Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

unknown malware/virus infection [Solved]

Started by ocelot77 , Apr 03 2010 09:22 PM

  • This topic is locked This topic is locked

#1
ocelot77
Posted 03 April 2010 - 09:22 PM

ocelot77

    New Member

  • Member
  • Pip
  • 5 posts
I have have an infection of some kind on this computer, and as of yet I have had little luck cleaning my system.

I have tried everything in the malware and spyware cleaning guide. I have also searched this site for any similar problems that have been solved already. While that was very helpful, they didn't solve all the issues I'm having.

The first problem I have is that I have been unable to update Windows, malwarebytes, or spybot s&d for some time. Other programs update with no issues, even other malware searching programs, but all scans by any other programs come up clean.

The second more recent issues is that now many web pages seem to be randomly redirect to others. Some of this I have been able to stop with the download of the noscrips add on for firefox, that I found on these forums. However, it is only covering part of the problem and not solving the bigger issue as some redirects still get through. I feel this is connected to the first issue due to the fact that I cannot get to the windows update, malwarebytes, or spybot websites.

The following posts will be for the OTL and GMER logs.

Thanks in advance for any help.
  • 0

Advertisements

#2
ocelot77
Posted 03 April 2010 - 09:26 PM

ocelot77

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL logfile created on: 4/2/2010 6:25:28 PM - Run 5
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Downloads\installers
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 4605 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.32 Gb Total Space | 7.89 Gb Free Space | 5.47% Space Free | Partition Type: NTFS
Drive D: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICKSCOMPUTER
Current User Name: Peter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/30 21:59:53 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Downloads\installers\OTL.exe
PRC - [2010/03/24 20:12:16 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/30 21:43:14 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/05 20:30:36 | 001,252,232 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/03/12 18:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/09/27 20:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 19:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/03/02 04:00:18 | 000,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFIHLP.EXE
PRC - [2006/03/02 03:53:36 | 000,717,312 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE
PRC - [2005/11/08 12:30:42 | 000,016,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2005/10/14 11:01:06 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/01/26 11:47:42 | 000,065,604 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
PRC - [2004/10/22 03:24:46 | 000,774,144 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriver.exe
PRC - [2003/06/18 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe


========== Modules (SafeList) ==========

MOD - [2010/03/30 21:59:53 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Downloads\installers\OTL.exe
MOD - [2005/11/08 12:30:42 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - [2007/11/05 20:30:36 | 001,252,232 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/03/12 18:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/01/26 11:47:42 | 000,065,604 | ---- | M] (Boingo Wireless, Inc.) [Auto | Running] -- C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe -- (EarthLinkMonitor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/26 22:12:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/26 20:58:32 | 000,000,000 | ---D | M]

[2009/02/10 21:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Mozilla\Extensions
[2010/04/01 17:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\zhsypc8c.default\extensions
[2008/05/24 13:49:46 | 000,000,000 | ---D | M] (AeroFox Basic) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\zhsypc8c.default\extensions\{0F4F7F5C-C791-4951-8D9C-A0847AD03A7B}
[2008/05/24 13:46:29 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\zhsypc8c.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/06/24 17:26:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\zhsypc8c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/30 11:43:42 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\zhsypc8c.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/04/01 17:06:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/03/25 11:48:29 | 000,382,118 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13163 more lines...
O3 - HKLM\..\Toolbar: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll (EarthLink, Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [E6TaskPanel] C:\Program Files\EarthLink TotalAccess\TaskPanl.exe (EarthLink, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: EarthLink Google Search - C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll (EarthLink, Inc.)
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....030/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://webgames.d.tm...h2.1.0.0.48.cab (CPlayFirstDinerDash2Control Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1154043747865 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15030/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 156.154.70.11 156.154.71.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.6,93.188.161.34
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/29 21:57:16 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/21 17:22:16 | 000,000,045 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{227dddd3-1dc4-11db-bd1c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{227dddd3-1dc4-11db-bd1c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{227dddd3-1dc4-11db-bd1c-806d6172696f}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009/04/29 21:57:16 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{6bb39446-bfc6-11dd-be2a-001372d842af}\Shell\AutoRun\command - "" = G:\WDSetup.exe -- File not found
O33 - MountPoints2\{e23a1e67-c249-11dd-be2b-001372d842af}\Shell\AutoRun\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e23a1e67-c249-11dd-be2b-001372d842af}\Shell\install\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e23a1e67-c249-11dd-be2b-001372d842af}\Shell\usermanualEnglish\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e23a1e67-c249-11dd-be2b-001372d842af}\Shell\usermanualFrench\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e23a1e67-c249-11dd-be2b-001372d842af}\Shell\usermanualSpanish\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{f7d5c8e9-490e-11dc-bda1-001372d842af}\Shell - "" = AutoRun
O33 - MountPoints2\{f7d5c8e9-490e-11dc-bda1-001372d842af}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f7d5c8e9-490e-11dc-bda1-001372d842af}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sasnative32) - C:\WINDOWS\System32\sasnative32.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: atibStub - (C:\WINDOWS\system32\grpcnfig.dll) - C:\WINDOWS\System32\grpcnfig.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/07/14 22:59:25 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173366603513856)

========== Files/Folders - Created Within 14 Days ==========

[2010/04/02 17:51:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Desktop\GooredFix Backups
[2010/03/26 22:14:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/26 22:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/26 20:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp WINAMPONLY
[2010/03/26 20:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/03/26 20:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2010/03/26 20:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Remote
[2010/03/26 20:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Application Data\CBS Interactive
[2010/03/22 23:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Desktop\New Folder (2)
[2010/03/20 19:59:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/20 19:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Desktop\TheLoomyBin
[2010/03/20 18:36:58 | 000,000,000 | ---D | C] -- C:\TheLoomyBin
[2010/02/24 03:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/11/27 08:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/11/16 21:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2009/09/04 19:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/07/04 13:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Creative
[2008/10/05 17:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\EarthLink
[2008/10/05 17:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\ScamBlocker
[2006/09/15 16:20:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/07/20 13:59:10 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2005/08/16 04:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/08/16 04:30:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/04/02 18:08:28 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/02 17:52:27 | 011,796,480 | ---- | M] () -- C:\Documents and Settings\Peter\ntuser.dat
[2010/04/02 17:49:30 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/02 17:49:30 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/02 17:49:30 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/02 17:47:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/02 17:44:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/02 17:44:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/02 17:44:00 | 3219,279,872 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/02 17:31:50 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Peter\ntuser.ini
[2010/04/01 23:39:28 | 000,064,984 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000005-10031102}.rfx
[2010/04/01 23:39:28 | 000,054,320 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000005-10031102}.rfx
[2010/04/01 23:39:28 | 000,054,320 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000005-10031102}.rfx
[2010/04/01 23:39:28 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/04/01 23:39:28 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/04/01 17:51:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/01 14:27:17 | 011,803,614 | -H-- | M] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\IconCache.db
[2010/03/31 20:47:08 | 000,005,070 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/03/30 16:43:18 | 000,215,552 | ---- | M] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/30 13:06:07 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/30 12:49:33 | 000,000,564 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/30 12:49:33 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/30 12:49:33 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2010/03/30 11:35:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vpc32.INI
[2010/03/26 22:24:17 | 000,000,026 | ---- | M] () -- C:\WINDOWS\startUp manager.INI
[2010/03/26 22:17:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2010/03/26 21:19:17 | 000,000,606 | ---- | M] () -- C:\WINDOWS\Uninstall Manager.INI
[2010/03/26 20:58:30 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp Remote.lnk
[2010/03/25 11:48:29 | 000,382,118 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/25 11:34:14 | 000,378,917 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100325-114829.backup
[2010/03/21 00:02:13 | 000,762,530 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\pattern.bmp
[2010/03/20 19:26:27 | 000,081,617 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\installcw.zip

========== Files Created - No Company Name ==========

[2010/03/30 13:10:52 | 000,033,616 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010/03/30 11:35:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/03/29 12:32:47 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\gmer.exe
[2010/03/26 22:24:07 | 000,000,026 | ---- | C] () -- C:\WINDOWS\startUp manager.INI
[2010/03/26 22:17:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/03/26 21:19:17 | 000,000,606 | ---- | C] () -- C:\WINDOWS\Uninstall Manager.INI
[2010/03/26 20:58:30 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp Remote.lnk
[2010/03/21 00:02:12 | 000,762,530 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\pattern.bmp
[2010/03/20 19:26:31 | 000,081,617 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\installcw.zip
[2009/11/16 19:55:09 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2009/11/16 19:55:02 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2009/11/16 19:54:59 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2009/07/04 13:04:31 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
[2009/07/04 12:34:12 | 000,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
[2009/07/04 12:30:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2009/02/25 11:45:28 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2009/02/25 11:45:28 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2009/02/25 11:45:28 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2009/02/25 11:45:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2008/11/28 15:13:59 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2008/06/30 01:32:38 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\A45BBB52D5.sys
[2008/03/23 23:05:29 | 000,002,199 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/02/08 18:13:44 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\LS3Renderer.dll
[2007/11/25 15:20:58 | 000,009,071 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2007/08/06 00:28:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2006/12/27 00:18:30 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Peter\Application Data\dvd.bmk
[2006/08/08 02:26:21 | 000,005,070 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/08 02:26:21 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\11847EF0B6.sys
[2006/08/02 00:09:31 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Peter\Application Data\PFP120JPR.{PB
[2006/08/02 00:09:31 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Peter\Application Data\PFP120JCM.{PB
[2006/07/31 22:30:01 | 000,215,552 | ---- | C] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/27 21:39:14 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/27 19:29:47 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/07/27 18:35:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\fusioncache.dat
[2006/07/20 14:36:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/20 14:25:52 | 000,000,506 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/20 13:52:14 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/07/20 13:52:14 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/07/20 13:52:14 | 000,000,190 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/07/20 13:52:12 | 000,050,432 | R--- | C] () -- C:\WINDOWS\System32\claptn.ini
[2006/07/20 13:50:22 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/20 11:32:24 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\PDFreDirectMonNT.dll
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/07 21:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2002/03/13 15:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll

========== LOP Check ==========

[2009/03/21 11:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2010/03/04 17:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/04 17:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/11/29 00:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2009/02/25 11:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novint
[2010/03/26 20:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2008/06/21 13:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2008/11/28 14:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/11/28 14:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
[2008/05/12 00:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/11/12 15:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2008/11/28 14:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 12
[2008/05/20 18:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/09/24 00:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Systweak
[2008/02/23 00:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/07/27 20:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2009/11/27 01:48:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/26 22:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\CBS Interactive
[2010/01/15 19:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Crayon Physics Deluxe
[2007/08/09 22:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Earthlink
[2006/07/27 19:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\EarthLink Toolbar
[2010/03/29 21:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\FrostWire
[2008/08/03 02:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\GARMIN
[2008/10/18 15:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\gtk-2.0
[2009/06/26 22:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\IObit
[2006/07/27 22:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Leadertech
[2009/05/19 15:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\OpenOffice.org
[2008/06/21 13:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Otto
[2006/08/01 18:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\PDF reDirect
[2008/05/18 23:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\PlayFirst
[2008/11/28 15:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\proDAD
[2009/05/29 00:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Research In Motion
[2008/05/13 22:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\rockbox.org
[2009/12/18 20:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\runic games
[2010/02/05 01:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\SanDisk
[2007/08/09 22:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\ScamBlocker
[2008/06/21 12:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\SPORE Creature Creator
[2009/12/03 22:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Synthesia
[2009/09/24 00:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Systweak
[2010/03/30 12:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\uTorrent
[2007/04/20 00:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Viewpoint
[2010/04/02 18:08:28 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/12 09:34:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/12 09:34:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/12 09:34:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/12 09:34:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2005/09/01 15:24:42 | 000,212,992 | ---- | M] (EarthLink, Inc.) MD5=4B28CD532EA8AFE16A2A40B5D30DA277 -- C:\Program Files\EarthLink TotalAccess\EventLog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/03/02 22:40:42 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[2008/04/13 19:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/16 04:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 04:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 04:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Files - Unicode (All) ==========
[2007/11/25 15:48:29 | 000,000,152 | ---- | M] ()(C:\WINDOWS\System32\???????????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥䕜牡桴楌歮䕜牡桴楌歮倠潲整瑣潩潃瑮潲敃瑮牥卜湡屡潃普杩塜楖睥挮湯楦g
[2007/11/25 15:48:29 | 000,000,152 | ---- | C] ()(C:\WINDOWS\System32\???????????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥䕜牡桴楌歮䕜牡桴楌歮倠潲整瑣潩潃瑮潲敃瑮牥卜湡屡潃普杩塜楖睥挮湯楦g
< End of report >
  • 0

#3
ocelot77
Posted 03 April 2010 - 09:32 PM

ocelot77

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
For whatever reason OTL only created an extras log after the first time I downloaded and ran it. Any scans following that only created the regular log file. So some changes to my system have already been made after this file was created.


OTL Extras logfile created on: 3/26/2010 9:49:52 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Downloads\installers
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 34.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 4605 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.32 Gb Total Space | 10.08 Gb Free Space | 6.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 192.97 Gb Free Space | 41.43% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICKSCOMPUTER
Current User Name: Peter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:TaskPanl -- (EarthLink, Inc.)
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\utorrent\uTorrent.exe" = C:\Program Files\utorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02548730-180A-487e-A726-A75CB6650AF7}" = D1400
"{03E66394-42F0-4745-85F7-0A2F8F35C09F}" = HP Deskjet Printer Driver Software 9.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{07982F29-C7D6-423F-A100-C0FC67D0EC2F}" = EarthLink Wireless High Speed
"{07B5FCA5-2B1F-E26C-95FF-57EBEF4C1989}" = Catalyst Control Center Localization All
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{10B3936F-0E93-4431-8E7B-3FEA5DAC88C3}" = Garmin Communicator Plugin
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1BD05B04-7A33-409A-A714-613163E41935}" = BlackBerry Desktop Software 5.0.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{262BF2CD-601D-4F43-919C-4B00B1D1F338}" = Boris Graffiti
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36AD13A4-AEE0-24F6-AA8F-0C6E681DECC1}" = Catalyst Control Center HydraVision Full
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40939C6D-8F27-40B8-9CBC-72701624185D}" = Redistributed Files
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{41B60BE2-2AD5-4407-82A3-CAC011722891}" = CCC Help English
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Driver
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{634F6989-4BB5-4EF2-AF6F-C15700F81494}}_is1" = Advanced System Optimizer
"{6428883D-64B5-A88F-7A53-355E7DD2D904}" = ccc-utility
"{6523912B-1853-8E2F-E7E7-BC81D4035B96}" = ccc-core-preinstall
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{75177B35-F07D-B593-67C6-A8B7A7F9A635}" = CCC Help Japanese
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{7797C70B-11EB-446A-9B1E-3D9039DB581F}" = TotalAccess Core Applications
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7AE858CD-7AD6-D9E6-627E-E452A71896E7}" = Catalyst Control Center Graphics Full Existing
"{7E8DB1E0-C2C4-F8B8-F794-9FDA6BBD053B}" = CCC Help Chinese Standard
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8B184BEE-318C-E789-D988-1BB0708D99FE}" = Catalyst Control Center Graphics Full Existing
"{8BC8DA36-302D-14FA-55AE-5CAAF1CA4F25}" = Catalyst Control Center Graphics Light
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A44C8D37-B36B-D378-2201-97137494E339}" = ccc-utility
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{AA4469D9-F78A-AD5E-857E-0083E183DC3C}" = Catalyst Control Center Graphics Full New
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0020634-3C3E-A66A-1CB3-DD73B441C21C}" = Catalyst Control Center Core Implementation
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B307FBF9-C9B5-355A-E8E9-EAB36E702B31}" = CCC Help Korean
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5DE553F-E158-2468-1927-A7F6B255823D}" = ccc-core-static
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BB37C263-9B7F-6A1C-A1B8-333C3FB80614}" = ccc-core-preinstall
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C057F6D0-0E4C-4B18-B645-9D0804FCFAFD}" = EarthLink Common Authentication
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1CD48D-7B18-4254-B43D-AEAB704AB063}" = EarthLink MailBox
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFDF1790-24E0-8612-F72E-8CB557E87042}" = CCC Help Thai
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D1860E6E-520E-4380-8433-E58E8F88B473}" = Pinnacle Studio 12 Ultimate Plugins
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E02F11FF-DE47-7D17-2DAF-C914A4EF7935}" = Catalyst Control Center Graphics Light
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EC27630A-EAFB-AB2A-56CC-7F5189845D85}" = Catalyst Control Center Graphics Full New
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE™ Creature Creator Trial Edition
"{EFE673F6-688A-42ed-9C6C-9DD8CF5A9B89}" = D1400_Help
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F63932B1-635F-B28F-0F43-1CED483AF4F4}" = CCC Help Chinese Traditional
"{FD3D9B16-44E4-4231-E1E2-85C40A115F87}" = ATI Catalyst Install Manager
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FD93D7F1-9631-7477-F88D-FF53976D83C3}" = Catalyst Control Center Graphics Previews Common
"{FF087B26-DD20-4DD0-B97F-0B08B76A04D1}" = Deal Info
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced System Protector_is1" = Advanced System Protector
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BlackBerry_{1BD05B04-7A33-409A-A714-613163E41935}" = BlackBerry Desktop Software 5.0.1
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.51
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 53
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Diner Dash 2" = Diner Dash 2
"EarthLink TotalAccess 2004" = EarthLink Software
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"FrostWire" = FrostWire 4.18.4
"GetRight" = GetRight
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IObit Security 360_is1" = IObit Security 360
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Novint - 3PointShootout" = Novint - 3PointShootout
"Novint - Falcon" = Novint - Falcon
"Novint - FalconTutorial" = Novint - FalconTutorial
"Novint - Golf" = Novint - Golf
"Novint - HomeRunSmashout" = Novint - HomeRunSmashout
"Novint - N VeNT" = Novint - N VeNT
"Novint - NMB" = Novint - NMB
"Novint - NotChoCheese" = Novint - NotChoCheese
"Novint - TableTennis" = Novint - TableTennis
"Novint - TopPinBowling" = Novint - TopPinBowling
"Orb" = Winamp Remote
"PDF reDirect" = PDF reDirect (remove only)
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"PROSet" = Intel® PRO Network Connections Drivers
"PSP Video 9" = PSP Video 9 1.74
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Steam App 215" = Source SDK Base
"Steam App 220" = Half-Life 2
"Steam App 22010" = World of Goo Demo
"Steam App 26810" = Braid Demo
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Synthesia" = Synthesia (remove only)
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CNET TechTracker" = CNET TechTracker
"Putty" = Putty
"Sansa Updater" = Sansa Updater
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/26/2010 12:19:02 AM | Computer Name = NICKSCOMPUTER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 3/26/2010 12:19:02 AM | Computer Name = NICKSCOMPUTER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 3/26/2010 12:19:02 AM | Computer Name = NICKSCOMPUTER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 3/26/2010 12:19:02 AM | Computer Name = NICKSCOMPUTER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 3/26/2010 12:19:05 AM | Computer Name = NICKSCOMPUTER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 3/26/2010 12:19:06 AM | Computer Name = NICKSCOMPUTER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 3/26/2010 12:19:51 AM | Computer Name = NICKSCOMPUTER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 3/26/2010 3:32:58 AM | Computer Name = NICKSCOMPUTER | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 3/26/2010 2:15:57 PM | Computer Name = NICKSCOMPUTER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 3/26/2010 2:15:57 PM | Computer Name = NICKSCOMPUTER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 3/23/2010 12:25:18 AM | Computer Name = NICKSCOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 3/23/2010 3:30:04 PM | Computer Name = NICKSCOMPUTER | Source = Service Control Manager | ID = 7031
Description = The Windows Defender service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 15000 milliseconds:
Restart the service.

Error - 3/23/2010 3:30:12 PM | Computer Name = NICKSCOMPUTER | Source = Service Control Manager | ID = 7034
Description = The IS360service service terminated unexpectedly. It has done this
1 time(s).

Error - 3/23/2010 3:54:03 PM | Computer Name = NICKSCOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 3/23/2010 9:49:07 PM | Computer Name = NICKSCOMPUTER | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 3/24/2010 9:07:02 PM | Computer Name = NICKSCOMPUTER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec AntiVirus service.

Error - 3/24/2010 9:07:34 PM | Computer Name = NICKSCOMPUTER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec AntiVirus service.

Error - 3/24/2010 9:11:57 PM | Computer Name = NICKSCOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 3/25/2010 3:37:59 PM | Computer Name = NICKSCOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 3/25/2010 9:49:08 PM | Computer Name = NICKSCOMPUTER | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >
  • 0

#4
ocelot77
Posted 03 April 2010 - 09:33 PM

ocelot77

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-03 19:44:44
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Peter\LOCALS~1\Temp\fwrcyaog.sys


---- System - GMER 1.0.15 ----

SSDT 8AE3CE00 ZwConnectPort
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA355350]
SSDT 8AD8A1A8 ZwQueryValueKey
SSDT 8AC40490 ZwResumeThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA355580]

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)
Device DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A56F7D20
Device A5707428

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----
  • 0

#5
ldtate
Posted 04 April 2010 - 07:16 AM

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Posted Image


DO NOT use any TOOLS such as Combofix, Vundofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.


Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Uncheck "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Uncheck "Hide protected operating system files."
Click Apply, and then click OK.


Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.
Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.
When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:
Double-click on the Folder Options icon.
Click on the View tab.


If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.
Click on Show Hidden Files or Folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.




Please do not delete anything unless instructed to.


We've been seeing some Java infections lately.
Go here and follow the instructions to clear your Java Cache


Next:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
[/list]If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:


Download ComboFix from one of these locations:

Link 1
Link 2 If using this link, Right Click and select Save As.


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs

  • Double click on ComboFix.exe & follow the prompts.

    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

    Note: If you have SP3, use the SP2 package.If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.
  • 0

#6
ocelot77
Posted 06 April 2010 - 11:52 AM

ocelot77

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
So far it seems to have worked. I can run windows update again. If I still have issues I will be sure to make another post. I need to check a few more things.

Here is the combofix log.

ComboFix 10-04-05.02 - Peter 04/06/2010 12:30:34.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2207 [GMT -5:00]
Running from: c:\documents and settings\Peter\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Peter\LOCALS~1\Temp\{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}\_ISRES.DLL
c:\docume~1\Peter\LOCALS~1\Temp\{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}\ISRT.DLL
c:\documents and settings\Peter\Local Settings\temp\{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}\_ISRES.DLL
c:\documents and settings\Peter\Local Settings\temp\{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}\ISRT.DLL
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATI64SI


((((((((((((((((((((((((( Files Created from 2010-03-06 to 2010-04-06 )))))))))))))))))))))))))))))))
.

2010-04-05 21:40 . 2010-04-05 21:40 -------- d-----w- c:\documents and settings\Tori\Application Data\Jasc Software Inc
2010-04-05 21:38 . 2010-04-05 21:38 -------- d-----w- c:\documents and settings\Tori\Application Data\Corel Photo Album
2010-04-05 21:38 . 2010-04-05 21:38 -------- d-----w- c:\documents and settings\Tori\Local Settings\Application Data\Corel Photo Album
2010-04-03 04:35 . 2010-04-03 04:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-02 18:34 . 2010-04-02 18:34 -------- d-----w- c:\documents and settings\Tori\Application Data\Research In Motion
2010-03-30 18:10 . 2010-03-03 03:20 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-03-29 23:08 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-03-29 23:08 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2010-03-27 03:17 . 2010-03-27 03:17 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-27 03:13 . 2010-03-27 03:13 -------- d-----w- c:\program files\ERUNT
2010-03-27 01:58 . 2010-03-27 01:58 -------- d-----w- c:\program files\Winamp WINAMPONLY
2010-03-27 01:58 . 2010-03-27 01:58 -------- d-----w- c:\program files\Winamp Detect
2010-03-27 01:58 . 2010-03-27 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\OrbNetworks
2010-03-27 01:58 . 2010-03-27 01:58 -------- d-----w- c:\program files\Winamp Remote
2010-03-27 01:46 . 2010-03-27 03:42 -------- d-----w- c:\documents and settings\Peter\Application Data\CBS Interactive
2010-03-25 05:16 . 2010-03-25 05:16 -------- d-----w- c:\documents and settings\Tori\Application Data\Apple Computer
2010-03-24 04:11 . 2010-03-24 04:11 -------- d-----w- c:\documents and settings\Tori\Local Settings\Application Data\Adobe
2010-03-20 23:36 . 2010-03-20 23:36 -------- d-----w- C:\TheLoomyBin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 17:41 . 2008-06-07 05:57 -------- d-----w- c:\program files\Symantec AntiVirus
2010-04-05 21:38 . 2006-08-08 07:26 5278 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-05 21:38 . 2006-08-08 07:26 88 --sh--r- c:\windows\system32\11847EF0B6.sys
2010-04-04 16:29 . 2010-04-04 16:29 61440 ----a-w- c:\documents and settings\Tori\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-457f2c85-n\decora-sse.dll
2010-04-04 16:29 . 2010-04-04 16:29 503808 ----a-w- c:\documents and settings\Tori\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1f810440-n\msvcp71.dll
2010-04-04 16:29 . 2010-04-04 16:29 499712 ----a-w- c:\documents and settings\Tori\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1f810440-n\jmc.dll
2010-04-04 16:29 . 2010-04-04 16:29 348160 ----a-w- c:\documents and settings\Tori\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1f810440-n\msvcr71.dll
2010-04-04 16:29 . 2010-04-04 16:29 12800 ----a-w- c:\documents and settings\Tori\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-457f2c85-n\decora-d3d.dll
2010-04-04 03:41 . 2010-02-19 14:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-04 02:23 . 2010-03-03 00:02 -------- d-----w- c:\documents and settings\Peter\Application Data\vlc
2010-04-03 03:43 . 2009-03-11 21:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-01 01:47 . 2009-05-19 20:35 1 ----a-w- c:\documents and settings\Peter\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-30 20:59 . 2007-01-09 22:07 -------- d-----w- c:\program files\Steam
2010-03-30 17:54 . 2007-01-22 06:20 -------- d-----w- c:\documents and settings\Peter\Application Data\uTorrent
2010-03-30 02:36 . 2009-12-12 06:32 -------- d-----w- c:\documents and settings\Peter\Application Data\FrostWire
2010-03-27 01:58 . 2006-07-28 03:09 -------- d-----w- c:\program files\Winamp
2010-03-21 00:59 . 2010-03-21 00:59 61440 ----a-w- c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-63e80b6d-n\decora-sse.dll
2010-03-21 00:59 . 2010-03-21 00:59 503808 ----a-w- c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-222290aa-n\msvcp71.dll
2010-03-21 00:59 . 2010-03-21 00:59 348160 ----a-w- c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-222290aa-n\msvcr71.dll
2010-03-21 00:59 . 2010-03-21 00:59 12800 ----a-w- c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-63e80b6d-n\decora-d3d.dll
2010-03-21 00:59 . 2010-03-21 00:59 499712 ----a-w- c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-222290aa-n\jmc.dll
2010-03-21 00:59 . 2006-07-20 19:10 -------- d-----w- c:\program files\Common Files\Java
2010-03-21 00:58 . 2006-07-20 19:10 -------- d-----w- c:\program files\Java
2010-03-19 23:24 . 2007-01-22 06:20 -------- d-----w- c:\program files\utorrent
2010-03-04 22:47 . 2010-03-03 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-03-04 22:47 . 2009-06-25 02:53 -------- d-----w- c:\program files\IObit
2010-03-04 22:41 . 2010-03-04 22:41 -------- d-----w- c:\program files\Alwil Software
2010-03-04 22:41 . 2010-03-04 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-03 04:21 . 2009-05-16 03:58 4630016 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-03-03 04:07 . 2009-05-16 02:51 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-03-03 04:02 . 2009-05-16 01:35 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-03-03 04:02 . 2009-05-16 01:34 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-03-03 04:01 . 2009-05-16 01:33 3641344 ----a-w- c:\windows\system32\aticaldd.dll
2010-03-03 03:44 . 2009-05-16 02:55 14262272 ----a-w- c:\windows\system32\atioglxx.dll
2010-03-03 03:40 . 2009-05-16 03:39 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-03-03 03:40 . 2006-07-20 18:50 3616096 ----a-w- c:\windows\system32\ati3duag.dll
2010-03-03 03:39 . 2006-07-20 18:50 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-03-03 03:24 . 2009-05-16 03:18 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-03-03 03:24 . 2006-07-20 18:50 2232320 ----a-w- c:\windows\system32\ativvaxx.dll
2010-03-03 03:24 . 2009-05-16 03:17 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-03-03 03:24 . 2009-05-16 03:17 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-03-03 03:24 . 2009-05-16 02:54 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-03-03 03:24 . 2009-05-16 02:54 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-03-03 03:24 . 2009-05-16 03:17 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-03-03 03:23 . 2009-05-16 03:17 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-03-03 03:22 . 2009-05-16 03:15 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-03-03 03:21 . 2009-05-16 03:14 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-03-03 03:16 . 2009-05-16 02:33 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-03-03 03:15 . 2009-05-16 02:31 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-03-03 03:14 . 2009-05-16 02:31 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-03-03 03:14 . 2009-05-16 02:26 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-03-03 03:09 . 2006-07-20 18:50 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-03-03 03:07 . 2009-05-16 02:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-03-03 03:07 . 2009-05-16 02:38 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-03-03 03:07 . 2009-02-25 20:44 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-03-01 17:36 . 2009-01-13 23:29 -------- d-----w- c:\program files\Full Tilt Poker
2010-03-01 17:36 . 2006-07-20 19:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-25 19:55 . 2009-04-23 19:04 201875 ----a-w- c:\windows\system32\atiicdxx.dat
2010-02-19 19:16 . 2010-02-19 19:16 99224 ----a-w- c:\documents and settings\Tori\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-19 19:16 . 2010-02-19 19:16 -------- d-----w- c:\documents and settings\Tori\Application Data\ATI
2010-02-19 19:16 . 2010-02-19 19:16 -------- d-----w- c:\documents and settings\Tori\Application Data\GTek
2010-02-19 14:27 . 2010-02-19 14:27 -------- d-----w- c:\documents and settings\Peter\Application Data\Malwarebytes
2010-02-19 14:27 . 2010-02-19 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-19 01:23 . 2009-07-16 20:46 5968 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-19 01:23 . 2010-02-19 01:23 99224 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-18 02:26 . 2010-02-18 02:26 10134 ----a-r- c:\documents and settings\Peter\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-02-18 02:26 . 2010-02-18 02:26 -------- d-----w- c:\program files\Microsoft WSE
2010-02-18 01:37 . 2008-06-21 16:59 -------- d-----w- c:\program files\Electronic Arts
2010-02-12 16:11 . 2010-02-12 05:57 43488992 ----a-w- c:\documents and settings\All Users\Application Data\Systweak\Advanced System Protector\Antispyware_Setup_2_12_2010.exe
2010-02-05 19:33 . 2008-10-15 18:14 -------- d-----w- c:\documents and settings\Peter\Application Data\Apple Computer
2010-02-05 19:13 . 2009-11-27 06:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-02-05 06:32 . 2010-02-05 06:32 354744 ----a-w- c:\documents and settings\Peter\Application Data\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
2010-02-05 06:32 . 2010-02-05 06:32 79872 ----a-w- c:\documents and settings\Peter\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
2010-02-05 06:32 . 2010-02-05 06:32 574344 ----a-w- c:\documents and settings\Peter\Application Data\SanDisk\Sansa Updater\SansaUpdater.exe
2010-02-03 05:27 . 2010-02-03 05:27 78100 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-23 01:51 . 2010-01-23 01:51 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-14 17:12 . 2009-10-03 05:22 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 01:12 . 2009-11-16 21:44 535 ----a-w- c:\windows\eReg.dat
2008-06-30 06:32 . 2008-06-30 06:32 56 --sh--r- c:\windows\system32\A45BBB52D5.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"E6TaskPanel"="c:\program files\EarthLink TotalAccess\TaskPanl.exe" [2005-09-01 942080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 18944]
"CTHelper"="CTHELPER.EXE" [2005-11-08 16384]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-10-31 623960]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2005-11-08 25600]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
atibStub REG_SZ c:\windows\system32\grpcnfig.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\utorrent\\uTorrent.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

R2 EarthLinkMonitor;EarthLink Monitor Service;c:\program files\EarthLink TotalAccess\WENGINE\wmonitor.exe [1/26/2005 11:47 AM 65604]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/23/2008 12:44 AM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [8/28/2009 8:03 PM 102448]
S3 BCASPROT;Advanced System Protector;c:\program files\Systweak\Advanced System Protector\sasprot32.sys [9/24/2009 12:15 AM 6656]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2NDIS5.SYS [11/1/2004 2:16 PM 17536]
S3 cpuz130;cpuz130;\??\c:\docume~1\Peter\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Peter\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-04-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: EarthLink Google Search - c:\program files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\zhsypc8c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-06 12:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(1556)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\MsiExec.exe
c:\program files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
c:\progra~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe
.
**************************************************************************
.
Completion time: 2010-04-06 12:46:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-06 17:46

Pre-Run: 7,890,792,448 bytes free
Post-Run: 7,703,113,728 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 9E7C244611AFDC37D0E6090B3539DA8A
  • 0

#7
ldtate
Posted 06 April 2010 - 06:18 PM

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Good job :thumbup:

The following will implement some cleanup procedures as well as reset System Restore points:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

If you used DeFogger
You must remember to re-enable your Emulation drivers once we are finished, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.


To be on the safe side, I would also change all my passwords.



Here's my usual all clean post

Log looks good :)


  • Make your Internet Explorer more secure - This can be done by following these simple instructions:[list=1]
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.

  • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly.
    Without regular updates you WILL NOT be protected when new malicious programs are released.

Only run one Anti-Virus and Firewall program.


I would suggest you read How to Prevent Malware:
  • 0

#8
ldtate
Posted 09 April 2010 - 07:33 AM

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP