Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Corrupted WinSock in Registry?

Started by super_handsome , Feb 19 2010 04:47 AM

  • Please log in to reply

#1
super_handsome
Posted 19 February 2010 - 04:47 AM

super_handsome

    New Member

  • Member
  • Pip
  • 2 posts
Hi,

I think my other DELL notebook got infected - but not sure if it's caused by Malware, Spyware or Virus though. It seems to be having LAN connection error. Sometimes it shows that it's connected to the LAN (LED light shown from the USB-LAN connector) but sometimes it just doesn't show any lights at all and the LAN connection (at the desktop toolbar) shows a connectivity error message i.e. this connection has limited or no connectivity!

My notebook is running on Win XP SP 2 and it's connected to the router via a LAN cable. I've gone through the steps advised in "Malware & Spyware Cleaning Guide" and below are my scan logs for your review and advise soonest possible. However, the only scan i can't perform due to no internet access is the Malwarebytes' Anti-Malware since an online update is required.

Your assistance is greatly appreciated. Thanks so much! :)

__________________________________________________________________________________________________________
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-18 15:17:10
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\LAWREN~1\LOCALS~1\Temp\uwrciuog.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF8605514]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF85F4282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF85F4474]
SSDT F8E331C4 ZwCreateThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF8605D00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF8605FB8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF86043FA]
SSDT F8E331B0 ZwOpenProcess
SSDT F8E331B5 ZwOpenThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF8606422]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF86057D8]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF323C0B0]
SSDT F8E331BA ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs F2507400

---- Processes - GMER 1.0.15 ----

Process C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe (*** hidden *** ) 3100

---- EOF - GMER 1.0.15 ----


SCANS FROM OTL:
OTL Report

OTL logfile created on: 2/18/2010 5:46:12 PM - Run 1
OTL by OldTimer - Version 3.1.30.0 Folder = E:\Malware Removal
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 281.00 Mb Available Physical Memory | 55.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 1.62 Gb Free Space | 2.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.92 Gb Total Space | 1.89 Gb Free Space | 98.37% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MY_BECONEQ
Current User Name: Lawrence Wong
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/19 12:24:22 | 000,549,376 | ---- | M] (OldTimer Tools) -- E:\Malware Removal\5th-OTL.exe
PRC - [2010/01/05 07:56:02 | 002,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/09/28 22:05:37 | 000,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/09/28 22:05:35 | 001,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/15 13:31:53 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 13:30:02 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008/06/12 13:28:45 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008/02/22 04:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2007/11/06 08:37:56 | 000,734,472 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\RAXCO\PerfectDisk\PDEngine.exe
PRC - [2007/11/06 08:37:48 | 000,414,984 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\RAXCO\PerfectDisk\PDAgent.exe
PRC - [2007/06/29 21:03:49 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
PRC - [2007/06/13 18:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/07 08:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2004/08/04 09:07:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2004/08/04 00:56:58 | 000,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slserv.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2010/02/19 12:24:22 | 000,549,376 | ---- | M] (OldTimer Tools) -- E:\Malware Removal\5th-OTL.exe
MOD - [2004/08/04 00:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/28 22:05:35 | 001,028,432 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/01/21 13:08:06 | 001,095,560 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/01/07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/10/15 13:31:53 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/15 13:30:02 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2007/11/06 08:37:56 | 000,734,472 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2007/11/06 08:37:48 | 000,414,984 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2007/06/29 21:03:49 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)
SRV - [2007/02/18 22:22:27 | 000,138,168 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2004/08/04 00:56:58 | 000,073,796 | ---- | M] (Smart Link) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2004/08/04 00:56:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-us.start.m...en-US:official"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.39
FF - prefs.js..keyword.URL: "http://search.yahoo....8&fr=megaup&p="
FF - prefs.js..keyword.enabled: false

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/11 21:53:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/12 13:44:16 | 000,000,000 | ---D | M]

[2008/09/07 16:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Wong\Application Data\Mozilla\Extensions
[2010/02/17 12:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Wong\Application Data\Mozilla\Firefox\Profiles\4kyotk1s.default\extensions
[2010/01/26 22:19:13 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Lawrence Wong\Application Data\Mozilla\Firefox\Profiles\4kyotk1s.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/04/20 01:31:20 | 000,000,000 | ---D | M] (Blue Ice 2) -- C:\Documents and Settings\Lawrence Wong\Application Data\Mozilla\Firefox\Profiles\4kyotk1s.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2008/04/21 17:16:07 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\Lawrence Wong\Application Data\Mozilla\Firefox\Profiles\4kyotk1s.default\searchplugins\mozilla-add-ons.xml
[2010/02/17 12:02:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/17 12:05:59 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Lawrence Wong\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 7921 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Ranges: 2 range(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 2187 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: 2 range(s) not assigned to a zone.
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.1)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://eu-housecall....ivex/hcImpl.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1190434475640 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1190436286514 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (work.exe) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Lawrence Wong\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lawrence Wong\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4DEC9B29-F08F-4cbc-B179-592B9283FAB1} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/16 16:47:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{32e8a270-4d28-11da-91bc-f7adae5c69f5}\Shell\Auto\command - "" = E:\printer.exe -- File not found
O33 - MountPoints2\{32e8a270-4d28-11da-91bc-f7adae5c69f5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8845a880-eddb-11dd-8434-0000e800e173}\Shell - "" = AutoRun
O33 - MountPoints2\{8845a880-eddb-11dd-8434-0000e800e173}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8845a880-eddb-11dd-8434-0000e800e173}\Shell\AutoRun\command - "" = E:\start.exe -- File not found
O33 - MountPoints2\{965df312-7404-11dc-834c-0000e800e173}\Shell\Auto\command - "" = E:\printer.exe -- File not found
O33 - MountPoints2\{965df312-7404-11dc-834c-0000e800e173}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b503da64-b0b3-11dc-83c2-0000e800e173}\Shell\Auto\command - "" = E:\printer.exe -- File not found
O33 - MountPoints2\{b503da64-b0b3-11dc-83c2-0000e800e173}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b5a9b0f0-6eae-11dc-8341-cc32f3b1388a}\Shell\Auto\command - "" = F:\printer.exe -- File not found
O33 - MountPoints2\{b5a9b0f0-6eae-11dc-8341-cc32f3b1388a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c42a6c00-6e80-11dc-833e-0000e800e173}\Shell\Auto\command - "" = E:\printer.exe -- File not found
O33 - MountPoints2\{c42a6c00-6e80-11dc-833e-0000e800e173}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/07/17 14:35:40 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/18 13:45:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/18 13:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/17 21:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/17 21:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lawrence Wong\Application Data\SUPERAntiSpyware.com
[2010/02/17 21:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/17 21:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/02/17 21:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/17 21:43:25 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Lawrence Wong\Desktop\HijackThis.exe
[2007/04/17 00:27:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/04/15 20:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/04/12 21:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2007/04/12 21:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2007/03/07 23:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/01/11 21:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2006/12/09 15:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2006/12/09 15:39:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/11/07 00:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/11/06 23:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2006/10/13 23:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2006/10/13 23:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2005/10/21 00:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall

========== Files - Modified Within 14 Days ==========

[2010/02/18 16:28:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/18 16:27:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/18 16:27:53 | 536,313,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/18 16:26:18 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Lawrence Wong\NTUSER.DAT
[2010/02/18 16:26:18 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Lawrence Wong\ntuser.ini
[2010/02/18 13:20:49 | 000,392,534 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/18 13:20:49 | 000,058,794 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/18 13:20:48 | 000,458,340 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/17 21:55:33 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/17 21:44:12 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Lawrence Wong\Desktop\HijackThis.lnk
[2010/02/17 21:18:32 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Lawrence Wong\Desktop\HijackThis.exe
[2010/02/17 13:53:59 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/17 12:05:59 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/09 07:25:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/08 22:05:43 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

========== Files Created - No Company Name ==========

[2010/02/17 21:55:33 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/17 21:44:12 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Lawrence Wong\Desktop\HijackThis.lnk
[2008/04/20 22:32:42 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2007/10/20 11:39:31 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/02 11:12:06 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/04/21 15:46:16 | 000,654,848 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2007/04/21 15:46:15 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/04/21 15:46:13 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/04/21 15:46:11 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/04/21 15:46:11 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/03/23 14:07:42 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/03/08 18:43:49 | 000,000,262 | ---- | C] () -- C:\Documents and Settings\Lawrence Wong\Application Data\WinssCookie.txt
[2006/11/25 11:35:15 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/25 11:35:15 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/11/11 21:04:37 | 000,000,096 | ---- | C] () -- C:\WINDOWS\VPPLAYS.INI
[2006/10/13 23:34:28 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2006/10/13 23:34:27 | 000,000,129 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/09/16 23:36:40 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/05/13 16:24:10 | 000,001,824 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/12 23:47:53 | 000,000,049 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2006/02/12 23:44:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2006/02/12 23:44:32 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2005/11/06 23:25:59 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\Lawrence Wong\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/22 15:49:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/08/04 09:07:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/07/08 00:16:08 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini

========== LOP Check ==========

[2007/03/07 23:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2008/12/14 20:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2007/06/29 21:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2006/10/13 23:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/02/13 20:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/27 21:37:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2007/03/07 23:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Wong\Application Data\AVG7
[2007/06/07 14:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Wong\Application Data\Azureus
[2006/11/10 21:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Wong\Application Data\GlarySoft
[2006/06/18 22:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Wong\Application Data\Leadertech
[2003/07/08 00:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Wong\Application Data\pdf995
[2006/11/01 23:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lawrence Wong\Application Data\Uniblue
[2010/02/08 22:05:43 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2007/03/12 18:33:58 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 09:07:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 09:07:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 09:07:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 09:07:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 09:07:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 09:07:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/07/17 22:12:38 | 001,204,224 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/07/17 13:35:54 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2007/07/17 22:12:38 | 022,544,384 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/07/17 22:12:38 | 005,242,880 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 244 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >


OTL EXTRA REPORT:

OTL Extras logfile created on: 2/18/2010 5:46:12 PM - Run 1
OTL by OldTimer - Version 3.1.30.0 Folder = E:\Malware Removal
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 281.00 Mb Available Physical Memory | 55.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 1.62 Gb Free Space | 2.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.92 Gb Total Space | 1.89 Gb Free Space | 98.37% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MY_BECONEQ
Current User Name: Lawrence Wong
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"53305:TCP" = 53305:TCP:*:Enabled:BitComet 53305 TCP
"53305:UDP" = 53305:UDP:*:Enabled:BitComet 53305 UDP
"50658:TCP" = 50658:TCP:*:Enabled:BitComet 50658 TCP
"50658:UDP" = 50658:UDP:*:Enabled:BitComet 50658 UDP
"50500:TCP" = 50500:TCP:*:Enabled:BitComet 50500 TCP
"50500:UDP" = 50500:UDP:*:Enabled:BitComet 50500 UDP
"51842:TCP" = 51842:TCP:*:Enabled:BitComet 51842 TCP
"51842:UDP" = 51842:UDP:*:Enabled:BitComet 51842 UDP
"59336:TCP" = 59336:TCP:*:Enabled:BitComet 59336 TCP
"59336:UDP" = 59336:UDP:*:Enabled:BitComet 59336 UDP
"52866:TCP" = 52866:TCP:*:Enabled:BitComet 52866 TCP
"52866:UDP" = 52866:UDP:*:Enabled:BitComet 52866 UDP
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\BitGrabber\BitGrabber.exe" = C:\Program Files\BitGrabber\BitGrabber.exe:*:Enabled:Torrent P2P application -- File not found
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{212F5777-1190-4DEF-8E4D-6B2F313B45E7}" = PerfectDisk
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v1.5.1890.18 Idcrl Install
"{5E863175-E85D-44A6-8968-82507D34AE7F}" = QuickTime
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update
"{AAE10BE5-F398-41C1-9AAF-A59EBF17DFDE}" = Norton Spyware Scan
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D07A8E7E-D324-4945-BA8C-E532AD008FF3}" = Microsoft Windows OneCare Live v1.5.1890.18
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"BitComet" = BitComet 0.70
"CCleaner" = CCleaner (remove only)
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.89 Full
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSN Music Assistant" = MSN Music Assistant
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norton Spyware Scan provided by Yahoo!" = Norton Spyware Scan provided by Yahoo!
"Panda ActiveScan" = Panda ActiveScan
"PowerISO" = PowerISO
"PrimoPDF2.0" = PrimoPDF
"RealPlayer 6.0" = RealPlayer
"Registry Repair_is1" = Registry Repair 2.0
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Spyware Doctor" = Spyware Doctor 6.0
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SpywareGuard_is1" = SpywareGuard v2.2
"Vodei Multimedia Processor" = Vodei Multimedia Processor 2.00
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/15/2009 6:07:51 AM | Computer Name = MY_BECONEQ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/22/2009 6:13:57 AM | Computer Name = MY_BECONEQ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 7/27/2009 10:03:00 AM | Computer Name = MY_BECONEQ | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 7/31/2009 10:13:31 AM | Computer Name = MY_BECONEQ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 8/29/2009 12:31:01 AM | Computer Name = MY_BECONEQ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/2/2009 6:10:44 AM | Computer Name = MY_BECONEQ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/14/2009 3:04:13 PM | Computer Name = MY_BECONEQ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/22/2009 10:08:51 PM | Computer Name = MY_BECONEQ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 1/22/2010 6:09:17 AM | Computer Name = MY_BECONEQ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 2/18/2010 1:24:45 AM | Computer Name = MY_BECONEQ | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

[ System Events ]
Error - 2/18/2010 1:25:17 AM | Computer Name = MY_BECONEQ | Source = Service Control Manager | ID = 7034
Description = The PDEngine service terminated unexpectedly. It has done this 1
time(s).

Error - 2/18/2010 1:25:17 AM | Computer Name = MY_BECONEQ | Source = Service Control Manager | ID = 7034
Description = The SmartLinkService service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/18/2010 1:35:28 AM | Computer Name = MY_BECONEQ | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
kl1

Error - 2/18/2010 3:40:39 AM | Computer Name = MY_BECONEQ | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2/18/2010 3:40:39 AM | Computer Name = MY_BECONEQ | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/18/2010 3:42:48 AM | Computer Name = MY_BECONEQ | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2/18/2010 3:42:48 AM | Computer Name = MY_BECONEQ | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/18/2010 3:57:49 AM | Computer Name = MY_BECONEQ | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2/18/2010 3:57:49 AM | Computer Name = MY_BECONEQ | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 2/18/2010 4:29:57 AM | Computer Name = MY_BECONEQ | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
kl1

[ Windows OneCare Events ]
Error - 3/11/2007 11:22:36 AM | Computer Name = MY_DELL | Source = WinSS | ID = 1002
Description =

Error - 3/12/2007 1:28:33 AM | Computer Name = MY_DELL | Source = WinSS | ID = 1012
Description =

Error - 3/12/2007 6:25:48 AM | Computer Name = MY_DELL | Source = WinSS | ID = 1012
Description =


< End of report >


TQ.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP