Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Severe Lag and a Virus i cant find!


  • Please log in to reply

#1
SakiKitty

SakiKitty

    Member

  • Member
  • PipPipPip
  • 194 posts
Ok well this is how it goes.
For the past i dont know HOW long, my computer has just been lagging. I know ive complained about lag before but this is like... i cant play games or music without skipping, i cant use skype anymore cuz the other person cant hear me because my voice is skipping, and loading things in general just arent fast in the least bit.
Booting up is fast and normal though, if that helps.

Also, this morning while i was browsing the web, looking for new NVIDIA drivers, i accidentally clicked on a website i thought was their main (come to find out later it wasnt spelt the same but i was half asleep and wasnt paying attention) and all of a sudden, like 50 web pages pop up. I X out of them and more pop up. I continue to close them and eventually they stop coming. SO i think ok, thats weird. So i go and download the new driver from the actual website and while im doing that... i keep getting error screens popping up saying "we cant find "www-" web page" (i dont remember what web pages it was looking up, sry) and so im like What the... and cancel that. Then more and more keep coming but always a different web address. By reading which addresses they were, it was obvious they were spyware sites. Anyway so i continue to tell that to go f*ck itself, and eventually i have to restart my computer so the driver can finish its updating process. I go to restart and while everything is shutting down, i get a "end now" process that has a bunch of Korean letters as its name. Im going to completely assume that was the virus cuz i dont have anything thats Korean on my computer.
After i restarted i did a Malwarebytes scan and it found nothing... so i dont know if its still here or how to find it at this point.
Please help! Thanks!

PS. Id like to add that i also use CCleaner to clean up temp files and i do defragmentations reguarly.

Edited by SakiKitty, 18 December 2010 - 10:59 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi Saki :D

Lets see what you have

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT



  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

  • 0

#3
SakiKitty

SakiKitty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
Alright, here ya go :D

OTL logfile created on: 12/19/2010 8:21:51 PM - Run 1
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Documents and Settings\Saki\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 3840 7680 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 407.43 Gb Free Space | 87.48% Space Free | Partition Type: NTFS

Computer Name: 1DCGCC1 | User Name: Saki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/19 20:19:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Saki\Desktop\OTL.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/04/30 02:45:04 | 000,053,248 | ---- | M] () -- C:\WINDOWS\KBStatusLED.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/27 13:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/06/26 10:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/12/19 20:19:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Saki\Desktop\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/06/26 10:33:42 | 000,091,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\VentSrv\ventrilo_svc.exe -- (Ventrilo)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/08/27 10:20:10 | 000,208,616 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP)
SRV - [2006/06/26 10:33:56 | 000,091,696 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/06/26 10:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Saki\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/10/16 10:55:00 | 009,623,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/05/13 16:46:52 | 000,031,760 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/04/30 15:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 14:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009/04/30 14:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2009/02/24 18:56:54 | 000,227,344 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2008/12/15 19:41:32 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2008/11/12 16:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/07/21 16:34:36 | 000,121,872 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/13 17:02:46 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klfltdev.sys -- (KLFLTDEV)
DRV - [2007/01/30 11:12:06 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/27 13:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/06/26 10:33:36 | 001,952,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/06/26 10:33:28 | 001,587,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/06/18 22:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-790525478-2077806209-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-790525478-2077806209-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.google.co...lient&hl=en&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/16 23:13:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/16 23:18:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2010/03/18 03:10:03 | 000,000,000 | ---D | M]

[2010/07/30 21:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Saki\Application Data\Mozilla\Extensions
[2010/12/18 23:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Saki\Application Data\Mozilla\Firefox\Profiles\qbqz5cqz.default\extensions
[2010/08/12 19:18:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Saki\Application Data\Mozilla\Firefox\Profiles\qbqz5cqz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/04 02:28:15 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Saki\Application Data\Mozilla\Firefox\Profiles\qbqz5cqz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/30 21:19:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Saki\Application Data\Mozilla\Firefox\Profiles\qbqz5cqz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/13 02:20:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Saki\Application Data\Mozilla\Firefox\Profiles\qbqz5cqz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/18 23:57:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/08 22:12:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/18 22:27:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/16 23:04:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/27 14:50:55 | 000,425,218 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14674 more lines...
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O3 - HKU\S-1-5-21-790525478-2077806209-725345543-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [KBStatusLED1] C:\WINDOWS\KBStatusLED.exe ()
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-2077806209-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-2077806209-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-790525478-2077806209-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-790525478-2077806209-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\Saki\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Saki\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/30 10:50:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465059307421696)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/19 20:19:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Saki\Desktop\OTL.exe
[2010/12/18 23:33:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Saki\Recent
[2010/12/18 16:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Saki\Application Data\SystemRequirementsLab
[2010/12/18 15:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/12/16 23:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/12/16 23:13:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/12/16 23:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/12/16 23:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/12/13 18:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/12/12 22:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2010/12/12 22:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2010/12/10 02:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2010/12/09 17:44:54 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/12/08 20:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2010/12/04 08:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Saki\Application Data\skypePM
[2010/12/04 08:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/12/04 08:11:12 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/12/04 08:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Saki\Application Data\Skype
[2010/12/04 08:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/12/04 07:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/12/04 01:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/19 20:19:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Saki\Desktop\OTL.exe
[2010/12/19 19:55:52 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/19 16:55:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/19 02:56:55 | 004,845,996 | ---- | M] () -- C:\Documents and Settings\Saki\Desktop\asdas.mp3
[2010/12/18 23:41:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/18 23:40:23 | 001,910,304 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/12/18 23:40:23 | 000,565,280 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/12/18 23:40:23 | 000,018,100 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/12/18 23:40:23 | 000,004,060 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/12/18 16:58:52 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/18 16:58:52 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/18 16:58:50 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/18 16:50:38 | 000,433,472 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/18 16:50:38 | 000,068,318 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/18 16:47:41 | 000,237,284 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/12/18 14:23:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/17 02:32:31 | 000,011,197 | ---- | M] () -- C:\Documents and Settings\Saki\Desktop\Bleach_-_Hitohira_no_Hanabira.mp3
[2010/12/15 19:18:58 | 000,105,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/12 23:38:34 | 000,002,211 | ---- | M] () -- C:\Documents and Settings\Saki\Desktop\Document.doc
[2010/12/12 07:38:43 | 009,638,508 | ---- | M] () -- C:\Documents and Settings\Saki\Desktop\inori no kanata ~instrumental~.mp3
[2010/12/12 07:37:09 | 010,371,614 | ---- | M] () -- C:\Documents and Settings\Saki\Desktop\inori no kanata.mp3
[2010/12/11 02:07:25 | 000,005,848 | ---- | M] () -- C:\Documents and Settings\Saki\Desktop\th_st00pid_anime_kitty.jpg
[2010/12/08 23:39:08 | 000,001,130 | ---- | M] () -- C:\Documents and Settings\Saki\Local Settings\Application Data\FASTWiz.html
[2010/12/08 15:08:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/06 10:30:42 | 001,624,186 | ---- | M] () -- C:\Documents and Settings\Saki\Desktop\IMAG0169.JPG
[2010/12/04 08:16:15 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/27 14:50:55 | 000,425,218 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/24 19:14:48 | 002,986,038 | ---- | M] () -- C:\Documents and Settings\Saki\Desktop\untitled.bmp
[2010/11/22 14:53:36 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\Saki\My Documents\Adobe Reader 9.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/18 16:42:36 | 000,207,670 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2010/12/17 02:32:31 | 000,011,197 | ---- | C] () -- C:\Documents and Settings\Saki\Desktop\Bleach_-_Hitohira_no_Hanabira.mp3
[2010/12/12 07:38:15 | 009,638,508 | ---- | C] () -- C:\Documents and Settings\Saki\Desktop\inori no kanata ~instrumental~.mp3
[2010/12/12 07:36:48 | 010,371,614 | ---- | C] () -- C:\Documents and Settings\Saki\Desktop\inori no kanata.mp3
[2010/12/12 06:43:22 | 004,845,996 | ---- | C] () -- C:\Documents and Settings\Saki\Desktop\asdas.mp3
[2010/12/10 02:32:56 | 000,005,848 | ---- | C] () -- C:\Documents and Settings\Saki\Desktop\th_st00pid_anime_kitty.jpg
[2010/12/08 23:38:28 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Saki\Local Settings\Application Data\FASTWiz.html
[2010/12/08 22:39:32 | 000,147,642 | ---- | C] () -- C:\Documents and Settings\Saki\Local Settings\Application Data\FASTWiz.log
[2010/12/06 10:30:41 | 001,624,186 | ---- | C] () -- C:\Documents and Settings\Saki\Desktop\IMAG0169.JPG
[2010/12/04 08:16:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/24 19:14:47 | 002,986,038 | ---- | C] () -- C:\Documents and Settings\Saki\Desktop\untitled.bmp
[2010/06/20 04:02:25 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/12/01 12:43:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/11/18 08:47:36 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Saki\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/11 18:37:19 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/30 03:41:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/30 21:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/09/17 22:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/15 23:29:52 | 000,229,447 | ---- | C] () -- C:\WINDOWS\KBHook.dll

========== LOP Check ==========

[2010/12/04 07:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/12/18 15:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2009/11/17 18:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/07/29 19:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/12/18 23:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/12 18:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/05/27 14:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2010/05/27 14:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager
[2010/04/05 13:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/14 13:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/08/12 18:43:25 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/07/31 05:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Saki\Application Data\Auslogics
[2010/03/10 21:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Saki\Application Data\FreeAudioPack
[2009/08/30 15:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Saki\Application Data\GetRightToGo
[2009/11/16 23:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Saki\Application Data\Leadertech
[2009/08/30 10:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Saki\Application Data\MSNInstaller
[2009/10/08 15:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Saki\Application Data\OpenCandy
[2010/12/18 16:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Saki\Application Data\SystemRequirementsLab
[2010/08/12 18:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Saki\Application Data\TuneUp Software

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 02:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 02:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 02:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 02:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

< End of report >

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hm not a great deal showing there so lets do a little TLC and see if that resolves any of the problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disck check

  • 0

#5
SakiKitty

SakiKitty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
OTL logfile created on: 12/20/2010 4:47:34 PM - Run 2
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Documents and Settings\Saki\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 3840 7680 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 407.43 Gb Free Space | 87.48% Space Free | Partition Type: NTFS

Computer Name: 1DCGCC1 | User Name: Saki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/19 20:19:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Saki\Desktop\OTL.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008/04/30 02:45:04 | 000,053,248 | ---- | M] () -- C:\WINDOWS\KBStatusLED.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/27 13:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/06/26 10:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/12/19 20:19:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Saki\Desktop\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/06/26 10:33:42 | 000,091,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\VentSrv\ventrilo_svc.exe -- (Ventrilo)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/08/27 10:20:10 | 000,208,616 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP)
SRV - [2006/06/26 10:33:56 | 000,091,696 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/06/26 10:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Saki\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/10/16 10:55:00 | 009,623,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/05/13 16:46:52 | 000,031,760 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/04/30 15:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 14:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009/04/30 14:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2009/02/24 18:56:54 | 000,227,344 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2008/12/15 19:41:32 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2008/11/12 16:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/07/21 16:34:36 | 000,121,872 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/13 17:02:46 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klfltdev.sys -- (KLFLTDEV)
DRV - [2007/01/30 11:12:06 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/27 13:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/06/26 10:33:36 | 001,952,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/06/26 10:33:28 | 001,587,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/06/18 22:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.google.co...lient&hl=en&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/16 23:13:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/16 23:18:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2010/03/18 03:10:03 | 000,000,000 | ---D | M]

[2010/07/30 21:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Saki\Application Data\Mozilla\Extensions
[2010/12/20 16:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Saki\Application Data\Mozilla\Firefox\Profiles\qbqz5cqz.default\extensions
[2010/08/12 19:18:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Saki\Application Data\Mozilla\Firefox\Profiles\qbqz5cqz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/04 02:28:15 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Saki\Application Data\Mozilla\Firefox\Profiles\qbqz5cqz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/30 21:19:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Saki\Application Data\Mozilla\Firefox\Profiles\qbqz5cqz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/13 02:20:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Saki\Application Data\Mozilla\Firefox\Profiles\qbqz5cqz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/20 16:34:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/08 22:12:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/18 22:27:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/16 23:04:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/12/20 16:38:07 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [KBStatusLED1] C:\WINDOWS\KBStatusLED.exe ()
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\Saki\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Saki\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/30 10:50:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/20 16:38:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/19 20:19:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Saki\Desktop\OTL.exe
[2010/12/18 23:33:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Saki\Recent
[2010/12/18 16:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Saki\Application Data\SystemRequirementsLab
[2010/12/18 15:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/12/16 23:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/12/16 23:13:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/12/16 23:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/12/16 23:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/12/13 18:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/12/12 22:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2010/12/12 22:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2010/12/10 02:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2010/12/09 17:44:54 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/12/08 20:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2010/12/04 08:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Saki\Application Data\skypePM
[2010/12/04 08:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/12/04 08:11:12 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/12/04 08:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Saki\Application Data\Skype
[2010/12/04 08:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/12/04 07:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/12/04 01:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive

========== Files - Modified Within 30 Days ==========

[2010/12/20 16:45:27 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/20 16:45:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/20 16:44:35 | 001,910,304 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/12/20 16:44:35 | 000,565,280 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/12/20 16:44:35 | 000,018,100 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/12/20 16:44:35 | 000,004,060 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/12/20 16:38:07 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/12/20 15:55:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/19 21:58:09 | 000,028,375 | ---- | M] () -- C:\Documents and Settings\Saki\Desktop\Southern Jewel App.doc
[2010/12/19 20:19:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Saki\Desktop\OTL.exe
[2010/12/19 02:56:55 | 004,845,996 | ---- | M] () -- C:\Documents and Settings\Saki\Desktop\asdas.mp3
[2010/12/18 16:58:52 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/18 16:58:52 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/18 16:58:50 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/18 16:50:38 | 000,433,472 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/18 16:50:38 | 000,068,318 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/18 16:47:41 | 000,237,284 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/12/18 14:23:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/17 02:32:31 | 000,011,197 | ---- | M] () -- C:\Documents and Settings\Saki\Desktop\Bleach_-_Hitohira_no_Hanabira.mp3
[2010/12/15 19:18:58 | 000,105,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/12 23:38:34 | 000,002,211 | ---- | M] () -- C:\Documents and Settings\Saki\Desktop\Document.doc
[2010/12/12 07:38:43 | 009,638,508 | ---- | M] () -- C:\Documents and Settings\Saki\Desktop\inori no kanata ~instrumental~.mp3
[2010/12/12 07:37:09 | 010,371,614 | ---- | M] () -- C:\Documents and Settings\Saki\Desktop\inori no kanata.mp3
[2010/12/11 02:07:25 | 000,005,848 | ---- | M] () -- C:\Documents and Settings\Saki\Desktop\th_st00pid_anime_kitty.jpg
[2010/12/08 23:39:08 | 000,001,130 | ---- | M] () -- C:\Documents and Settings\Saki\Local Settings\Application Data\FASTWiz.html
[2010/12/08 15:08:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/06 10:30:42 | 001,624,186 | ---- | M] () -- C:\Documents and Settings\Saki\Desktop\IMAG0169.JPG
[2010/12/04 08:16:15 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/24 19:14:48 | 002,986,038 | ---- | M] () -- C:\Documents and Settings\Saki\Desktop\untitled.bmp
[2010/11/22 14:53:36 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\Saki\My Documents\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2010/12/19 21:58:09 | 000,028,375 | ---- | C] () -- C:\Documents and Settings\Saki\Desktop\Southern Jewel App.doc
[2010/12/18 16:42:36 | 000,207,670 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2010/12/17 02:32:31 | 000,011,197 | ---- | C] () -- C:\Documents and Settings\Saki\Desktop\Bleach_-_Hitohira_no_Hanabira.mp3
[2010/12/12 07:38:15 | 009,638,508 | ---- | C] () -- C:\Documents and Settings\Saki\Desktop\inori no kanata ~instrumental~.mp3
[2010/12/12 07:36:48 | 010,371,614 | ---- | C] () -- C:\Documents and Settings\Saki\Desktop\inori no kanata.mp3
[2010/12/12 06:43:22 | 004,845,996 | ---- | C] () -- C:\Documents and Settings\Saki\Desktop\asdas.mp3
[2010/12/10 02:32:56 | 000,005,848 | ---- | C] () -- C:\Documents and Settings\Saki\Desktop\th_st00pid_anime_kitty.jpg
[2010/12/08 23:38:28 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Saki\Local Settings\Application Data\FASTWiz.html
[2010/12/08 22:39:32 | 000,147,642 | ---- | C] () -- C:\Documents and Settings\Saki\Local Settings\Application Data\FASTWiz.log
[2010/12/06 10:30:41 | 001,624,186 | ---- | C] () -- C:\Documents and Settings\Saki\Desktop\IMAG0169.JPG
[2010/12/04 08:16:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/24 19:14:47 | 002,986,038 | ---- | C] () -- C:\Documents and Settings\Saki\Desktop\untitled.bmp
[2010/06/20 04:02:25 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/12/01 12:43:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/11/18 08:47:36 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Saki\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/11 18:37:19 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/30 03:41:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/30 21:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/09/17 22:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/15 23:29:52 | 000,229,447 | ---- | C] () -- C:\WINDOWS\KBHook.dll

========== LOP Check ==========

[2010/12/04 07:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/12/18 15:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2009/11/17 18:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/07/29 19:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/12/18 23:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/12 18:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/05/27 14:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2010/05/27 14:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager
[2010/04/05 13:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/14 13:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/08/12 18:43:25 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/07/31 05:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Saki\Application Data\Auslogics
[2010/03/10 21:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Saki\Application Data\FreeAudioPack
[2009/08/30 15:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Saki\Application Data\GetRightToGo
[2009/11/16 23:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Saki\Application Data\Leadertech
[2009/08/30 10:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Saki\Application Data\MSNInstaller
[2009/10/08 15:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Saki\Application Data\OpenCandy
[2010/12/18 16:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Saki\Application Data\SystemRequirementsLab
[2010/08/12 18:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Saki\Application Data\TuneUp Software

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

< End of report >

Attached Files

  • Attached File  OTL.Txt   51.37KB   58 downloads

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Any improvement ?
  • 0

#7
SakiKitty

SakiKitty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
no not really :s its still really bad.
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There is nothing that I can see so lets see if Combofix can find any oddities

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#9
SakiKitty

SakiKitty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
ComboFix 10-12-21.01 - Saki 12/21/2010 22:17:40.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2494.2055 [GMT -8:00]
Running from: c:\documents and settings\Saki\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-11-22 to 2010-12-22 )))))))))))))))))))))))))))))))
.

2010-12-21 01:03 . 2010-05-17 20:11 229376 ----a-w- c:\windows\system32\PuranDefragS.exe
2010-12-21 01:03 . 2010-05-17 20:11 221184 ----a-w- c:\windows\system32\PuranDC.exe
2010-12-21 01:03 . 2010-05-17 20:11 1110016 ----a-w- c:\windows\system32\PuranFD.exe
2010-12-21 01:03 . 2010-05-17 20:11 107008 ----a-w- c:\windows\system32\PuranDefragBT.exe
2010-12-21 01:03 . 2010-01-27 21:58 212992 ----a-w- c:\windows\system32\PuranDefrag.dll
2010-12-21 01:03 . 2010-12-21 01:43 -------- d-----w- c:\program files\Puran Defrag
2010-12-21 00:38 . 2010-12-21 00:38 -------- d-----w- C:\_OTL
2010-12-19 00:32 . 2010-12-19 00:33 -------- d-----w- c:\documents and settings\Saki\Application Data\SystemRequirementsLab
2010-12-19 00:06 . 2010-10-16 18:55 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-12-19 00:06 . 2010-10-16 18:55 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-12-18 23:51 . 2010-12-18 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2010-12-18 05:11 . 2010-12-18 05:11 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-12-17 07:18 . 2010-12-17 07:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-12-17 07:10 . 2010-12-17 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-12-17 07:05 . 2010-12-17 07:05 -------- d-----w- c:\program files\Common Files\Java
2010-12-15 05:57 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-14 02:03 . 2010-12-14 02:03 -------- d-----w- c:\program files\MSXML 4.0
2010-12-13 06:24 . 2010-12-13 06:25 -------- d-----w- c:\program files\Common Files\Logitech
2010-12-13 06:24 . 2010-12-13 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-12-10 10:12 . 2010-12-10 10:12 -------- d-----w- c:\program files\EASEUS
2010-12-10 01:44 . 2010-12-10 01:44 -------- d-----w- C:\found.000
2010-12-09 04:55 . 2010-12-09 06:13 -------- d-----w- c:\program files\Runtime Software
2010-12-08 23:23 . 2010-12-08 23:23 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-04 16:16 . 2010-12-20 06:58 -------- d-----w- c:\documents and settings\Saki\Application Data\skypePM
2010-12-04 16:11 . 2010-12-04 16:11 -------- d-----w- c:\program files\Common Files\Skype
2010-12-04 16:11 . 2010-12-09 06:12 -------- d-----r- c:\program files\Skype
2010-12-04 16:11 . 2010-12-21 03:18 -------- d-----w- c:\documents and settings\Saki\Application Data\Skype
2010-12-04 16:10 . 2010-12-04 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-12-04 15:44 . 2010-12-04 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2010-12-04 09:10 . 2010-12-04 09:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-12-04 09:07 . 2010-12-04 09:07 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlc34.tmp
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-30 01:42 . 2010-07-07 06:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-30 01:42 . 2010-07-07 06:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2009-08-30 18:48 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-13 02:53 . 2010-05-19 06:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-13 00:34 . 2010-05-19 06:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-06 00:26 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 10:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-04 10:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-16 18:55 . 2010-07-30 04:45 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55 . 2010-07-30 04:45 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 18:55 . 2009-08-17 07:57 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55 . 2009-08-17 07:57 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55 . 2008-09-18 06:55 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-10-16 18:55 . 2008-09-18 06:55 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-16 18:55 . 2008-09-18 06:55 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55 . 2008-09-18 06:55 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55 . 2008-09-18 06:55 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-17 3872080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBStatusLED1"="c:\windows\KBStatusLED.exe" [2008-04-30 53248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-09 47904]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-08-27 208616]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 282624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.3.2.11403-to-3.3.3.11685-enUS-downloader.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Saki\\Desktop\\Micki's [bleep]\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 4:29 PM 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 5:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 4:46 PM 31760]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/4/2010 11:38 AM 136176]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [12/20/2010 5:03 PM 229376]
.
Contents of the 'Scheduled Tasks' folder

2010-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 19:38]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 19:38]

2010-06-13 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-01-07 19:46]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: {CF976DDF-FF4D-42B1-ACF3-55FF4BD89AFE} = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\Saki\Application Data\Mozilla\Firefox\Profiles\qbqz5cqz.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-21 22:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-12-21 22:23:04
ComboFix-quarantined-files.txt 2010-12-22 06:23
ComboFix2.txt 2010-07-25 00:49

Pre-Run: 437,313,212,416 bytes free
Post-Run: 437,294,305,280 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - EDA89663BF4DEE95AF75602A8C2D4FB8
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK one further thing to try - which on the last XP system I had did a fair job - let me know if this needs to do a repair

Download resetdma.vbs to your desktop and then double click it
If the program found any ATA or SATA channel to reset, reboot your computer and test all drives.
  • 0

Advertisements


#11
SakiKitty

SakiKitty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
i cant download it.
When i click on it, i get this in a window:

' Visual Basic Script program to reset the DMA status of all ATA drives

' Copyright © 2006 Hans-Georg Michna

' Version 2007-04-04

' Works in Windows XP, probably also in Windows 2000 and NT.
' Does no harm if Windows version is incompatible.

If MsgBox("This program will now reset the DMA status of all ATA drives with Windows drivers." _
& vbNewline & "Windows will redetect the status after the next reboot, therefore this procedure" _
& vbNewline & "should be harmless.", _
vbOkCancel, "Program start message") _
= vbOk Then

RegPath = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\"
ValueName1Master = "MasterIdDataChecksum"
ValueName1Slave = "SlaveIdDataChecksum"
ValueName2Master = "UserMasterDeviceTimingModeAllowed"
ValueName2Slave = "UserSlaveDeviceTimingModeAllowed"
ValueName3 = "ResetErrorCountersOnSuccess"
MessageText = "The following ATA channels have been reset:"
MessageTextLen0 = Len(MessageText)
ConsecutiveMisses = 0
Set WshShell = WScript.CreateObject("WScript.Shell")

For i = 0 to 999
RegSubPath = Right("000" & i, 4) & "\"

' Master

Err.Clear
On Error Resume Next
WshShell.RegRead RegPath & RegSubPath & ValueName1Master
errMaster = Err.Number
On Error Goto 0
If errMaster = 0 Then
On Error Resume Next
WshShell.RegDelete RegPath & RegSubPath & ValueName1Master
WshShell.RegDelete RegPath & RegSubPath & ValueName2Master
On Error Goto 0
MessageText = MessageText & vbNewLine & "Master"
End If

' Slave

Err.Clear
On Error Resume Next
WshShell.RegRead RegPath & RegSubPath & ValueName1Slave
errSlave = Err.Number
On Error Goto 0
If errSlave = 0 Then
On Error Resume Next
WshShell.RegDelete RegPath & RegSubPath & ValueName1Slave
WshShell.RegDelete RegPath & RegSubPath & ValueName2Slave
On Error Goto 0
If errMaster = 0 Then
MessageText = MessageText & " and "
Else
MessageText = MessageText & vbNewLine
End If
MessageText = MessageText & "Slave"
End If

If errMaster = 0 Or errSlave = 0 Then
On Error Resume Next
WshShell.RegWrite RegPath & RegSubPath & ValueName3, 1, "REG_DWORD"
On Error Goto 0
ChannelName = "unnamed channel " & Left(RegSubPath, 4)
On Error Resume Next
ChannelName = WshShell.RegRead(RegPath & RegSubPath & "DriverDesc")
On Error Goto 0
MessageText = MessageText & " of " & ChannelName & ";"
ConsecutiveMisses = 0
Else
ConsecutiveMisses = ConsecutiveMisses + 1
If ConsecutiveMisses >= 32 Then Exit For ' Don't search unnecessarily long.
End If
Next ' i

If Len(MessageText) <= MessageTextLen0 Then
MessageText = "No resettable ATA channels with Windows drivers found. Nothing changed."
Else
MessageText = MessageText & vbNewline _
& "Please reboot now to reset and redetect the DMA status."
End If

MsgBox MessageText, vbOkOnly, "Program finished normally"

End If ' MsgBox(...) = vbOk

' End of Visual Basic Script program
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ah did you use Firefox ?

Download the attached zip file to your desktop, extract resetdma.vbs then double click and allow it to run


  • 0

#13
SakiKitty

SakiKitty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
It said no ATA drives were detected and nothing was changed :D

And yes i do use firefox (and please dont tell me to use chrome, i tried it and disliked it very much)

Edited by SakiKitty, 24 December 2010 - 11:28 PM.

  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I have a feeling that this may just be an age element - How long have you had XP installed on this system ?
  • 0

#15
SakiKitty

SakiKitty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
Umm... well i got my computer with XP and that was probably abuot 6-7 years ago. I did, however, reformat 2 years ago if that counts.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP