MPF\MPFSrv.exe (336)
______ C:\WINDOWS\system32\svchost.exe (520)
______ C:\Program Files\Viewpoint\Common\ViewpointService.exe (752)
______ C:\WINDOWS\System32\alg.exe (3024)
______ c:\PROGRA~1\mcafee.com\agent\mcagent.exe (1272)
______ C:\WINDOWS\Explorer.EXE (1764)
______ C:\Program Files\QuickTime\QTTask.exe (3100)
______ C:\Program Files\iTunes\iTunesHelper.exe (3136)
______ C:\WINDOWS\system32\ctfmon.exe (3168)
______ C:\Documents and Settings\LEB\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe (3340)
______ C:\DOCUME~1\LEB\LOCALS~1\Temp\bwgo0001fb91.exe (3508)
______ C:\DOCUME~1\LEB\LOCALS~1\Temp\bwgo0002139d.exe (3572)
______ C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (3832)
______ C:\Program Files\iPod\bin\iPodService.exe (2188)
______ c:\PROGRA~1\mcafee\msc\mcupdmgr.exe (1716)
______ C:\Program Files\Rooter.exe (2648)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:4497744384)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:4497776640 | Length:55521607680)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2405187568-2829553228-3810535007-1014Core.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2405187568-2829553228-3810535007-1014UA.job
C:\WINDOWS\Tasks\McDefragTask.job
C:\WINDOWS\Tasks\McQcTask.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\User_Feed_Synchronization-{F0A4E253-4708-4298-BDD3-369574E61AF2}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\DOCUME~1\LEB\Favorites\Computer Sites\http--www.fullreleases.com-NewMembers-full-ddl-download-serial-crack-torrent-new-Cs-3-Paradox-Keygen.phpsearch=Cs+3+Paradox+Keygen.url
==> Cracks & Keygens <==
.
----------------------\\ Scan completed at 11:35.14
.
C:\Rooter$\Rooter_1.txt - (01/07/2009 | 11:35.14).c
  • 0

Advertisements

#2
chamber
Posted 05 July 2009 - 04:58 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hello SpicyNHot

My name is chamber and I'll be helping you today.

As I am still in training all of my posts have to checked by an expert so there may be some delay between replies.

Before we proceed to clean your computer from malware there are some points you should consider that will make the process go smoother.
  • Please have patience, logs take time to properly research so I will not be able to reply immediately.
  • Make sure that you are set to receive an email when I do reply to this topic, this will ensure that you don't miss any replies.
  • There are no silly questions so please just ask! Better safe than sorry.
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, just ask!
  • Make sure you reply to this thread only, do not start new topics.

Please read my posts completely before following the instructions.
  • 0

#3
chamber
Posted 05 July 2009 - 07:58 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi SpicyNHot,

Sorry about the delay, things can get a bit hectic around here.

1) Remove Programs

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know from this article: Viewpoint to Plunge Into Adware
I suggest you remove the program now.

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
  • Vuze
It is my recommendation that you uninstall Vuze, however that choice is up to you.

If you choose to remove it, you can do so via Add or Remove Programs, go to start > run, and the type "appwiz.cpl", then remove the selected programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Here is a good reason to remove them though;

P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.


You can read the full post HERE

You should also remove,

Hijackthis 1.99.1

2) OTL

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WinSock Extention Manager [Auto | Stopped]) -- File not found
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

:Services

:Reg

:Files
C:\DOCUME~1\LEB\Favorites\Computer Sites\http--www.fullreleases.com-NewMembers-full-ddl-download-serial-crack-torrent-new-Cs-3-Paradox-Keygen.phpsearch=Cs+3+Paradox+Keygen.url
C:\WINDOWS\System32\mkghj.dll

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Also let me know how your computer is running at the minute.

In your reply I would like to see copied and pasted,

1) Fresh OTL log
2) How is your computer running now?
  • 0

#4
SpicyNHot
Posted 05 July 2009 - 07:12 PM

SpicyNHot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Thankyou so much Chamber for getting back to me and taking the time out..
I made sure to set a email notification to this topic.. I did do all the request you ask for.. I even unistall the programs that was listed above..
I still have a problem with SVCHOST.EXE (Network Service) My CPU is Running at 100% and System Idle Process (System) is 00 when I connect to the internet. I terminate it when I log on and it's back to normal..

HERE'S ALL MY SCANS LOGS

All processes killed
========== OTL ==========
No active process named ViewpointService.exe was found!
Service\Driver Viewpoint Manager Service not found.
Service\Driver Viewpoint Manager Service not found.
File C:\Program Files\Viewpoint\Common\ViewpointService.exe not found.

Service\Driver WinSock Extention Manager deleted successfully.
File File not found not found.
File C:\Program Files\mozilla firefox\plugins\npViewpoint.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\DOCUME~1\LEB\Favorites\Computer Sites\http--www.fullreleases.com-NewMembers-full-ddl-download-serial-crack-torrent-new-Cs-3-Paradox-Keygen.phpsearch=Cs+3+Paradox+Keygen.url moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\mkghj.dll
C:\WINDOWS\System32\mkghj.dll NOT unregistered.
C:\WINDOWS\System32\mkghj.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.YOUR-C44D19AF4E
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Compaq_Owner

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: L Eliza
->Temp folder emptied: 36864 bytes
->Temporary Internet Files folder emptied: 134 bytes
->FireFox cache emptied: 8885470 bytes

User: LEB
->Temp folder emptied: 14391603 bytes
->Temporary Internet Files folder emptied: 5931413 bytes
->Java cache emptied: 915411 bytes
->FireFox cache emptied: 29080346 bytes
->Google Chrome cache emptied: 907 bytes
->Apple Safari cache emptied: 154822 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 32730 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 56.77 mb


OTL by OldTimer - Version 3.0.5.3 log created on 07052009_123605

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



Here's 2nd log after rebooting a second time I did log for all users

OTL logfile created on: 7/5/2009 1:51:49 PM - Run 2
OTL by OldTimer - Version 3.0.5.3 Folder = C:\Program Files
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.48 Mb Total Physical Memory | 130.68 Mb Available Physical Memory | 29.20% Memory free
1.03 Gb Paging File | 0.74 Gb Available in Paging File | 71.69% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.71 Gb Total Space | 32.92 Gb Free Space | 63.67% Space Free | Partition Type: NTFS
Drive D: | 4.18 Gb Total Space | 1.01 Gb Free Space | 24.13% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-C44D19AF4E
Current User Name: LEB
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Documents and Settings\LEB\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Documents and Settings\LEB\Local Settings\Temp\bwgo0000d10b.exe ()
PRC - C:\Documents and Settings\LEB\Local Settings\Temp\bwgo0000e07c.exe (BackWeb Technologies Inc. )
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LVCOMSer [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVSrvLauncher [Auto | Stopped]) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (McciCMService [Auto | Running]) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (BsStor [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\bsstor.sys (B.H.A Co.,Ltd.)
DRV - (BsUDF [Auto | Running]) -- C:\WINDOWS\System32\drivers\bsudf.sys (ahead software)
DRV - (fasttx2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (FETND5BV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - (FETNDISB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (LVcKap [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LVcKap.sys (Logitech Inc.)
DRV - (LVMVDrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys (Logitech Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVUSBSta [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (MREMP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (pepifilter [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\lv302af.sys (Logitech Inc.)
DRV - (PID_PEPI [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LV302V32.SYS (Logitech Inc.)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiS315 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp [System | Running]) -- C:\WINDOWS\System32\DRIVERS\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaagp1 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (viagfx [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2405187568-2829553228-3810535007-1014\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2405187568-2829553228-3810535007-1014\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-2405187568-2829553228-3810535007-1014\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKU\S-1-5-21-2405187568-2829553228-3810535007-1014\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKU\S-1-5-21-2405187568-2829553228-3810535007-1014\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2405187568-2829553228-3810535007-1014\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2405187568-2829553228-3810535007-1014\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 44 9B 27 95 8C C9 01 [binary data]
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2405187568-2829553228-3810535007-1014\S-1-5-21-2405187568-2829553228-3810535007-1014\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2405187568-2829553228-3810535007-1014\S-1-5-21-2405187568-2829553228-3810535007-1014\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.myyahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.262
FF - prefs.js..extensions.enabledItems: [email protected]:1.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {239c61a8-e55f-11db-8314-0800200c9a66}:2.0.7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.64
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.48
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/01/28 14:43:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/30 23:39:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/06/24 18:17:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/25 13:38:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/05 11:42:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.5\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2009/06/25 13:38:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.5\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2009/07/05 11:42:54 | 00,000,000 | ---D | M]

[2008/06/17 18:54:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LEB\Application Data\mozilla\Extensions
[2008/06/17 18:54:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LEB\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/04 18:29:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LEB\Application Data\mozilla\Firefox\Profiles\oss5lmv5.default\extensions
[2009/06/30 09:36:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LEB\Application Data\mozilla\Firefox\Profiles\oss5lmv5.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2009/07/01 00:40:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LEB\Application Data\mozilla\Firefox\Profiles\oss5lmv5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/06/17 18:56:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LEB\Application Data\mozilla\Firefox\Profiles\oss5lmv5.default\extensions\{239c61a8-e55f-11db-8314-0800200c9a66}
[2009/01/14 16:57:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LEB\Application Data\mozilla\Firefox\Profiles\oss5lmv5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/06/03 17:28:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LEB\Application Data\mozilla\Firefox\Profiles\oss5lmv5.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2009/06/28 10:20:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LEB\Application Data\mozilla\Firefox\Profiles\oss5lmv5.default\extensions\[email protected]
[2009/07/02 11:23:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LEB\Application Data\mozilla\Firefox\Profiles\oss5lmv5.default\extensions\[email protected]
[2009/07/02 11:23:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LEB\Application Data\mozilla\Firefox\Profiles\oss5lmv5.default\extensions\[email protected]
[2008/09/04 22:45:19 | 00,001,769 | ---- | M] () -- C:\Documents and Settings\LEB\Application Data\Mozilla\FireFox\Profiles\oss5lmv5.default\searchplugins\aim-search.xml
[2009/07/04 18:29:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/12 14:39:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/09/05 19:35:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/06/12 14:38:56 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/12 14:38:56 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/08/06 16:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/10/17 14:29:52 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/09/19 17:55:20 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2005/12/05 22:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/06/12 14:39:01 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 20:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/01/28 14:42:04 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/06/25 13:38:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/25 13:38:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/25 13:38:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/25 13:38:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/25 13:38:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/25 13:38:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/25 13:38:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/01/28 14:44:50 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/01/28 14:40:21 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/01/19 19:28:04 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/19 19:28:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/19 19:28:04 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/19 19:28:04 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/19 19:28:04 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/19 19:28:04 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/19 19:28:04 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (656353 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
O1 - Hosts: 127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 acestats.com
O1 - Hosts: 127.0.0.1 www.acestats.com
O1 - Hosts: 17348 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2405187568-2829553228-3810535007-1014\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKU\S-1-5-21-2405187568-2829553228-3810535007-1014\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-21-2405187568-2829553228-3810535007-1014..\Run: [Google Update] C:\Documents and Settings\LEB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2405187568-2829553228-3810535007-1014\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2405187568-2829553228-3810535007-1014\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-2405187568-2829553228-3810535007-1014\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-2405187568-2829553228-3810535007-1014\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-2405187568-2829553228-3810535007-1014\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 15 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2405187568-2829553228-3810535007-1014\..Trusted Domains: 408 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1211428021697 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1178944453984 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1178944447156 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/28 06:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/05 12:36:05 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/07/04 19:23:00 | 00,001,655 | ---- | C] () -- C:\Documents and Settings\LEB\Desktop\MP3 Rocket 5.2.3 PRO.lnk
[2009/07/03 01:07:24 | 00,000,377 | ---- | C] () -- C:\Documents and Settings\LEB\My Documents\Document123.rtf
[2009/07/01 11:35:02 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/07/01 03:58:54 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2009/07/01 03:54:18 | 00,173,119 | ---- | C] (Eric_71) -- C:\Program Files\Rooter.exe
[2009/07/01 03:21:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\LEB\Application Data\Malwarebytes
[2009/07/01 03:21:53 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/01 03:21:50 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/01 03:21:47 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/01 03:21:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/01 03:21:46 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/01 03:17:15 | 03,561,752 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2009/07/01 03:09:32 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\LEB\Desktop\NTREGOPT.lnk
[2009/07/01 03:09:32 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\LEB\Desktop\ERUNT.lnk
[2009/07/01 03:09:31 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/01 03:02:41 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Program Files\erunt_setup.exe
[2009/07/01 02:43:47 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Program Files\TFC.exe
[2009/06/30 09:42:20 | 00,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2405187568-2829553228-3810535007-1014UA.job
[2009/06/30 09:42:17 | 00,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2405187568-2829553228-3810535007-1014Core.job
[2009/06/25 13:41:18 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/06/25 13:37:17 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/06/09 16:16:47 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/06/09 16:16:47 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2008/12/18 15:54:01 | 00,060,416 | ---- | C] () -- C:\WINDOWS\System32\rbap350.dll
[2008/09/19 17:57:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 17:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 17:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/19 17:54:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/01 23:57:11 | 00,058,163 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/02/11 15:12:36 | 00,000,056 | ---- | C] () -- C:\WINDOWS\CoverDes.INI
[2008/01/20 10:19:21 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/12/01 22:16:44 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/17 21:01:47 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6s.DLL
[2007/11/17 20:32:30 | 00,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/08/26 21:32:53 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/07/18 17:42:42 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/06/18 14:49:10 | 00,000,116 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/06/09 18:15:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2007/05/14 09:58:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/05/12 00:12:42 | 00,000,070 | ---- | C] () -- C:\WINDOWS\CB9F1FD7.ini
[2004/10/27 17:57:22 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/26 22:45:58 | 00,013,949 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/26 22:45:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/26 22:19:17 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/10/26 21:33:02 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/26 21:33:02 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/26 21:32:36 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/26 21:04:20 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/26 20:44:44 | 00,000,572 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/26 20:44:15 | 00,000,719 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/10/26 20:44:10 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2004/09/17 17:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/09/14 02:35:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 06:14:46 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 06:14:46 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/11 02:04:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[2009/07/05 13:47:21 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/05 13:47:18 | 00,010,029 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/07/05 13:47:18 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/07/05 13:47:07 | 00,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2405187568-2829553228-3810535007-1014UA.job
[2009/07/05 13:45:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/05 13:45:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/05 13:45:46 | 46,929,1008 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/05 13:24:26 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\LEB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/05 12:59:41 | 00,002,670 | ---- | M] () -- C:\Documents and Settings\LEB\Application Data\wklnhst.dat
[2009/07/05 11:49:36 | 00,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F0A4E253-4708-4298-BDD3-369574E61AF2}.job
[2009/07/04 19:23:00 | 00,001,655 | ---- | M] () -- C:\Documents and Settings\LEB\Desktop\MP3 Rocket 5.2.3 PRO.lnk
[2009/07/04 09:48:17 | 00,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2405187568-2829553228-3810535007-1014Core.job
[2009/07/03 01:07:25 | 00,000,377 | ---- | M] () -- C:\Documents and Settings\LEB\My Documents\Document123.rtf
[2009/07/02 11:40:44 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/07/01 03:58:55 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2009/07/01 03:54:19 | 00,173,119 | ---- | M] (Eric_71) -- C:\Program Files\Rooter.exe
[2009/07/01 03:21:53 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/01 03:17:18 | 03,561,752 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2009/07/01 03:09:32 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\LEB\Desktop\NTREGOPT.lnk
[2009/07/01 03:09:32 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\LEB\Desktop\ERUNT.lnk
[2009/07/01 03:02:43 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Program Files\erunt_setup.exe
[2009/07/01 02:43:50 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Program Files\TFC.exe
[2009/07/01 01:00:24 | 00,000,328 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/06/25 13:09:08 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/11 12:08:49 | 00,259,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
< End of report >


Also here's a full scan log of MBAM

Malwarebytes' Anti-Malware 1.38
Database version: 2357
Windows 5.1.2600 Service Pack 3

7/4/2009 12:29:04 PM
mbam-log-2009-07-04 (12-29-04).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 200502
Time elapsed: 1 hour(s), 2 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#5
chamber
Posted 06 July 2009 - 07:49 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi SpicyNHot,

In this post we will do some general scans to see if anything else is lurking on your system.

Then we will see about the SVCHOST problem.

1) TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

2) Update Java.

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

3) Online Scan.

Please do an online scan with Kaspersky WebScanner Click on Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


In your reply I would like to see copied and pasted,

1) Results of online scan
2) How is your computer running now?
  • 0

#6
SpicyNHot
Posted 06 July 2009 - 08:57 PM

SpicyNHot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Here's my Kaspersky scan report.. I have unistall all versions of java, it's up to date and reran tfc program..

Monday, July 6, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, July 06, 2009 20:43:38
Records in database: 2433433


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics
Files scanned 86489
Threat name 2
Infected objects 2
Suspicious objects 0
Duration of the scan 07:35:52

File name Threat name Threats count
C:\Documents and Settings\LEB\My Documents\My Music\Incomplete\T-3545425-idle warship.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1

C:\Documents and Settings\LEB\My Documents\My Music\Incomplete\T-4188670-idle warship(Club RMX).mp3 Infected: Trojan-Downloader.WMA.GetCodec.v 1

The selected area was scanned.
  • 0

#7
chamber
Posted 07 July 2009 - 05:13 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi spicyNHot,

A few things left to do,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:Services

:Reg

:Files
C:\Documents and Settings\LEB\My Documents\My Music\Incomplete\T-3545425-idle warship.mp3
C:\Documents and Settings\LEB\My Documents\My Music\Incomplete\T-4188670-idle warship(Club RMX).mp3

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.

I don't think that your problem is malware related as your logs are now showing clean. One suggestion could be to use a less resource heavy antivirus program, if you would like some alternatives to McAfee when your subscription runs out. My advise would be to post back in your topic HERE and let them investigate some other route. Tell them that you have been through the Malware forum and give them a link to this topic.

Now for the good news,

Congratulations your logs appear clean!! :)

Clean up

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Additional Security Measures

Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
(Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

You should have a good anti spyware program - We recommend MalwareBytes Anti-Malware and SUPERAntiSpyware

MVPS Hosts file The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

Winpatrol Download and install the free version of Winpatrol. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Spring Cleaning

TFC - Temp File Cleaner by OldTimer - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders

Auslogics Disc Defrag or JKDefrag - Two good disc defragmenters for you to choose from.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place
  • 0

#8
SpicyNHot
Posted 07 July 2009 - 10:50 PM

SpicyNHot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Thanks so much chamber for fixing my computer and taking your appreciated time worth.. I just resolved the svchost network service problem.. It was related to this matter http://mvps.org/winh...sts.htm#Related the host file needed to be reset to default.. So I follow this website http://support.micro...kb;en-us;972034 Now my internet moves smoothly without me terminating the network service svchost everytime I log on.. My cpu is normal.. Later on tomorrow I'll have to dl the new upto/date batch version of MVPS HOSTS file.. Right now it's windows xp default.. so for security protect options I will dl the new MVPS batch..
I also did all the above so yeah.. I use fire fox browser because it runs faster than windows explorer..

Also here's my last log OTL..

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\LEB\My Documents\My Music\Incomplete\T-3545425-idle warship.mp3 moved successfully.
C:\Documents and Settings\LEB\My Documents\My Music\Incomplete\T-4188670-idle warship(Club RMX).mp3 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.YOUR-C44D19AF4E
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Compaq_Owner

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: L Eliza
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: LEB
->Temp folder emptied: 72432485 bytes
->Temporary Internet Files folder emptied: 5679078 bytes
->Java cache emptied: 13553515 bytes
->FireFox cache emptied: 32823095 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 2145 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 118.82 mb


OTL by OldTimer - Version 3.0.5.3 log created on 07072009_191903

Files\Folders moved on Reboot...
  • 0

#9
chamber
Posted 08 July 2009 - 12:42 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Glad to know your problem is resolved. :)
  • 0

#10
Essexboy
Posted 08 July 2009 - 02:10 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP