Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Very Slow XP

Started by superlost , Apr 18 2009 09:39 PM

  • Please log in to reply

#1
superlost
Posted 18 April 2009 - 09:39 PM

superlost

    New Member

  • Member
  • Pip
  • 3 posts
Hi,
I have a dell desktop PC that runs XP and is SUPER SLOW. I personally never use it (unless fixing it) my kid uses it for ipod and games. In my option two of the worst things to do on a PC. I have uninstalled both limewire and itunes just now..

I was a 5yr member in high ranking on the castlecops forum that's now closed. I'm a fist time user here at you forum however it came highly recommended. What I'm going to do is..

1. Run a dr Web scan and post results
2. Run Kaspersky free online virus scanner then post results
3. A highjack this scan and post..

This can take an hour or so then I'll come back and post.

Thanks
Superlost
  • 0

Advertisements

#2
superlost
Posted 19 April 2009 - 04:41 PM

superlost

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I'm back. What I thought would take an hour or so to do took 19-1/2 hours :) Nevertheless, lets recap.

The problem with this PC is that its super slow. Example: when I reboot system it takes about 15 minutes before I can even click on Start to work. I did have spybot (that was uninstalled today) it was in my start-up when reboot and took about 1/2 hr - 45 min before it would load in the task bar during start up.. I think this gives you an Idea of how slow this system is.

As I like to do always before posting a problem is do all the preventive stuff first and post all the results at once. Below is a list of everything I've done since my post of this issue last night....

1. I ran a Dr.Web it found some problems see log below..
2. I ran spybot it found nothing.
3. I downloaded Malwarebytes it foud some things. See log below (great program!)
4. I ran a full scan of Bitdefender it found nothing
5. I ran an online Kaspersky full scann. It found nothing.
6. I did a pack 3 install update for windows
7. I ran a Ccleaner to rid the junk
8. I downloaded and ran Otlistit2 see log below
9. I downloaded and ran Rooter see log below
10. A fresh rebbot and Ccleaner

and as you can see I did my homework on what I should do before making this post :)

I look forward to salving this issue. Thank you in advance for reading this and your very kind assistance in any help!
Kind Regards
Superlost

SEE LOGS BELOW...................


***********DRWEBCURE LOG ************

03837689.FIL;C:\$VAULT$.AVG;Probably Trojan.Packed.190;Deleted.;
RegUBP2b-Dennis.reg;C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
A0576291.reg;C:\System Volume Information\_restore{05E7F294-B453-4347-AE7A-5A8F5DEBB4D2}\RP3695;Trojan.StartPage.1505;Deleted.;
A0579306.reg;C:\System Volume Information\_restore{05E7F294-B453-4347-AE7A-5A8F5DEBB4D2}\RP3698;Trojan.StartPage.1505;Deleted.;
A0587373.reg;C:\System Volume Information\_restore{05E7F294-B453-4347-AE7A-5A8F5DEBB4D2}\RP3700;Trojan.StartPage.1505;Deleted.;
A0587781.reg;C:\System Volume Information\_restore{05E7F294-B453-4347-AE7A-5A8F5DEBB4D2}\RP3701;Trojan.StartPage.1505;Deleted.;
xclean_micro.exe;C:\WINDOWS\Downloaded Program Files;Trojan.PWS.Banker.17831;Deleted.;



******************Malwarebytes LOG*******************




Malwarebytes' Anti-Malware 1.36
Database version: 2007
Windows 5.1.2600 Service Pack 2

4/19/2009 3:58:50 AM
mbam-log-2009-04-19 (03-58-35).txt

Scan type: Full Scan (C:\|)
Objects scanned: 162348
Time elapsed: 53 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\antivirus2008y (Rogue.Antivirus2008) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchsearchassistant.auxiliary (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchsearchassistant.auxiliary.1 (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Dennis.UP-4KTI6WBE2SVF\Application Data\Antivirus2008y (Rogue.Antivirus2008) -> No action taken.

Files Infected:
(No malicious items detected)




****************** ROOTER LOG **************************
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:19053 Mo/Free:876 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Sun 04/19/2009|18:00

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\SYSTEM32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\WINDOWS\wanmpsvc.exe
---------- C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
---------- C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
---------- C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
---------- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
---------- C:\Program Files\Softwin\BitDefender10\bdmcon.exe
---------- C:\Program Files\Softwin\BitDefender10\bdagent.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\dwwin.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Sun 04/19/2009|12:14
2 - "C:\Rooter$\Rooter_2.txt" - Sun 04/19/2009|14:23
3 - "C:\Rooter$\Rooter_3.txt" - Sun 04/19/2009|18:02

----------------------\\ Scan completed at 18:02



******************** OTListIt2LOG *************************

OTListIt logfile created on: 4/19/2009 6:09:40 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Dennis.UP-4KTI6WBE2SVF\Local Settings\Temporary Internet Files\Content.IE5\G3JZL953
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

127.30 Mb Total Physical Memory | 46.93 Mb Available Physical Memory | 36.87% Memory free
440.63 Mb Paging File | 184.45 Mb Available in Paging File | 41.86% Paging File free
Paging file location(s): C:\pagefile.sys 192 384;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.61 Gb Total Space | 8.85 Gb Free Space | 47.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UP-4KTI6WBE2SVF
Current User Name: Dennis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe (SOFTWIN S.R.L)
PRC - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe ()
PRC - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (SOFTWIN S.R.L.)
PRC - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Softwin\BitDefender10\bdmcon.exe (SOFTWIN S.R.L.)
PRC - C:\Program Files\Softwin\BitDefender10\bdagent.exe (SOFTWIN S.R.L.)
PRC - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
PRC - C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Documents and Settings\Dennis.UP-4KTI6WBE2SVF\Local Settings\Temporary Internet Files\Content.IE5\G3JZL953\OTListIt2[1].exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (AOL TopSpeedMonitor [Auto | Stopped]) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (bdss [Auto | Running]) -- C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe ()
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (EPSONStatusAgent2 [Auto | Running]) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (GoogleDesktopManager [Disabled | Stopped]) -- File not found
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (LIVESRV [Auto | Running]) -- C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (SOFTWIN S.R.L.)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (VSSERV [Auto | Stopped]) -- C:\Program Files\Softwin\BitDefender10\vsserv.exe (SOFTWIN S.R.L.)
SRV - (WANMiniportService [Auto | Running]) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (XCOMM [Auto | Running]) -- C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe (SOFTWIN S.R.L)

========== Driver Services (SafeList) ==========

DRV - (ac97intc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (ati2mpaa [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys (ATI Technologies Inc.)
DRV - (ati2mtaa [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys (ATI Technologies Inc.)
DRV - (basic2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\basic2.sys (Conexant Systems)
DRV - (EL90X [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\el90xnd5.sys (3Com Corporation)
DRV - (Fallback [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\fallback.sys (Conexant Systems)
DRV - (Fsks [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\fsksnt.sys (Conexant Systems)
DRV - (hsf_msft [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys (Conexant)
DRV - (K56 [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\k56nt.sys (Conexant Systems)
DRV - (MCSTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Rksample [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rksample.sys (Conexant Systems)
DRV - (RT25USBAP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\rt25usbap.sys (Ralink Technology Inc.)
DRV - (SABProcEnum [On_Demand | Stopped]) -- C:\WINDOWS\System32\sabprocenum.sys (SuperAdBlocker.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SoftFax [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\faxnt.sys (Conexant Systems)
DRV - (Tones [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\tonesnt.sys (Conexant Systems)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (V124 [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\v124nt.sys (Conexant Systems)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (wandrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wandrv.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"


[2008/08/18 02:18:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dennis.UP-4KTI6WBE2SVF\Application Data\mozilla\Firefox\Profiles\yp8713xk.default\extensions
[2008/07/23 20:54:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dennis.UP-4KTI6WBE2SVF\Application Data\mozilla\Firefox\Profiles\yp8713xk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

O1 HOSTS File: (972300 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 acestats.com
O1 - Hosts: 127.0.0.1 www.acestats.com
O1 - Hosts: 28055 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" (SOFTWIN S.R.L.)
O4 - HKLM..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg (SOFTWIN S.R.L.)
O4 - HKLM..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe (BillP Studios)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers (Microsoft® Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Search - ?p=ZJ File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .pdf - C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll (Adobe Systems Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 53 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewi...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by106fd.bay10...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefend...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7958.3238078704 (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Tornado 21 (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://cgi.ebay.com/ws/' + eBayUser_SelfHosted_image.src + '
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/04/19 15:24:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dennis.UP-4KTI6WBE2SVF\Application Data\Bitdefender
[2009/04/19 15:16:28 | 00,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2009/04/19 15:10:16 | 00,001,838 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\BitDefender Free Edition v10.lnk
[2009/04/19 15:08:17 | 00,000,000 | ---D | C] -- C:\Program Files\Softwin
[2009/04/19 15:08:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BitDefender
[2009/04/19 14:36:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Softwin
[2009/04/19 14:01:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/04/19 13:02:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/04/19 13:02:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/04/19 13:02:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/04/19 13:02:26 | 00,000,000 | ---D | C] -- C:\Program Files\msn
[2009/04/19 12:02:45 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/19 02:34:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dennis.UP-4KTI6WBE2SVF\Application Data\Malwarebytes
[2009/04/19 02:33:35 | 00,000,739 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/19 02:32:56 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/19 02:32:37 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/19 02:32:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2009/04/19 02:32:25 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/18 18:39:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dennis.UP-4KTI6WBE2SVF\My Documents\LimeWire
[2009/04/18 15:58:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/18 15:56:55 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/04/18 15:55:12 | 00,001,647 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\QuickTime Player.lnk
[2009/04/18 15:52:02 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/16 21:24:26 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 21:24:24 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 21:24:22 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 21:24:20 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 21:24:19 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 21:24:18 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 21:24:16 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 21:24:15 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 21:24:14 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 21:24:10 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/04/16 21:24:05 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/04/16 21:24:01 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/04/16 21:13:16 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/16 21:13:13 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/03/21 10:06:58 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2008/05/19 00:42:55 | 00,000,023 | ---- | C] () -- C:\WINDOWS\EPSC80.ini
[2007/07/22 21:58:27 | 00,000,295 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/01/31 13:50:32 | 00,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/06/07 17:07:11 | 00,000,464 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/04/09 14:01:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\CorelRave.INI
[2005/03/01 15:30:20 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/12/04 00:46:19 | 00,001,600 | ---- | C] () -- C:\WINDOWS\QfnOnl.ini
[2004/12/04 00:46:19 | 00,000,136 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2004/12/04 00:46:06 | 00,000,362 | ---- | C] () -- C:\WINDOWS\QDQICK.INI
[2004/12/04 00:46:06 | 00,000,063 | ---- | C] () -- C:\WINDOWS\ACCWIZ.INI
[2004/12/04 00:46:06 | 00,000,028 | ---- | C] () -- C:\WINDOWS\QFNOA.INI
[2004/12/03 23:39:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\CorelDrw.INI
[2004/11/02 04:39:19 | 00,000,394 | ---- | C] () -- C:\WINDOWS\capture.ini
[2004/11/02 04:36:41 | 00,001,838 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2004/11/02 04:36:41 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\C8356BB224.sys
[2004/05/16 20:55:58 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/04/03 20:46:38 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2004/03/17 19:46:25 | 00,000,877 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/02/16 12:40:06 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/12/04 22:12:40 | 00,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/09/24 11:13:00 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2003/09/24 11:13:00 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
[2003/09/24 11:12:50 | 00,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2001/08/18 08:00:00 | 00,001,140 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2001/08/18 08:00:00 | 00,000,250 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/04/19 17:30:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/19 17:30:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/19 17:30:49 | 13,355,0080 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/19 15:16:51 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2009/04/19 15:10:16 | 00,001,838 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\BitDefender Free Edition v10.lnk
[2009/04/19 14:07:25 | 00,439,552 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/19 14:07:25 | 00,380,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/19 14:07:25 | 00,052,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/19 14:07:19 | 00,000,077 | -HS- | M] () -- C:\Documents and Settings\Dennis.UP-4KTI6WBE2SVF\My Documents\desktop.ini
[2009/04/19 14:04:53 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/19 14:04:04 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/04/19 14:01:20 | 00,182,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/19 12:54:41 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/04/19 02:33:35 | 00,000,739 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/18 15:55:14 | 00,001,647 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\QuickTime Player.lnk
[2009/04/18 15:52:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/17 14:31:27 | 00,972,300 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/04/16 20:29:10 | 00,001,591 | ---- | M] () -- C:\Documents and Settings\Dennis.UP-4KTI6WBE2SVF\Desktop\CCleaner.lnk
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 07:57:26 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/03/27 02:58:38 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/03/21 10:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2009/03/21 10:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Dennis.UP-4KTI6WBE2SVF\My Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Dennis.UP-4KTI6WBE2SVF\Desktop\My Computer.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Dennis.UP-4KTI6WBE2SVF\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users.WINDOWS\Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users.WINDOWS\Desktop\Acrobat Reader 5.0.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Dennis.UP-4KTI6WBE2SVF\My Documents\ww_icons.zip:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Dennis.UP-4KTI6WBE2SVF\My Documents\Shortcut to MOVIES.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Dennis.UP-4KTI6WBE2SVF\My Documents\My d.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Dennis.UP-4KTI6WBE2SVF\Local Settings\Application Data\GDIPFONTCACHEV1.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Dennis.UP-4KTI6WBE2SVF\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini:KAVICHS
< End of report >


*******************EXTRAS LOG **********************

OTListIt Extras logfile created on: 4/19/2009 6:09:40 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Dennis.UP-4KTI6WBE2SVF\Local Settings\Temporary Internet Files\Content.IE5\G3JZL953
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

127.30 Mb Total Physical Memory | 46.93 Mb Available Physical Memory | 36.87% Memory free
440.63 Mb Paging File | 184.45 Mb Available in Paging File | 41.86% Paging File free
Paging file location(s): C:\pagefile.sys 192 384;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.61 Gb Total Space | 8.85 Gb Free Space | 47.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UP-4KTI6WBE2SVF
Current User Name: Dennis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"59069:TCP" = 59069:TCP:*:Enabled:Pando Media Booster
"59069:UDP" = 59069:UDP:*:Enabled:Pando Media Booster
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL (AOL LLC)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer (RealNetworks, Inc.)
C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody File not found
C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer (LimeWire)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found
C:\Documents and Settings\Dennis.UP-4KTI6WBE2SVF\Local Settings\Temporary Internet Files\Content.IE5\GPWTIZ8H\wowclient-downloader[1].exe:*:Enabled:Blizzard Downloader File not found
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL (AOL LLC)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader File not found
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon (America Online, Inc)
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed (America Online Inc)
C:\Program Files\Common Files\AOL\1167536130\EE\AOLServiceHost.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL (America Online Inc.)
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL ()
C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL (AOL Spyware Protection)
C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0 (SmartSoft Ltd.)
C:\WINDOWS\LMI9.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue File not found
D:\2007\CL Applications\bin\jre1.5\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary File not found
C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java™ Platform SE binary (Sun Microsystems, Inc.)
D:\Driver\E_reg\EpsonReg.exe:*:Enabled:Epson Registration File not found
C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster ()
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4D8E38A1-0932-11D7-8E11-0080C8274868}" = Samsung Digimax 201
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{949DBB22-2FB7-4de1-804C-23D495A988D8}" = CuteFTP 8 Home
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEFC581D-BEAE-4F75-989E-BD931970D8AD}" = BitDefender Free Edition v10
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"AOL Spyware Protection" = AOL Spyware Protection
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2013&SUBSYS_021213E0" = Conexant HSF V92 56K Data Fax PCI Modem
"EPSON Printer and Utilities" = EPSON Printer Software
"HyperLoad" = HyperLoad
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"Ink Monitor" = Ink Monitor
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SmartFTP Client 2.0 Setup Files" = SmartFTP Client 2.0 Setup Files (remove only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/18/2009 3:48:40 PM | Computer Name = UP-4KTI6WBE2SVF | Source = MsiInstaller | ID = 1013
Description = Product: iTunes -- An installation for Microsoft Word 2002 is currently
suspended. You must undo the changes made by that installation to continue. Do
you want to undo those changes?

Error - 4/18/2009 3:48:40 PM | Computer Name = UP-4KTI6WBE2SVF | Source = MsiInstaller | ID = 11704
Description = Product: Apple Mobile Device Support -- Error 1704. An installation
for Microsoft Word 2002 is currently suspended. You must undo the changes made
by that installation to continue. Do you want to undo those changes?

Error - 4/18/2009 6:21:18 PM | Computer Name = UP-4KTI6WBE2SVF | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x012ca07d.

Error - 4/18/2009 6:21:36 PM | Computer Name = UP-4KTI6WBE2SVF | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x012ca07d.

Error - 4/18/2009 6:21:41 PM | Computer Name = UP-4KTI6WBE2SVF | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x012ca07d.

Error - 4/18/2009 6:21:45 PM | Computer Name = UP-4KTI6WBE2SVF | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x012ca07d.

Error - 4/18/2009 6:22:12 PM | Computer Name = UP-4KTI6WBE2SVF | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x012ca07d.

Error - 4/19/2009 2:53:56 PM | Computer Name = UP-4KTI6WBE2SVF | Source = MsiInstaller | ID = 11920
Description = Product: BitDefender Free Edition v10 -- Error 1920. Service 'BitDefender
Scan Server' (BDSS) failed to start. Verify that you have sufficient privileges
to start system services.

Error - 4/19/2009 5:54:05 PM | Computer Name = UP-4KTI6WBE2SVF | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2[1].exe, version 2.0.14.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/19/2009 5:54:05 PM | Computer Name = UP-4KTI6WBE2SVF | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2[1].exe, version 2.0.14.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/19/2009 3:26:04 PM | Computer Name = UP-4KTI6WBE2SVF | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the AOL TopSpeed Monitor
service to connect.

Error - 4/19/2009 3:26:04 PM | Computer Name = UP-4KTI6WBE2SVF | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3

Error - 4/19/2009 3:27:20 PM | Computer Name = UP-4KTI6WBE2SVF | Source = Service Control Manager | ID = 7022
Description = The BitDefender Scan Server service hung on starting.

Error - 4/19/2009 3:27:21 PM | Computer Name = UP-4KTI6WBE2SVF | Source = Service Control Manager | ID = 7001
Description = The BitDefender Virus Shield service depends on the BitDefender Scan
Server service which failed to start because of the following error: %%1070

Error - 4/19/2009 3:29:29 PM | Computer Name = UP-4KTI6WBE2SVF | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 4/19/2009 3:29:30 PM | Computer Name = UP-4KTI6WBE2SVF | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 4/19/2009 5:32:57 PM | Computer Name = UP-4KTI6WBE2SVF | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the AOL TopSpeed Monitor
service to connect.

Error - 4/19/2009 5:32:57 PM | Computer Name = UP-4KTI6WBE2SVF | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3

Error - 4/19/2009 5:33:19 PM | Computer Name = UP-4KTI6WBE2SVF | Source = Service Control Manager | ID = 7022
Description = The BitDefender Scan Server service hung on starting.

Error - 4/19/2009 5:33:19 PM | Computer Name = UP-4KTI6WBE2SVF | Source = Service Control Manager | ID = 7001
Description = The BitDefender Virus Shield service depends on the BitDefender Scan
Server service which failed to start because of the following error: %%1070


< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP