Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

XP won't boot, Infected with "boot.tidserv"

Started by Mikevel , Mar 07 2011 06:41 PM

  • This topic is locked This topic is locked

#46
JSntgRvr
Posted 11 March 2011 - 10:32 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

I have CA associates anti virus should I remove the program completely before running combo fix. I want to get rid of CA antivirus anyway and install another companies program (Kaparsky)

If yes, should i install the new Kaparsky before i run combofix or wait unitl after running it

Yes. CA must be removed. I would wait for Combofix to finish before installing an antivirus.
  • 0

Advertisements

#47
Mikevel
Posted 11 March 2011 - 11:39 AM

Mikevel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

I have CA associates anti virus should I remove the program completely before running combo fix. I want to get rid of CA antivirus anyway and install another companies program (Kaparsky)

If yes, should i install the new Kaparsky before i run combofix or wait unitl after running it

Yes. CA must be removed. I would wait for Combofix to finish before installing an antivirus.

Deleted CA associates with app remover. I did not unistall the male ware program u had me install, but it is not running. That's ok right before running combofix?
Running combofix now. it's updating new version
Should i install kaparsky right after combofix is done. We still have to add 2nd hardrive before or after new antivirius program installed

Edited by Mikevel, 11 March 2011 - 11:41 AM.

  • 0

#48
JSntgRvr
Posted 11 March 2011 - 11:48 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
You can install the Antivirus after Combofix. In the Event we need to run Combofix again, Kaspersky can be disable.
  • 0

#49
JSntgRvr
Posted 11 March 2011 - 11:49 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Wait until the main drive is cleaned before installing the other drive.
  • 0

#50
Mikevel
Posted 11 March 2011 - 12:04 PM

Mikevel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Here is log. Shall i install Kaparsky now



ComboFix 11-03-10.04 - Michael Velardi 03/11/2011 12:49:15.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.709 [GMT -5:00]
Running from: c:\documents and settings\Michael Velardi\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Virginia Velardi\Application Data\Adobe\AdobeUpdate .exe
c:\documents and settings\Virginia Velardi\Application Data\Adobe\plugs
c:\documents and settings\Virginia Velardi\Local Settings\Application Data\{7CA51A89-0337-4FED-ADE2-A42310D091A2}
c:\documents and settings\Virginia Velardi\Local Settings\Application Data\{7CA51A89-0337-4FED-ADE2-A42310D091A2}\chrome.manifest
c:\documents and settings\Virginia Velardi\Local Settings\Application Data\{7CA51A89-0337-4FED-ADE2-A42310D091A2}\chrome\content\_cfg.js
c:\documents and settings\Virginia Velardi\Local Settings\Application Data\{7CA51A89-0337-4FED-ADE2-A42310D091A2}\chrome\content\overlay.xul
c:\documents and settings\Virginia Velardi\Local Settings\Application Data\{7CA51A89-0337-4FED-ADE2-A42310D091A2}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-02-11 to 2011-03-11 )))))))))))))))))))))))))))))))
.
.
2011-03-11 14:10 . 2011-03-11 14:10 -------- d-----w- c:\documents and settings\Michael Velardi\Application Data\Malwarebytes
2011-03-11 14:10 . 2011-03-11 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-11 14:10 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-11 14:10 . 2011-03-11 14:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-11 14:10 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-11 04:23 . 2011-02-28 18:30 2232832 ----a-r- C:\OTLPE.exe
2011-03-09 17:22 . 2010-09-20 13:39 123904 ----a-w- C:\MbrFix.exe
2011-03-09 17:04 . 2011-03-09 17:04 -------- d-----w- C:\_OTL
2011-03-07 18:16 . 2011-03-07 18:16 -------- d-----w- C:\NBRT
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 17:32 . 2008-01-31 17:30 58619176 ----a-w- c:\program files\iTunesSetup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Ahead\Ahead\data\xtras\mssysmgr.exe" [2004-05-12 196608]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-10-23 962560]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-09-13 1450096]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-07 30192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Tencent\\QQ Games\\QQGames.exe"=
"c:\\Program Files\\Tencent\\QQ Games\\QQGamesD.exe"=
"c:\\Program Files\\Tencent\\QQ Games\\Update\\Update.exe"=
"c:\\Program Files\\Opera 8.02\\Opera.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/15/2009 9:27 PM 24652]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/20/2008 7:59 PM 30192]
.
Contents of the 'Scheduled Tasks' folder
.
2010-11-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=192.168.0.1:87
uInternet Settings,ProxyOverride = www.direcwaysupport.com;192.168.0.*;<local>
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-11 12:56
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3756)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-03-11 12:58:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-11 17:58
.
Pre-Run: 72,044,511,232 bytes free
Post-Run: 75,216,551,936 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5AA76D48CB9CA22EFB0F59A2CE7E1D18
  • 0

#51
JSntgRvr
Posted 11 March 2011 - 12:28 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Are you behind a Proxy Server?

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • OTL should now start. Leave the settings as they appear by default.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
  • Please post the contents of the OTL.txt file and attach the Extras.Txt, if any, in your next reply.

After installing Kaspersky, perform a full scan and let me know the outcome.
  • 0

#52
Mikevel
Posted 11 March 2011 - 12:32 PM

Mikevel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Are you behind a Proxy Server?

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • OTL should now start. Leave the settings as they appear by default.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
  • Please post the contents of the OTL.txt file and attach the Extras.Txt, if any, in your next reply.

After installing Kaspersky, perform a full scan and let me know the outcome.

i don't know about proxy server question. I used to connect to the internet years ago with direcpc satelite (now hughesnet), now no longer use as we got dsl in our area. could this be the proxy server issue

shall i run the otl scan first or after i install kaspersky

Edited by Mikevel, 11 March 2011 - 12:36 PM.

  • 0

#53
JSntgRvr
Posted 11 March 2011 - 12:43 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Either way. I want to check some of these entries throughout OTL.
  • 0

#54
Mikevel
Posted 11 March 2011 - 12:53 PM

Mikevel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Either way. I want to check some of these entries throughout OTL.

OTL logfile created on: 3/11/2011 1:50:11 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Michael Velardi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 701.00 Mb Available Physical Memory | 69.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101.55 Gb Total Space | 70.10 Gb Free Space | 69.03% Space Free | Partition Type: FAT32
Drive E: | 10.22 Gb Total Space | 8.54 Gb Free Space | 83.49% Space Free | Partition Type: FAT32
Drive F: | 1.85 Gb Total Space | 1.78 Gb Free Space | 95.76% Space Free | Partition Type: FAT

Computer Name: SYSTEMAX05 | User Name: Michael Velardi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/11 13:48:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Velardi\Desktop\OTL.exe
PRC - [2009/09/16 18:22:08 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/14 03:43:44 | 000,083,608 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
PRC - [2007/03/14 03:43:42 | 000,272,024 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
PRC - [2007/01/04 16:38:10 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/12/02 18:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2004/09/13 11:49:42 | 001,192,050 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2004/09/13 04:51:06 | 001,450,096 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2004/05/12 15:04:54 | 000,196,608 | ---- | M] () -- C:\Program Files\Ahead\Ahead\data\Xtras\mssysmgr.exe
PRC - [2003/10/23 09:37:46 | 000,962,560 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/03/11 13:48:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Velardi\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2009/09/16 18:22:08 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/04 16:38:10 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2004/09/13 11:49:42 | 001,192,050 | ---- | M] (Ahead Software AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2004/09/13 11:49:42 | 001,192,050 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2003/08/11 10:28:42 | 000,045,056 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2004/10/26 20:35:38 | 000,820,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/09/13 11:54:46 | 000,028,672 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004/09/13 11:54:06 | 000,093,440 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2004/09/13 04:54:54 | 000,027,648 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2004/08/03 22:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2003/11/12 13:56:36 | 000,221,848 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2003/10/26 13:39:44 | 001,301,776 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2003/10/26 13:31:02 | 000,086,872 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2003/08/18 08:30:26 | 000,548,888 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2003/08/11 08:35:34 | 000,167,352 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2003/07/02 15:12:52 | 000,039,348 | ---- | M] (Vireo Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2003/05/08 21:00:56 | 000,033,248 | ---- | M] (Sonic Focus, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sf.sys -- (sf)
DRV - [2002/09/20 10:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2002/09/03 07:50:24 | 000,076,976 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pnp680r.sys -- (Pnp680r)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = www.direcwaysupport.com;192.168.0.*;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.0.1:87



O1 HOSTS File: ([2011/03/11 12:56:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Ahead\Ahead\data\Xtras\mssysmgr.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1120992338369 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1270757709703 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael Velardi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael Velardi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/27 15:51:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/12/31 20:30:06 | 000,000,109 | ---- | M] () - F:\AUTORUN.FCB -- [ FAT ]
O32 - AutoRun File - [2010/01/10 17:44:24 | 000,000,090 | ---- | M] () - F:\Autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/11 13:48:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael Velardi\Desktop\OTL.exe
[2011/03/11 12:58:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/03/11 12:47:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/11 12:41:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/11 12:41:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/11 12:41:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/11 12:41:50 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/11 12:32:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/11 12:32:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/11 12:27:23 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/03/11 12:21:15 | 006,225,384 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Michael Velardi\Desktop\AppRemover.exe
[2011/03/11 09:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Velardi\Application Data\Malwarebytes
[2011/03/11 09:10:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/11 09:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/11 09:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/11 09:10:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/11 09:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/11 09:06:52 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael Velardi\Desktop\mbam-setup.exe
[2011/03/10 23:23:33 | 002,232,832 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/03/09 12:22:33 | 000,123,904 | ---- | C] (Systemintegrasjon AS) -- C:\MbrFix.exe
[2011/03/09 12:04:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/07 13:16:08 | 000,000,000 | ---D | C] -- C:\NBRT
[2008/01/31 12:30:40 | 058,619,176 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[1980/01/01 00:00:00 | 001,301,776 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[1980/01/01 00:00:00 | 000,548,888 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[1980/01/01 00:00:00 | 000,221,848 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[1980/01/01 00:00:00 | 000,192,512 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[1980/01/01 00:00:00 | 000,167,352 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[1980/01/01 00:00:00 | 000,086,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[1980/01/01 00:00:00 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\slserv.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/11 13:48:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Velardi\Desktop\OTL.exe
[2011/03/11 12:56:20 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/03/11 12:56:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/11 12:54:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/11 12:54:12 | 1072,480,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/11 12:48:00 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/03/11 12:41:14 | 004,285,785 | R--- | M] () -- C:\Documents and Settings\Michael Velardi\Desktop\ComboFix.exe
[2011/03/11 12:27:12 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/11 12:27:12 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/11 12:22:16 | 006,225,384 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Michael Velardi\Desktop\AppRemover.exe
[2011/03/11 09:10:26 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/11 09:09:26 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael Velardi\Desktop\mbam-setup.exe
[2011/02/28 13:30:42 | 002,232,832 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/11 12:47:59 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/03/11 12:47:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/11 12:41:50 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/11 12:41:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/11 12:41:50 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/11 12:41:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/11 12:41:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/11 10:03:52 | 004,285,785 | R--- | C] () -- C:\Documents and Settings\Michael Velardi\Desktop\ComboFix.exe
[2011/03/11 09:10:24 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/10 23:53:21 | 1072,480,256 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/29 19:08:21 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ecazer.dat
[2010/11/29 19:08:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jfumiq.bin
[2009/02/15 21:27:49 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/02/21 22:59:09 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4B.DLL
[2006/02/18 17:05:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/08 09:53:41 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/03/20 11:40:32 | 000,000,080 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2005/03/11 20:46:33 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/02/12 15:49:03 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Michael Velardi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/02 12:36:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/27 17:24:22 | 000,000,799 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/27 15:54:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/27 15:49:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/27 15:46:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/27 15:45:28 | 000,298,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/27 15:40:06 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/27 15:40:05 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/27 15:40:05 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/27 15:40:05 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/27 15:40:05 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/27 15:40:04 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/27 15:40:03 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/27 15:40:03 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/27 15:40:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/27 15:39:59 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[1980/01/01 00:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[1980/01/01 00:00:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[1980/01/01 00:00:00 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[1980/01/01 00:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[1980/01/01 00:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\slrundll.exe
[1980/01/01 00:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[1980/01/01 00:00:00 | 000,005,327 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[1980/01/01 00:00:00 | 000,000,503 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

< End of report >




OTL Extras logfile created on: 3/11/2011 1:50:11 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Michael Velardi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 701.00 Mb Available Physical Memory | 69.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101.55 Gb Total Space | 70.10 Gb Free Space | 69.03% Space Free | Partition Type: FAT32
Drive E: | 10.22 Gb Total Space | 8.54 Gb Free Space | 83.49% Space Free | Partition Type: FAT32
Drive F: | 1.85 Gb Total Space | 1.78 Gb Free Space | 95.76% Space Free | Partition Type: FAT

Computer Name: SYSTEMAX05 | User Name: Michael Velardi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera 8.02\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera 8.02\Opera.exe" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Tencent\QQ Games\QQGames.exe" = C:\Program Files\Tencent\QQ Games\QQGames.exe:*:Enabled:QQ Games -- (Tencent America LLC)
"C:\Program Files\Tencent\QQ Games\QQGamesD.exe" = C:\Program Files\Tencent\QQ Games\QQGamesD.exe:*:Enabled:QQ Games Downloader -- ()
"C:\Program Files\Tencent\QQ Games\Update\Update.exe" = C:\Program Files\Tencent\QQ Games\Update\Update.exe:*:Enabled:QQ Games Updater -- ()
"C:\Program Files\Opera 8.02\Opera.exe" = C:\Program Files\Opera 8.02\Opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{1AEC8F41-4701-415D-9782-F69CFB535463}" = Creative Zen MicroPhoto
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5BB08848-2925-4F6F-8F32-5B4D9EA05FE8}" = Chief Architect 9.0 Training Videos
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7399656A-A683-41F9-8B81-B49A5138B76C}" = Serif PhotoPlus 9.0
"{8318FEFD-F467-44D6-82B8-129374BFE9B1}" = Opera 9.62
"{870B0889-A92E-4230-A6A1-F739C1D140DD}" = Opera 9.25
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A84FB24E-FEB4-4C93-A5F5-DE3B40B2B73D}" = Serif PagePlus X2 Resources
"{AC76BA86-7AD7-1033-7646-A70000000000}" = Adobe Reader 7.0
"{AC76BA86-7AD7-EF45-47A7-7E8A45000002}" = Adobe Reader Multimedia Package
"{B00B1355-DD54-4314-90B1-161C6A7D3FD3}" = Serif PagePlus X2
"{B4BF87C8-3EEC-4774-82A2-584F109187B1}" = Ultra Card Reader Driver
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}" = iTunes
"{B94AA0EE-8F75-4773-A25C-E986D94134B2}" = Microsoft RAW Image Thumbnailer and Viewer for Windows XP
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F4EE98D3-507A-4160-8F65-710C37A8FBB8}" = Opera 9.02
"{F8650CB3-89F1-4AE0-81AC-917423C58DB8}" = Serif PhotoPlus Association File Formats
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Aim Plugin for QQ Games" = Aim Plugin for QQ Games
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"ATI Display Driver" = ATI Display Driver
"CANONBJ_Deinstall_CNMCP4B.DLL" = Canon i850
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"eGames GameButler" = eGames GameButler
"Google Desktop" = Google Desktop
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InCD!UninstallKey" = InCD
"Mahjongg Master 4" = Mahjongg Master 4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MRW!UninstallKey" = InCD Reader
"MSN Music Assistant" = MSN Music Assistant
"MuVo Driver" = MuVo Driver
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Nero PhotoShow Express" = Nero PhotoShow Express
"NeroVision!UninstallKey" = NeroVision Express 3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMIX!UninstallKey" = NeroMIX
"NMPUninstallKey" = Nero Media Player
"Opera" = Opera
"Opera8.51" = Opera8.51
"PhotoRescue Wizard PC 3.1.5.11030_is1" = PhotoRescue Wizard PC 3.1.5.11030
"PROSet" = Intel® PRO Network Adapters and Drivers
"QQ Games" = QQ Games
"QQ Pool" = QQ Pool
"SereneScene Marine Aquarium 2" = SereneScene Marine Aquarium 2
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SysInfo" = Creative System Information
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/8/2010 8:52:55 AM | Computer Name = SYSTEMAX05 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/5/2010 5:52:50 PM | Computer Name = SYSTEMAX05 | Source = Application Error | ID = 1000
Description = Faulting application opera.exe, version 9.62.10467.0, faulting module
opera.dll, version 9.62.10467.0, fault address 0x000479e4.

Error - 9/6/2010 2:12:39 PM | Computer Name = SYSTEMAX05 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/3/2010 10:09:43 AM | Computer Name = SYSTEMAX05 | Source = Application Hang | ID = 1002
Description = Hanging application nero.exe, version 6.6.0.8, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/22/2010 9:48:38 PM | Computer Name = SYSTEMAX05 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00010a19.

Error - 11/28/2010 9:01:10 PM | Computer Name = SYSTEMAX05 | Source = Application Error | ID = 1000
Description = Faulting application marine~1.scr, version 0.0.0.0, faulting module
marine~1.scr, version 0.0.0.0, fault address 0x0000447f.

Error - 11/29/2010 8:09:31 PM | Computer Name = SYSTEMAX05 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 11/29/2010 8:09:31 PM | Computer Name = SYSTEMAX05 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 11/29/2010 8:17:58 PM | Computer Name = SYSTEMAX05 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Small Business -- Error 1706. No valid
source could be found for product Microsoft Office 2000 Small Business. The Windows
installer cannot continue.

Error - 11/29/2010 9:11:39 PM | Computer Name = SYSTEMAX05 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 11/30/2010 10:50:13 AM | Computer Name = SYSTEMAX05 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/30/2010 12:25:43 PM | Computer Name = SYSTEMAX05 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/30/2010 2:17:13 PM | Computer Name = SYSTEMAX05 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/30/2010 2:18:57 PM | Computer Name = SYSTEMAX05 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/30/2010 2:19:27 PM | Computer Name = SYSTEMAX05 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 3/11/2011 12:47:40 AM | Computer Name = SYSTEMAX05 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 3/11/2011 10:51:13 AM | Computer Name = SYSTEMAX05 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 3/11/2011 10:52:19 AM | Computer Name = SYSTEMAX05 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 ACPI adpu160m agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
gagp30kx
hpn
i2omp
iaStor
ini910u
IntelIde
mraid35x
perc2
perc2hib
Pnp680r
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
viamraid

Error - 3/11/2011 1:49:22 PM | Computer Name = SYSTEMAX05 | Source = Service Control Manager | ID = 7016
Description = The SmartLinkService service has reported an invalid current state
0.

Error - 3/11/2011 1:57:41 PM | Computer Name = SYSTEMAX05 | Source = Service Control Manager | ID = 7016
Description = The SmartLinkService service has reported an invalid current state
0.


< End of report >
  • 0

#55
JSntgRvr
Posted 11 March 2011 - 01:11 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
I don't believe making changes will make a difference. The Proxy server is disabled.

Let me know the outcome after running Kaspersky and any continuing problems you are still having with the computer.
  • 0

Advertisements

#56
Mikevel
Posted 11 March 2011 - 01:17 PM

Mikevel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

I don't believe making changes will make a difference. The Proxy server is disabled.

Let me know the outcome after running Kaspersky and any continuing problems you are still having with the computer.


I'll install Kaspersky

Then what..do you need another report after anti virus install

Should i then install the removed HDD or wait
  • 0

#57
JSntgRvr
Posted 11 March 2011 - 01:27 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Wait until Kaspersky give us a clean bill of health and you feel satisfied with the computer's performance.
  • 0

#58
Mikevel
Posted 11 March 2011 - 03:44 PM

Mikevel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Wait until Kaspersky give us a clean bill of health and you feel satisfied with the computer's performance.

Kasparsky installed and updated, ran full scan and critical area scan......no threats detected. How long should i wait before re-installing SATA HDD

what will need to be done to make sure Re-installed HD is Ok

Thanks
  • 0

#59
JSntgRvr
Posted 11 March 2011 - 03:58 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
If you feel the computer's performance is good, first enter the BIOS and write down the configuration on the boot order. Leave without saving. Allow Windows to load and shutdown the computer. Install the Secondary Hard drive. Close the console and start the computer. Enter the BIOS. Make sure the boot settings haven 't change, although the Secondary Hard Drive will be present, but not part of the boot order. Save the changes and leave. Let the computer start.

Let me know if you experience a problem and how is the performance of the computer.
  • 0

#60
Mikevel
Posted 11 March 2011 - 04:13 PM

Mikevel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

If you feel the computer's performance is good, first enter the BIOS and write down the configuration on the boot order. Leave without saving. Allow Windows to load and shutdown the computer. Install the Secondary Hard drive. Close the console and start the computer. Enter the BIOS. Make sure the boot settings haven 't change, although the Secondary Hard Drive will be present, but not part of the boot order. Save the changes and leave. Let the computer start.

Let me know if you experience a problem and how is the performance of the computer.

I will wait a couple of days to make sure everything is running good before i re-install HDD


Thanks for all your help
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP