Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help with removal!

Started by DanCove , Dec 11 2010 03:48 PM

  • Please log in to reply

#1
DanCove
Posted 11 December 2010 - 03:48 PM

DanCove

    New Member

  • Member
  • Pip
  • 1 posts
Hey,
so I'm more than sure my pc has some sort of virus. It tends to restart randomly and programs also randomly shut down such as firefox and games. I have a few programs that Ive downloaded in attempts to fix this such as spyware terminator, IObit security and microsoft security, but obviously they aren't helping at all. Hopefully someone can point me in the right direction so I can get this computer running somewhat normally again :S
-Also, some thing called MarketResearch keeps opening up and trying to download constantly and it says I need the disc to install it. No idea what that is though. Was thinking its some type of virus or something.



Here's the OTL.txt from my scan:

OTL logfile created on: 12/11/2010 1:40:47 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\default\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 372.61 Gb Total Space | 293.31 Gb Free Space | 78.72% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: default | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/11 13:40:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\My Documents\Downloads\OTL.exe
PRC - [2010/12/10 17:05:38 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/09 14:49:06 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010/10/07 22:05:38 | 002,845,552 | ---- | M] (GamersFirst) -- C:\Program Files\GamersFirst\LIVE!\Live.exe
PRC - [2010/09/23 23:37:50 | 003,037,696 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2010/09/23 23:37:48 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2010/09/15 03:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/06/11 17:14:24 | 001,280,344 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360tray.exe
PRC - [2010/06/11 17:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/05/16 05:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/30 14:54:50 | 002,486,272 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.1\program\soffice.bin
PRC - [2006/11/30 14:54:34 | 002,334,720 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.1\program\soffice.exe


========== Modules (SafeList) ==========

MOD - [2010/12/11 13:40:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/10/22 11:22:00 | 001,470,464 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006/10/22 11:22:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [Disabled | Stopped] -- C:\windows\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - File not found [On_Demand | Stopped] -- C:\windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/09/23 23:37:48 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010/06/11 17:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/29 07:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/05/16 05:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\XDva120.sys -- (XDva120)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [File_System | Boot | Stopped] -- C:\windows\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - [2010/09/23 23:37:48 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010/07/16 13:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 13:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2008/05/16 05:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 05:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/12/21 00:26:00 | 004,405,248 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/10/22 11:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/07/11 05:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 05:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/28 01:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004/08/03 14:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\windows\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC E8 FE 3B C5 5B CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....=ytff-i3752&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-i3752"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-i3752"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.5.6.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 17:05:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 17:05:43 | 000,000,000 | ---D | M]

[2010/12/07 19:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default\Application Data\Mozilla\Extensions
[2009/02/27 19:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default\Application Data\Mozilla\Extensions\[email protected]
[2010/12/10 14:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\qigng4mz.default\extensions
[2010/12/09 09:48:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\qigng4mz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/07/13 14:30:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\qigng4mz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/12/09 09:48:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\qigng4mz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/27 18:33:46 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\qigng4mz.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/12/07 19:03:41 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\qigng4mz.default\searchplugins\conduit.xml
[2010/12/07 19:03:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/09 14:49:06 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009/12/16 12:29:40 | 000,000,839 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jZipWebSearch.xml

O1 HOSTS File: ([2008/10/06 22:49:49 | 000,267,517 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 9267 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (WXcllB Class) - {AEFEF98B-C7AD-4ab7-BC89-CF2191F79361} - C:\Documents and Settings\All Users\Application Data\Microsoft\Machine\WXcll.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (IObitCom Toolbar) - {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - C:\Program Files\IObitCom\tbIObi.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Alcmtr] C:\windows\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSPY2002] C:\windows\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\windows\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\windows\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SkyTel] C:\windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe (GamersFirst)
O4 - Startup: C:\Documents and Settings\default\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} http://www.streamplu...lug/beta/SP.cab (StreamPlug Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1187730073812 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://139.142.95.16...sCamControl.cab (CamImage Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://costco.pnimed...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://emupst7.webe...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\default\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\default\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{03c83fb3-d3b3-11dd-a1f1-0019211be1bf}\Shell - "" = AutoRun
O33 - MountPoints2\{03c83fb3-d3b3-11dd-a1f1-0019211be1bf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a48bf41-a7bc-11da-ba58-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{9a48bf41-a7bc-11da-ba58-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprecovr \SystemRoot\sprecovr.txt) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/11 12:25:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/10 13:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Guild Wars
[2010/12/09 17:07:30 | 000,000,000 | ---D | C] -- C:\windows\Logs
[2010/12/09 14:50:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default\My Documents\New Folder (7)
[2010/12/09 14:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default\My Documents\New Folder (6)
[2010/12/09 14:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default\My Documents\New Folder (5)
[2010/12/09 14:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default\Local Settings\Application Data\GamersFirst LIVE!
[2010/12/09 14:49:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default\Local Settings\Application Data\PMB Files
[2010/12/09 14:49:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/12/09 14:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/12/09 14:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\GamersFirst
[2010/12/09 14:03:16 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment
[2010/12/09 12:47:07 | 000,000,000 | ---D | C] -- C:\704ecb32dea17a200d
[2010/12/09 12:36:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default\Application Data\Philipp Winterberg
[2010/12/09 12:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\Free RAR Extract Frog
[2010/12/09 12:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\Smith Micro
[2010/12/07 19:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default\Local Settings\Application Data\jZip
[2010/12/07 19:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\jZip
[2010/12/07 19:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/12/05 12:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default\Desktop\DanSchool
[2010/11/29 18:22:58 | 000,000,000 | -HSD | C] -- C:\found.005
[2010/11/15 18:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default\Application Data\MP3Rocket
[2010/11/12 11:21:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[5 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/11 13:42:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/11 13:41:45 | 000,000,408 | -H-- | M] () -- C:\windows\tasks\MP Scheduled Scan.job
[2010/12/11 13:38:46 | 000,012,598 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2010/12/11 13:36:47 | 000,088,556 | ---- | M] () -- C:\windows\System32\nvapps.xml
[2010/12/11 13:36:39 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/11 13:36:39 | 000,000,616 | -H-- | M] () -- C:\windows\tasks\ConfigExec.job
[2010/12/11 13:36:23 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010/12/11 13:36:20 | 000,152,384 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/12/11 13:28:00 | 000,000,580 | -H-- | M] () -- C:\windows\tasks\DataUpload.job
[2010/12/11 12:00:00 | 000,000,366 | ---- | M] () -- C:\windows\tasks\PerfectOptimizer_home.job
[2010/12/10 17:12:00 | 000,000,472 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010/12/10 16:10:00 | 000,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2010/12/10 13:24:50 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Guild Wars.lnk
[2010/12/09 14:49:00 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2010/12/09 12:36:14 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free RAR Extract Frog.lnk
[2010/12/09 09:44:25 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2010/12/08 16:50:41 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/12/07 19:02:49 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/07 19:02:49 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/12/05 23:38:23 | 000,128,512 | ---- | M] () -- C:\Documents and Settings\default\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/05 22:00:00 | 000,000,388 | ---- | M] () -- C:\windows\tasks\SmartDefrag.job
[2010/12/05 12:51:38 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\default\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk
[2010/11/29 17:27:50 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\default\My Documents\~$VID's resume ROBERT.doc
[2010/11/19 19:58:32 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Ken Magnus Review Sept 2009.doc
[2010/11/15 17:13:24 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Anthony Sinclair Review Jan 2010.doc
[2010/11/15 16:23:40 | 000,074,240 | ---- | M] () -- C:\Documents and Settings\default\My Documents\Harvey English Review January 2010.doc
[5 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/10 13:24:50 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Guild Wars.lnk
[2010/12/09 14:49:00 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2010/12/09 12:36:14 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Free RAR Extract Frog.lnk
[2010/12/07 19:02:49 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/07 19:02:49 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/12/05 12:51:38 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\default\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk
[2010/11/29 17:27:50 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\default\My Documents\~$VID's resume ROBERT.doc
[2010/11/19 19:58:32 | 000,073,216 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Ken Magnus Review Sept 2009.doc
[2010/11/15 16:30:03 | 000,073,216 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Anthony Sinclair Review Jan 2010.doc
[2010/11/15 12:41:42 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\default\My Documents\Harvey English Review January 2010.doc
[2010/10/28 22:01:16 | 000,044,544 | ---- | C] () -- C:\windows\System32\GIF89.DLL
[2010/10/28 22:01:13 | 000,484,352 | ---- | C] () -- C:\windows\System32\lame_enc.dll
[2010/09/23 23:37:48 | 000,142,592 | ---- | C] () -- C:\windows\System32\drivers\sp_rsdrv2.sys
[2010/05/07 20:34:04 | 000,164,352 | ---- | C] () -- C:\windows\System32\unrar.dll
[2010/05/07 20:34:04 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2010/05/07 20:34:03 | 000,159,839 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2010/05/07 20:34:02 | 000,007,680 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2009/12/31 16:10:57 | 000,005,052 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xqkcebzs.dik
[2009/12/01 22:03:12 | 000,755,027 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009/12/01 22:03:12 | 000,344,064 | ---- | C] () -- C:\windows\System32\xvid.dll
[2009/12/01 20:39:29 | 000,323,584 | ---- | C] () -- C:\windows\System32\FoxImager.dll
[2009/02/13 00:21:48 | 000,000,016 | ---- | C] () -- C:\windows\QH32.INI
[2009/01/31 22:15:39 | 000,000,098 | ---- | C] () -- C:\windows\wininit.ini
[2008/05/22 09:19:17 | 000,000,052 | ---- | C] () -- C:\windows\GunzLauncher.INI
[2008/02/10 22:24:28 | 000,000,072 | ---- | C] () -- C:\windows\MediaManager.INI
[2008/01/15 08:59:08 | 000,051,304 | ---- | C] () -- C:\windows\System32\drivers\atnt40k.sys
[2007/12/10 14:27:00 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\default\Local Settings\Application Data\fusioncache.dat
[2007/12/10 13:48:40 | 000,022,328 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2007/12/10 13:48:40 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\default\Application Data\PnkBstrK.sys
[2007/11/25 22:48:15 | 000,000,023 | ---- | C] () -- C:\windows\BlendSettings.ini
[2007/11/21 00:13:26 | 000,000,376 | ---- | C] () -- C:\windows\abc3x.ini
[2007/11/03 14:54:25 | 000,000,145 | ---- | C] () -- C:\windows\StarryNight.ini
[2007/09/20 20:20:45 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/31 14:50:13 | 000,128,512 | ---- | C] () -- C:\Documents and Settings\default\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/29 00:42:07 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini
[2007/08/28 15:13:11 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2007/04/30 13:40:55 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2006/08/15 23:35:00 | 001,662,976 | ---- | C] () -- C:\windows\System32\nvwdmcpl.dll
[2006/08/15 23:35:00 | 001,470,464 | ---- | C] () -- C:\windows\System32\nview.dll
[2006/08/15 23:35:00 | 001,019,904 | ---- | C] () -- C:\windows\System32\nvwimg.dll
[2006/08/15 23:35:00 | 000,581,632 | ---- | C] () -- C:\windows\System32\nvhwvid.dll
[2006/08/15 23:35:00 | 000,466,944 | ---- | C] () -- C:\windows\System32\nvshell.dll
[2006/08/15 23:35:00 | 000,286,720 | ---- | C] () -- C:\windows\System32\nvnt4cpl.dll
[2006/08/15 23:35:00 | 000,212,992 | ---- | C] () -- C:\windows\System32\nvapi.dll
[2006/02/27 10:13:58 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\default\My Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP