Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please give assistance re system playing up

Started by Versacci , Jan 16 2010 12:39 PM

  • Please log in to reply

#1
Versacci
Posted 16 January 2010 - 12:39 PM

Versacci

    Member

  • Member
  • PipPip
  • 42 posts
Hi guys. I've had help from here before, which was been really appreciated, but I'm afraid I may need some help again.

My computer appears slow/slugish, and internet access appears slow also. I've ben away on holiday, and other family members have been using the comp, so I guess they may have picked up a nasty somewhere which is affecting my comps performance. I don;t have the latest version of HJT, so if someone could post it for m, and I'll runi it and post results back asap if someone can help me out.

Regards
  • 0

Advertisements

#2
RKinner
Posted 19 January 2010 - 01:00 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
We don't use HJT any more. Instead see: http://www.geekstogo...uide-t2852.html

Then post your logs.

Ron
  • 0

#3
Versacci
Posted 22 January 2010 - 09:59 AM

Versacci

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Hi, Ron thanks for replying.

Here are my logs:

MBAM:

Malwarebytes' Anti-Malware 1.44
Database version: 3615
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

22/01/2010 15:57:14
mbam-log-2010-01-22 (15-57-14).txt

Scan type: Quick Scan
Objects scanned: 122450
Time elapsed: 7 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-22 15:41:10
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kfpyrpow.sys


---- System - GMER 1.0.15 ----

SSDT F7A7D59E ZwCreateKey
SSDT F7A7D594 ZwCreateThread
SSDT F7A7D5A3 ZwDeleteKey
SSDT F7A7D5AD ZwDeleteValueKey
SSDT F7A7D5B2 ZwLoadKey
SSDT F7A7D580 ZwOpenProcess
SSDT F7A7D585 ZwOpenThread
SSDT F7A7D5BC ZwReplaceKey
SSDT F7A7D5B7 ZwRestoreKey
SSDT F7A7D5A8 ZwSetValueKey
SSDT F7A7D58F ZwTerminateProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp MpFirewall.sys
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

OTL:

OTL logfile created on: 22/01/2010 15:42:31 - Run 1
OTL by OldTimer - Version 3.1.25.4 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 658.00 Mb Available Physical Memory | 64.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.01 Gb Total Space | 54.09 Gb Free Space | 77.26% Space Free | Partition Type: NTFS
Drive D: | 4.50 Gb Total Space | 0.55 Gb Free Space | 12.19% Space Free | Partition Type: FAT32
Drive E: | 187.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-G2ASVV4L2M
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/22 15:41:48 | 00,547,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/10/31 12:33:23 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/09/20 13:24:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/20 13:24:19 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/17 08:44:42 | 01,391,616 | ---- | M] (Avant Force) -- C:\Program Files\Avant Browser\avant.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/08/23 11:40:29 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/06/13 10:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/14 14:01:21 | 00,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1209815663\ee\aolsoftware.exe
PRC - [2006/10/23 12:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2003/08/19 02:56:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2003/08/18 17:57:40 | 01,048,576 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
PRC - [2003/04/09 15:11:54 | 00,200,704 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
PRC - [2003/01/29 15:30:58 | 00,184,320 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe


========== Modules (SafeList) ==========

MOD - [2010/01/22 15:41:48 | 00,547,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2004/08/04 07:57:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 07:56:42 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ddraw.dll
MOD - [2004/08/04 07:56:42 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dciman32.dll
MOD - [2003/08/19 02:56:00 | 00,852,038 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nview.dll
MOD - [2003/08/19 02:56:00 | 00,147,456 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwrseng.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/08 22:41:42 | 00,120,232 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2009/09/20 13:24:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/17 10:33:26 | 00,651,776 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/12/23 15:35:20 | 00,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/10/23 12:50:35 | 00,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2003/08/19 02:56:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/01/29 15:30:58 | 00,184,320 | ---- | M] (McAfee Corporation) [Auto | Running] -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: the changes will be overwritten when the application exits. * * To make a manual change to preferences
FF - prefs.js..extensions.enabledItems: you can visit the URL about:config * For more information
FF - prefs.js..extensions.enabledItems: see http://www.mozilla.o...zing.html#prefs */user_pref("app.update.lastUpdateTime.addon-background-update-timer"
FF - prefs.js..extensions.enabledItems: 1218143593);user_pref("app.update.lastUpdateTime.background-update-timer"
FF - prefs.js..extensions.enabledItems: 1218143591);user_pref("app.update.lastUpdateTime.blocklist-background-update-timer"
FF - prefs.js..extensions.enabledItems: 1218143591);user_pref("app.update.lastUpdateTime.microsummary-generator-update-timer"
FF - prefs.js..extensions.enabledItems: 1218143594);user_pref("app.update.lastUpdateTime.search-engine-update-timer"
FF - prefs.js..extensions.enabledItems: 1218143597);user_pref("browser.migration.version"
FF - prefs.js..extensions.enabledItems: 1);user_pref("browser.places.importBookmarksHTML"
FF - prefs.js..extensions.enabledItems: false);user_pref("browser.places.importDefaults"
FF - prefs.js..extensions.enabledItems: false);user_pref("browser.places.leftPaneFolderId"
FF - prefs.js..extensions.enabledItems: -1);user_pref("browser.places.migratePostDataAnnotations"
FF - prefs.js..extensions.enabledItems: false);user_pref("browser.places.smartBookmarksVersion"
FF - prefs.js..extensions.enabledItems: 1);user_pref("browser.places.updateRecentTagsUri"
FF - prefs.js..extensions.enabledItems: false);user_pref("browser.startup.homepage"
FF - prefs.js..extensions.enabledItems: "http://www.google.co.uk/");user_pref("browser.startup.homepage_override.mstone"
FF - prefs.js..extensions.enabledItems: "rv:1.9.0.1");user_pref("extensions.enabledItems"
FF - prefs.js..extensions.enabledItems: "3.0.1");user_pref("intl.charsetmenu.browser.cache"
FF - prefs.js..extensions.enabledItems: "ISO-8859-1
FF - prefs.js..extensions.enabledItems: UTF-8");user_pref("network.cookie.prefsMigrated"
FF - prefs.js..extensions.enabledItems: true);user_pref("urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey
FF - prefs.js..browser.search.selectedEngine: "Orbit Search (Powered By Google)"


[2008/08/07 21:13:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2008/08/07 21:13:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rlis8chp.default\extensions

O1 HOSTS File: ([2009/08/30 13:30:56 | 00,324,359 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11100 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1209815663\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Acme.PCHButton] C:\Program Files\HP Pavilion PC Help\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe (Motive Communications, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; SU 3.24; Mozilla\4.0 ( File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O15 - HKLM\..Trusted Domains: 61 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} http://download.macr...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valu...018/flashax.cab (FlashXControl Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/01/01 08:36:50 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 21:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007/07/18 11:53:19 | 00,000,100 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/12/05 20:12:18 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891835792228352)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/22 15:41:45 | 00,547,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/01/22 12:59:56 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/01/19 17:37:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/16 19:54:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Simply Super Software
[2009/09/19 22:24:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/03/08 11:08:28 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\Owner.exe
[2008/09/22 12:03:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/09/22 12:03:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/09/22 12:03:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/09/22 12:03:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/07/11 17:40:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/06/18 10:32:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2008/01/25 14:33:21 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HiJackThis.exe
[2007/12/05 14:34:05 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HJTInstall.exe

========== Files - Modified Within 14 Days ==========

[2010/01/22 15:45:12 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/01/22 15:41:48 | 00,547,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/01/22 15:38:04 | 00,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57929295-3719358328-2888033797-1003UA.job
[2010/01/22 14:07:59 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/01/22 12:59:17 | 00,067,424 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2010/01/22 12:58:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/22 12:58:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/22 12:58:26 | 10,730,74176 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/22 02:08:56 | 08,388,608 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/01/22 02:08:56 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/01/22 01:56:20 | 00,023,266 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\1264124918193.jpg
[2010/01/22 01:56:14 | 00,187,313 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\1264125247908.jpg
[2010/01/22 01:47:53 | 03,736,962 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\1264102053725.gif
[2010/01/21 12:38:00 | 00,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57929295-3719358328-2888033797-1003Core.job
[2010/01/20 19:28:49 | 00,053,984 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/20 18:59:11 | 00,000,779 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/19 16:47:39 | 03,035,995 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\1263888267154.gif
[2010/01/17 01:24:28 | 00,000,032 | ---- | M] () -- C:\WINDOWS\go
[2010/01/16 13:07:47 | 00,503,304 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/16 13:07:47 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/16 13:07:47 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/16 12:11:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/14 17:37:55 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2010/01/22 14:07:58 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/01/22 01:56:20 | 00,023,266 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\1264124918193.jpg
[2010/01/22 01:56:14 | 00,187,313 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\1264125247908.jpg
[2010/01/22 01:47:53 | 03,736,962 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\1264102053725.gif
[2010/01/19 16:47:39 | 03,035,995 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\1263888267154.gif
[2009/11/29 15:36:26 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2009/08/08 18:35:48 | 00,173,384 | ---- | C] () -- C:\WINDOWS\System32\AVLibrary.dll
[2009/05/17 00:50:56 | 00,000,712 | ---- | C] () -- C:\Program Files\FLV Player
[2009/02/19 18:39:49 | 00,000,068 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2009/01/14 20:12:32 | 00,007,338 | ---- | C] () -- C:\Program Files\hijackthis.log
[2008/12/23 15:33:18 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/08/08 11:47:37 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\MpfApi.dll
[2008/08/08 11:47:36 | 00,055,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\MpFirewall.sys
[2008/05/26 20:21:01 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2008/05/03 11:13:46 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/04/24 00:03:38 | 00,007,680 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/18 13:50:36 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/16 15:24:40 | 00,000,302 | ---- | C] () -- C:\WINDOWS\ARColorCodes.ini
[2007/12/05 13:43:31 | 00,000,540 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2003/06/09 19:25:04 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[2003/01/01 15:25:02 | 00,000,531 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/01 11:07:48 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2003/01/01 11:05:46 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/01/01 10:53:15 | 00,028,986 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/01/01 10:52:51 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/01/01 10:52:15 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/01/01 09:57:28 | 00,001,669 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/01/01 09:48:22 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/01 09:20:42 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/01 09:11:43 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/01/01 09:11:43 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/01/01 09:11:23 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/01/01 08:40:09 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/01 08:34:24 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/01 08:33:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/01/01 08:14:03 | 00,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/01/01 08:14:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini

========== LOP Check ==========

[2008/02/14 17:54:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AceBIT
[2009/11/28 18:41:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arovax
[2009/11/28 18:39:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AutoHideIP
[2008/02/14 16:35:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2003/01/01 10:47:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2009/09/19 13:41:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2008/02/03 16:55:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/12/21 14:22:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2009/12/19 15:33:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2009/12/19 16:03:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/01/16 19:54:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/14 17:54:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AceBIT
[2009/09/20 13:03:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2009/11/28 18:39:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AutoHideIP
[2008/08/13 20:56:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/02/13 14:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CoreFTP
[2008/03/01 12:48:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla
[2008/03/22 03:39:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2008/02/14 16:35:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GlobalSCAPE
[2009/12/24 17:47:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Hide IP NG
[2009/09/19 13:46:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2009/08/26 14:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mask Surf
[2009/12/19 15:34:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2009/10/17 13:46:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2009/01/31 21:00:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Orbit
[2009/12/19 15:44:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2009/03/08 21:09:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Primal 3D Body
[2003/01/01 11:20:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2008/02/16 16:35:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmartDraw
[2010/01/21 15:32:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StumbleUpon
[2009/09/19 13:07:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2009/12/27 22:00:57 | 00,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2007/12/05 20:27:48 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2007/12/05 20:27:48 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004/08/04 06:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 06:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
[2001/08/17 20:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001/08/17 20:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\system32\ReinstallBackups\0027\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2003/09/23 18:46:00 | 10,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2003/09/24 09:46:00 | 10,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2007/12/05 20:27:48 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2003/09/24 09:46:00 | 10,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2007/12/05 20:27:48 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002/08/29 01:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2003/09/23 12:20:00 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2003/09/23 12:20:00 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0019\DriverFiles\i386\atapi.sys
[2002/08/29 01:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\i386\atapi.sys
[2004/08/04 05:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 05:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2002/10/24 15:59:48 | 00,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 07:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 07:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2003/09/23 23:16:00 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2003/09/23 21:31:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 18:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 18:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 07:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 07:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 07:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2003/09/23 12:18:00 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/10/29 05:48:03 | 00,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/10/29 05:48:03 | 00,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2009/10/29 05:48:03 | 00,251,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF1D8F55
< End of report >


OTL EXTRAS:


OTL Extras logfile created on: 22/01/2010 15:42:31 - Run 1
OTL by OldTimer - Version 3.1.25.4 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 658.00 Mb Available Physical Memory | 64.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.01 Gb Total Space | 54.09 Gb Free Space | 77.26% Space Free | Partition Type: NTFS
Drive D: | 4.50 Gb Total Space | 0.55 Gb Free Space | 12.19% Space Free | Partition Type: FAT32
Drive E: | 187.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-G2ASVV4L2M
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Avant Browser\avant.exe (Avant Force)
.url [@ = InternetShortcut] -- C:\Program Files\Avant Browser\avant.exe (Avant Force)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force)
htmlfile [opennew] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force)
http [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force)
https [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force)
InternetShortcut [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialler -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Services -- (AOL LLC)
"C:\Program Files\AOL\RC\regClient.exe" = C:\Program Files\AOL\RC\regClient.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\AOL 9.0 VRa\waol.exe" = C:\Program Files\AOL 9.0 VRa\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\Avant Browser\avant.exe" = C:\Program Files\Avant Browser\avant.exe:*:Enabled:Avant Browser -- (Avant Force)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}" = ArcSoft ShowBiz 2
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D6B740F-D9A2-45A6-BDC4-0A453D499FE6}" = PC Connectivity Solution
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4810699-E859-43A6-8F40-1743873E72AB}" = Delta
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Regclient" = AOL Registration
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AvantBrowser" = Avant Browser (remove only)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"FLV Player" = FLV Player 2.0 (build 25)
"Hide IP Platinum_is1" = Hide IP Platinum 3.5
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Photo & Imaging 3.1
"InstallShield_{145CACAF-9B34-41FC-BE49-7D510A253E78}" = Multimedia Card Reader
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Personal Firewall Plus" = McAfee Personal Firewall Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA GART Driver" = NVIDIA GART Driver
"RealPlayer 6.0" = RealPlayer
"Security Task Manager" = Security Task Manager 1.7h
"Smart Defrag_is1" = Smart Defrag 1.20
"StreetPlugin" = Learn2 Player (Uninstall Only)
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinPcapInst" = WinPcap 4.1 beta5
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/12/2009 11:45:19 | Computer Name = YOUR-G2ASVV4L2M | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 13/12/2009 20:17:29 | Computer Name = YOUR-G2ASVV4L2M | Source = Application Hang | ID = 1002
Description = Hanging application avant.exe, version 11.7.0.39, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15/12/2009 10:40:59 | Computer Name = YOUR-G2ASVV4L2M | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x0012beb9.

Error - 15/12/2009 19:15:07 | Computer Name = YOUR-G2ASVV4L2M | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 17/12/2009 14:35:38 | Computer Name = YOUR-G2ASVV4L2M | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x62160b50.

Error - 19/12/2009 12:11:42 | Computer Name = YOUR-G2ASVV4L2M | Source = MsiInstaller | ID = 1013
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Microsoft
.NET Framework 2.0 Service Pack 2 cannot be uninstalled because it will affect other
applications that are installed. For more information, see http://go.microsoft....k/?LinkId=91126.

Error - 19/12/2009 12:12:09 | Computer Name = YOUR-G2ASVV4L2M | Source = MsiInstaller | ID = 1013
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 -- Microsoft
.NET Framework 3.0 Service Pack 2 cannot be uninstalled because it will affect other
applications that are installed. For more information, see http://go.microsoft....k/?LinkId=91126.

Error - 21/12/2009 13:28:57 | Computer Name = YOUR-G2ASVV4L2M | Source = Application Error | ID = 1000
Description = Faulting application mpftray.exe, version 4.5.3.30, faulting module
mpftray.exe, version 4.5.3.30, fault address 0x000126a2.

Error - 28/12/2009 17:02:29 | Computer Name = YOUR-G2ASVV4L2M | Source = Application Hang | ID = 1002
Description = Hanging application avant.exe, version 11.7.0.39, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 01/01/2010 14:16:43 | Computer Name = YOUR-G2ASVV4L2M | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 20/01/2010 21:01:12 | Computer Name = YOUR-G2ASVV4L2M | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 20/01/2010 21:01:12 | Computer Name = YOUR-G2ASVV4L2M | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 20/01/2010 21:01:12 | Computer Name = YOUR-G2ASVV4L2M | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 20/01/2010 21:01:12 | Computer Name = YOUR-G2ASVV4L2M | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 20/01/2010 21:01:12 | Computer Name = YOUR-G2ASVV4L2M | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 20/01/2010 21:01:12 | Computer Name = YOUR-G2ASVV4L2M | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 20/01/2010 21:01:13 | Computer Name = YOUR-G2ASVV4L2M | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 20/01/2010 21:01:13 | Computer Name = YOUR-G2ASVV4L2M | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 20/01/2010 21:01:13 | Computer Name = YOUR-G2ASVV4L2M | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 20/01/2010 21:01:13 | Computer Name = YOUR-G2ASVV4L2M | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >
  • 0

#4
RKinner
Posted 22 January 2010 - 12:35 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Don't see much. You have XP SP2 instead of SP3 which is probably why you are getting the errors about Application Management Service. Either update to SP3 (older AMD processors may need a BIOS update to run SP3 but it should work without a problem on Intel PCs.) or get the hotfix:

http://support.microsoft.com/kb/328213

There is something funny about firefox but it was there last time you were here. You might want to uninstall it then do a search of C;\ and subfolders including hidden and system files for mozilla and delete any you find and then download the latest version.

We can run an MBAM full scan and Combofix and see if either finds anything:

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Reboot now, please :!:

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:



1.Contents of C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

2. Contents of C:\Combofix.txt


Ron
  • 0

#5
Versacci
Posted 06 February 2010 - 10:28 AM

Versacci

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Hi there, Ron, sorry for delaying in getting back to you, been away for a week.

Here's the logs you requested:

Malwarebytes' Anti-Malware 1.44
Database version: 3697
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

06/02/2010 16:10:56
mbam-log-2010-02-06 (16-10-56).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 206784
Time elapsed: 1 hour(s), 7 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



ComboFix

ComboFix 10-02-05.04 - Owner 06/02/2010 16:16:39.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1023.653 [GMT 0:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\iAlmcoin.dll
c:\windows\system32\ps2.bat

.
((((((((((((((((((((((((( Files Created from 2010-01-06 to 2010-02-06 )))))))))))))))))))))))))))))))
.

2010-01-14 17:41 . 2009-11-21 16:36 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 14:32 . 2010-02-06 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2010-02-06 03:10 . 2008-06-27 19:29 -------- d-----w- c:\documents and settings\Owner\Application Data\StumbleUpon
2010-01-23 13:15 . 2009-10-17 13:46 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-20 19:28 . 2007-12-05 13:59 53984 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 19:54 . 2008-05-26 20:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-16 18:46 . 2008-08-12 22:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-16 18:44 . 2008-09-06 14:44 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 16:07 . 2008-08-12 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2008-08-12 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-25 22:37 . 2009-12-25 22:21 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-12-24 17:53 . 2009-12-24 17:52 -------- d-----w- c:\program files\Hide IP Platinum
2009-12-24 17:47 . 2009-09-01 14:59 -------- d-----w- c:\documents and settings\Owner\Application Data\Hide IP NG
2009-12-22 05:42 . 2006-06-23 11:33 662016 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2009-09-19 16:24 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-21 23:59 . 2009-12-21 21:19 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2009-12-21 21:18 . 2009-12-21 21:18 -------- d-----w- c:\program files\VideoLAN
2009-12-19 16:03 . 2009-12-19 16:03 703 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_F047B6D92A9D6A54DB4CA054D394F96E.dll
2009-12-19 16:03 . 2009-12-19 16:03 41 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_56A968A049C8C7F45A7C79D2C3C8DEE9.dll
2009-12-19 16:03 . 2009-12-19 16:03 3568 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_26DDC2EC4210AC63483DF9D4FCC5B59D.dll
2009-12-19 16:03 . 2009-12-19 16:03 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DC3BF90CC0D3D2F398A9A6D1762F70F3.dll
2009-12-19 16:03 . 2009-12-19 16:03 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DC1503A46F231838AD88BCDDC8E8F7C.dll
2009-12-19 16:03 . 2007-12-09 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-12-19 16:01 . 2009-12-19 15:32 -------- d-----w- c:\program files\Nokia
2009-12-19 15:44 . 2009-12-19 15:44 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Suite
2009-12-19 15:34 . 2009-12-19 15:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Nokia
2009-12-19 15:33 . 2009-12-19 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaMusic
2009-12-19 15:32 . 2009-12-19 15:32 -------- d-----w- c:\program files\DIFX
2009-12-19 15:29 . 2009-12-19 15:29 -------- d-----w- c:\program files\MSBuild
2009-12-19 15:29 . 2009-12-19 15:29 -------- d-----w- c:\program files\Reference Assemblies
2009-12-19 15:24 . 2009-12-19 15:24 -------- d-----w- c:\program files\MSXML 6.0
2009-12-18 16:30 . 2009-02-01 19:10 -------- d-----w- c:\program files\StumbleUpon
2009-12-17 00:09 . 2010-02-06 14:32 49241 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_BunkerHill.dll
2009-12-16 07:07 . 2010-02-06 14:32 136528 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\Vercopy.exe
2009-12-15 13:23 . 2009-12-15 13:20 -------- d-----w- c:\program files\Security Task Manager
2009-12-15 13:20 . 2009-12-15 13:20 3710 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_F6CAE87C37A7E2541843BD2B61C5A586.dll
2009-12-15 13:20 . 2009-12-15 13:20 302 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E5D9D200AB92D6E3B94CD3D7D6CB37C5.dll
2009-12-15 13:20 . 2009-12-15 13:20 1251 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D20352A90C039D93DBF6126ECE614057.dll
2009-12-15 13:20 . 2009-12-15 13:20 1180 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_F65865963B6B0EB4ABB0F894B53E0233.dll
2009-12-15 13:20 . 2009-12-15 13:20 152 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6E8A266FCD4F2A1409E1C8110F44DBCE.dll
2009-12-15 13:20 . 2009-12-15 13:20 75 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1F9ACB2AC6655084791DF7CD39837632.dll
2009-12-15 13:20 . 2009-12-15 13:20 6718 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4CD78B6ED3B23844DAFF4E38FB179819.dll
2009-12-15 13:20 . 2009-12-15 13:20 316 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0D756077321A70C3E844C138CE981581.dll
2009-12-15 13:20 . 2009-12-15 13:20 27 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4EA42A62D9304AC4784BF238120661FF.dll
2009-12-15 13:20 . 2009-12-15 13:20 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_36C00F72B944BAF2BC8E42BA081E4794.dll
2009-12-15 06:33 . 2010-02-06 14:32 120144 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\SBFix.exe
2009-12-15 06:14 . 2010-02-06 14:32 95568 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\RunOnce.exe
2009-12-15 04:35 . 2010-02-06 14:32 106496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Raga_Refresh.dll
2009-12-14 16:00 . 2010-02-06 14:32 106496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Almaak.dll
2009-12-14 14:06 . 2010-02-06 14:32 106496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Thailand.dll
2009-12-14 14:03 . 2010-02-06 14:32 106496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Strauss.dll
2009-12-08 23:17 . 2009-06-27 10:05 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-21 16:36 . 2007-08-09 02:58 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-05-17 00:50 . 2009-05-17 00:50 712 ----a-w- c:\program files\FLV Player.lnk
2004-05-08 12:04 . 2007-12-05 20:14 0 --sha-w- c:\windows\SMINST\HPCD.SYS
2009-09-20 19:14 . 2009-09-20 18:58 3860512 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-08-19 852038]
"Acme.PCHButton"="c:\progra~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe" [2003-01-01 155648]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-05 133104]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-08-19 4841472]
"nwiz"="nwiz.exe" [2003-08-19 323584]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-12-04 71216]
"HostManager"="c:\program files\Common Files\AOL\1209815663\ee\AOLSoftware.exe" [2006-11-14 50736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-27 413696]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2003-08-18 1048576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-23 185896]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-20 149280]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-06-27 21:32 413696 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2008-08-23 11:40 214560 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AOL\\RC\\regClient.exe"=
"c:\\Program Files\\AOL 9.0 VRa\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Avant Browser\\avant.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [19/09/2009 14:15 108289]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23/12/2008 15:35 50704]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [08/12/2009 22:41 120232]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\documents and settings\Owner\Desktop\SysProt\SysProt\SysProtDrv.sys --> c:\documents and settings\Owner\Desktop\SysProt\SysProt\SysProtDrv.sys [?]
S3 tap0801;Smarthide TAP driver;c:\windows\system32\drivers\tap0801.sys [12/10/2007 13:07 55808]
.
Contents of the 'Scheduled Tasks' folder

2010-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57929295-3719358328-2888033797-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-05 22:22]

2010-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57929295-3719358328-2888033797-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-05 22:22]

2010-01-24 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-09-19 08:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL =
mSearch Bar = hxxp://srch-gb10.hpwis.com/
uInternet Connection Wizard,ShellNext = hxxp://google.co.uk/
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-VTTimer - VTTimer.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 16:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-02-06 16:23:29
ComboFix-quarantined-files.txt 2010-02-06 16:23

Pre-Run: 57,639,993,344 bytes free
Post-Run: 57,649,582,080 bytes free

- - End Of File - - E619AC1AF742130C5ECB8C219949756B
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP