Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System extremely slow

Started by bjdill , Jun 24 2010 05:50 PM

  • Please log in to reply

#1
bjdill
Posted 24 June 2010 - 05:50 PM

bjdill

    New Member

  • Member
  • Pip
  • 4 posts
I just got back from vacation after 10 days and suddenly my computer is moving at a glacial pace. When windows looks as if it is finished loading (even after 10 minutes or more) I will click on a program such as IE or just a folder and the loading cursor will appear and nothing will happen. Occaisionally IE will open but will not go beyond the white screen and always ends up as "not responding." I couldn't even restart the computer it was going so slow. I manually turned it off and restarted in safe mode and everything works normally at normal speeds (and it is how I am typing this currently).
I'm not sure if it is malware or not but I figured it was the best place to start. I ran the TFC but when it finished, or appeared to finish, nothing came up. Nothing was happening for a long period of time (over ten minutes) so I clicked on exit but nothing happened. I tried the 'x' in the top right corner and it still didnt work. I went to the task manager and it stated that the program was not responding. When I clicked to shut it down the entire screen went black except for "safe mode" in the four corners. I'm not sure if this finished doing its thing or not because of this. After this I downloaded and ran ERUNT and let it do its thing.
I also ran MBAM. It stated there were 2 infected files. I clicked to remove them and restarted the computer but it was no better. I then ran it again in safe mode and it stated there were no infected files. I will include the Log at the end.
I have downloaded and run GMER and OTL as well and will include the Log's at the bottom.

MBAM Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4235

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18904

24/06/2010 7:10:15 PM
mbam-log-2010-06-24 (19-10-15).txt

Scan type: Quick scan
Objects scanned: 125536
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)






OTL Log (Extras Log did not appear along with OTL after running it twice):







OTL logfile created on: 24/06/2010 8:17:51 PM - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Benjamin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.87 Gb Total Space | 135.11 Gb Free Space | 60.90% Space Free | Partition Type: NTFS
Drive D: | 11.01 Gb Total Space | 1.52 Gb Free Space | 13.77% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BENJAMIN-PC
Current User Name: Benjamin
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/24 19:54:01 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\OTL.exe
PRC - [2009/04/11 03:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/24 19:54:01 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\OTL.exe
MOD - [2010/03/05 11:01:02 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
MOD - [2009/04/11 03:28:25 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiutils.dll
MOD - [2009/04/11 03:28:25 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll
MOD - [2009/04/11 03:28:25 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll
MOD - [2009/04/11 03:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll
MOD - [2009/04/11 03:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009/04/11 03:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 23:24:58 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemdisp.dll
MOD - [2008/01/20 23:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/20 23:24:13 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
MOD - [2008/01/20 23:23:53 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/17 06:57:49 | 000,055,992 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files\eastlinkinternetsecurityservices\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2010/05/11 15:23:35 | 002,478,640 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Common Files\Akamai\rswin_3697.dll -- (Akamai)
SRV - [2010/03/05 12:44:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/18 13:08:32 | 000,188,840 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Program Files\eastlinkinternetsecurityservices\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/11/18 13:07:30 | 000,524,712 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files\eastlinkinternetsecurityservices\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/11/18 13:06:20 | 000,221,608 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/09/24 22:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/01/20 23:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 18:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2010/06/02 10:10:03 | 000,113,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2010/03/30 07:39:18 | 000,033,920 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2010/03/25 07:22:30 | 000,035,792 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\fses.sys -- (FSES)
DRV - [2009/11/18 13:08:18 | 000,069,928 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Program Files\eastlinkinternetsecurityservices\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/11/18 13:07:30 | 000,072,904 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009/11/18 13:06:22 | 000,041,640 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/11/18 13:06:22 | 000,027,048 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2009/11/18 13:06:22 | 000,014,248 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009/04/11 01:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/01/07 17:57:58 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/07/03 14:03:48 | 002,152,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/22 16:20:54 | 000,020,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05040000})
DRV - [2008/03/25 06:44:24 | 002,307,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/02/14 11:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/02/12 12:27:34 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS3.sys -- (HSXHWBS3)
DRV - [2008/02/12 12:26:20 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/02/12 12:25:22 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/20 23:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 23:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 23:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 23:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 23:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 23:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 23:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 23:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 23:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 23:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 23:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 23:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 23:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 23:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 23:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 23:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 23:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 23:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 23:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 23:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 23:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 23:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 23:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 23:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 23:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/18 12:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 06:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 06:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 06:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 06:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 06:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 06:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 06:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 06:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 06:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 06:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 06:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 05:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 05:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 05:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 05:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 05:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 04:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.acadiau.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\eastlinkinternetsecurityservices\NRS\[email protected] [2010/05/26 08:07:59 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 18:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\eastlinkinternetsecurityservices\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\eastlinkinternetsecurityservices\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\eastlinkinternetsecurityservices\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\eastlinkinternetsecurityservices\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [EPSON Stylus CX4800 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [HPADVISOR] File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; File not found
O4 - Startup: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\eastlinkinternetsecurityservices\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\eastlinkinternetsecurityservices\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\eastlinkinternetsecurityservices\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\eastlinkinternetsecurityservices\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\eastlinkinternetsecurityservices\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\eastlinkinternetsecurityservices\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\eastlinkinternetsecurityservices\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Benjamin\Desktop\March 2nd\DSCN5672.JPG
O24 - Desktop BackupWallPaper: C:\Users\Benjamin\Desktop\March 2nd\DSCN5672.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/18 14:03:16 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{94dbfd15-1929-11de-89f8-0021856052f9}\Shell\AutoRun\command - "" = G:\RECYCLER\s-124-52-632-236-125-2632636\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 23:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/06/24 19:53:58 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\OTL.exe
[2010/06/24 18:36:32 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/06/24 18:24:51 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\Malwarebytes
[2010/06/24 18:24:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/24 18:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/24 18:24:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/24 18:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/24 18:23:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/24 18:22:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/24 17:18:31 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\TFC.exe
[2010/06/23 19:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2010/06/23 19:38:20 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\WinBatch
[2010/05/30 20:24:04 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\Cameron

========== Files - Modified Within 90 Days ==========

[2010/06/24 20:18:15 | 003,407,872 | -HS- | M] () -- C:\Users\Benjamin\ntuser.dat
[2010/06/24 20:03:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/24 20:03:12 | 167,755,549 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/06/24 19:54:01 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\OTL.exe
[2010/06/24 19:25:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/24 19:25:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/24 19:25:53 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/24 19:23:48 | 000,524,288 | -HS- | M] () -- C:\Users\Benjamin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/06/24 19:23:48 | 000,065,536 | -HS- | M] () -- C:\Users\Benjamin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/06/24 19:22:18 | 001,678,774 | -H-- | M] () -- C:\Users\Benjamin\AppData\Local\IconCache.db
[2010/06/24 19:22:17 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{18BE3ED8-5A60-462C-92BF-F6C87935EB11}.job
[2010/06/24 18:32:47 | 000,293,376 | ---- | M] () -- C:\Users\Benjamin\Desktop\gmer.exe
[2010/06/24 18:32:33 | 000,284,915 | ---- | M] () -- C:\Users\Benjamin\Desktop\gmer.zip
[2010/06/24 18:24:44 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/24 18:22:52 | 000,000,919 | ---- | M] () -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/24 18:22:39 | 000,000,739 | ---- | M] () -- C:\Users\Benjamin\Desktop\NTREGOPT.lnk
[2010/06/24 18:22:39 | 000,000,720 | ---- | M] () -- C:\Users\Benjamin\Desktop\ERUNT.lnk
[2010/06/24 17:59:01 | 000,333,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/24 17:18:32 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\TFC.exe
[2010/06/24 15:08:37 | 000,001,356 | ---- | M] () -- C:\Users\Benjamin\AppData\Local\d3d9caps.dat
[2010/06/24 13:49:19 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2010/06/23 21:24:14 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLec.DAT
[2010/06/23 21:24:14 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLds.DAT
[2010/06/17 19:43:55 | 000,023,128 | ---- | M] () -- C:\error.fstmp
[2010/06/17 00:00:02 | 000,000,000 | ---- | M] () -- C:\infect.fstmp
[2010/06/07 18:01:37 | 000,058,368 | ---- | M] () -- C:\Users\Benjamin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/07 05:09:54 | 004,486,516 | ---- | M] () -- C:\Users\Benjamin\Desktop\DSCN6236.AVI
[2010/06/06 02:11:18 | 005,637,372 | ---- | M] () -- C:\Users\Benjamin\Desktop\DSCN6227.AVI
[2010/06/05 10:13:14 | 000,702,128 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/05 10:13:14 | 000,607,070 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/05 10:13:14 | 000,108,692 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/26 01:28:06 | 001,934,672 | ---- | M] () -- C:\Users\Benjamin\Desktop\DSCN6057.JPG
[2010/05/24 20:19:08 | 000,161,366 | ---- | M] () -- C:\Users\Benjamin\Desktop\green.htm
[2010/05/17 19:41:44 | 000,000,433 | ---- | M] () -- C:\Users\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\parentsDEC06 - Shortcut.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/06 14:21:37 | 000,317,285 | ---- | M] () -- C:\Windows\System32\EPPRTDRV.CAB
[2010/04/06 14:21:36 | 000,449,762 | ---- | M] () -- C:\Windows\System32\EPSETUP.CAB
[2010/04/06 14:21:36 | 000,008,284 | ---- | M] () -- C:\Windows\System32\eps_icon.avi
[2010/04/06 14:21:33 | 000,613,965 | ---- | M] () -- C:\Windows\System32\EPSTP32U.CAB
[2010/04/06 14:20:47 | 000,000,771 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/04/04 21:00:15 | 000,010,851 | ---- | M] () -- C:\Users\Benjamin\Desktop\newborn3.jpg
[2010/03/30 07:39:18 | 000,033,920 | ---- | M] () -- C:\Windows\System32\drivers\fsbts.sys
[2010/03/29 10:54:14 | 000,000,623 | ---- | M] () -- C:\Users\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\DSCN4961 - Shortcut.lnk

========== Files Created - No Company Name ==========

[2010/06/24 18:36:23 | 167,755,549 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/06/24 18:32:32 | 000,284,915 | ---- | C] () -- C:\Users\Benjamin\Desktop\gmer.zip
[2010/06/24 18:24:44 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/24 18:22:52 | 000,000,919 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/24 18:22:39 | 000,000,739 | ---- | C] () -- C:\Users\Benjamin\Desktop\NTREGOPT.lnk
[2010/06/24 18:22:39 | 000,000,720 | ---- | C] () -- C:\Users\Benjamin\Desktop\ERUNT.lnk
[2010/06/17 00:00:02 | 000,023,128 | ---- | C] () -- C:\error.fstmp
[2010/06/17 00:00:02 | 000,000,000 | ---- | C] () -- C:\infect.fstmp
[2010/06/07 18:01:36 | 004,486,516 | ---- | C] () -- C:\Users\Benjamin\Desktop\DSCN6236.AVI
[2010/06/06 14:22:02 | 005,637,372 | ---- | C] () -- C:\Users\Benjamin\Desktop\DSCN6227.AVI
[2010/05/26 14:43:00 | 001,934,672 | ---- | C] () -- C:\Users\Benjamin\Desktop\DSCN6057.JPG
[2010/05/24 20:19:06 | 000,161,366 | ---- | C] () -- C:\Users\Benjamin\Desktop\green.htm
[2010/05/17 19:41:44 | 000,000,433 | ---- | C] () -- C:\Users\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\parentsDEC06 - Shortcut.lnk
[2010/04/06 14:21:36 | 000,008,284 | ---- | C] () -- C:\Windows\System32\eps_icon.avi
[2010/04/06 14:21:34 | 000,317,285 | ---- | C] () -- C:\Windows\System32\EPPRTDRV.CAB
[2010/04/06 14:21:33 | 000,613,965 | ---- | C] () -- C:\Windows\System32\EPSTP32U.CAB
[2010/04/06 14:21:33 | 000,449,762 | ---- | C] () -- C:\Windows\System32\EPSETUP.CAB
[2010/04/06 14:21:33 | 000,005,729 | ---- | C] () -- C:\Windows\System32\EPSTP32U.DAT
[2010/04/06 14:20:47 | 000,000,771 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/04/04 21:01:23 | 000,010,851 | ---- | C] () -- C:\Users\Benjamin\Desktop\newborn3.jpg
[2010/03/29 10:54:14 | 000,000,623 | ---- | C] () -- C:\Users\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\DSCN4961 - Shortcut.lnk
[2009/09/17 08:07:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/02/10 11:33:44 | 000,033,920 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2008/08/18 14:33:39 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008/08/18 13:44:22 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/08/18 13:44:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 09:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/01/10 14:22:05 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Elluminate
[2010/03/26 00:00:00 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\F-Secure
[2009/11/28 21:57:34 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\GanymedeNet
[2008/12/08 23:41:32 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Nikon
[2010/02/17 11:32:16 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Out of the Park Developments
[2009/03/29 18:41:01 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Template
[2008/12/16 13:09:07 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\WildTangent
[2010/06/23 19:38:20 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\WinBatch
[2010/06/24 19:24:29 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/24 13:49:19 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\Scheduled scanning task.job
[2010/06/24 19:22:17 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{18BE3ED8-5A60-462C-92BF-F6C87935EB11}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/08/18 14:03:16 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 03:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/08/18 14:25:26 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 18:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/06/17 19:43:55 | 000,023,128 | ---- | M] () -- C:\error.fstmp
[2010/06/23 19:47:31 | 000,000,250 | ---- | M] () -- C:\FINIS_IT.TXT
[2010/06/17 00:00:02 | 000,000,000 | ---- | M] () -- C:\infect.fstmp
[2009/07/10 14:44:47 | 000,000,741 | -H-- | M] () -- C:\IPH.PH
[2010/06/24 20:03:12 | 2449,948,672 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 09:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 08:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 08:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 00:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 00:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 00:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 07:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 07:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 03:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/20 23:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\System32\ws2_32.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< End of report >





GMER Log:




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-24 20:48:58
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Benjamin\AppData\Local\Temp\kxlyikow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!SetWindowsHookExW 772F87AD 5 Bytes JMP 71F09A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!CallNextHookEx 772F8E3B 5 Bytes JMP 71EFD101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!UnhookWindowsHookEx 772F98DB 5 Bytes JMP 71E7466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!CreateWindowExW 77301305 5 Bytes JMP 71F0DAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!DialogBoxParamW 773210B0 5 Bytes JMP 71E35505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!DialogBoxIndirectParamW 77322EF5 5 Bytes JMP 7200473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!DialogBoxParamA 77338152 5 Bytes JMP 720046DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!DialogBoxIndirectParamA 7733847D 5 Bytes JMP 720047A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!MessageBoxIndirectA 7734D4D9 5 Bytes JMP 72004671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!MessageBoxIndirectW 7734D5D3 5 Bytes JMP 72004606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!MessageBoxExA 7734D639 5 Bytes JMP 720045A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!MessageBoxExW 7734D65D 5 Bytes JMP 72004542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[356] ole32.dll!OleLoadFromStream 76761E12 5 Bytes JMP 72004AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[356] ole32.dll!CoCreateInstance 76799EA6 5 Bytes JMP 71F0DB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[496] USER32.dll!SetWindowsHookExW 772F87AD 5 Bytes JMP 71F09A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[496] USER32.dll!CallNextHookEx 772F8E3B 5 Bytes JMP 71EFD101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[496] USER32.dll!UnhookWindowsHookEx 772F98DB 5 Bytes JMP 71E7466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[496] USER32.dll!CreateWindowExW 77301305 5 Bytes JMP 71F0DAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[496] USER32.dll!DialogBoxParamW 773210B0 5 Bytes JMP 71E35505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[496] USER32.dll!DialogBoxIndirectParamW 77322EF5 5 Bytes JMP 7200473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[496] USER32.dll!DialogBoxParamA 77338152 5 Bytes JMP 720046DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[496] USER32.dll!DialogBoxIndirectParamA 7733847D 5 Bytes JMP 720047A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[496] USER32.dll!MessageBoxIndirectA 7734D4D9 5 Bytes JMP 72004671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[496] USER32.dll!MessageBoxIndirectW 7734D5D3 5 Bytes JMP 72004606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[496] USER32.dll!MessageBoxExA 7734D639 5 Bytes JMP 720045A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[496] USER32.dll!MessageBoxExW 7734D65D 5 Bytes JMP 72004542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[496] ole32.dll!OleLoadFromStream 76761E12 5 Bytes JMP 72004AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[496] ole32.dll!CoCreateInstance 76799EA6 5 Bytes JMP 71F0DB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2008] USER32.dll!CreateWindowExW 77301305 5 Bytes JMP 71F0DAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2008] USER32.dll!DialogBoxParamW 773210B0 5 Bytes JMP 71E35505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2008] USER32.dll!DialogBoxIndirectParamW 77322EF5 5 Bytes JMP 7200473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2008] USER32.dll!DialogBoxParamA 77338152 5 Bytes JMP 720046DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2008] USER32.dll!DialogBoxIndirectParamA 7733847D 5 Bytes JMP 720047A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2008] USER32.dll!MessageBoxIndirectA 7734D4D9 5 Bytes JMP 72004671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2008] USER32.dll!MessageBoxIndirectW 7734D5D3 5 Bytes JMP 72004606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2008] USER32.dll!MessageBoxExA 7734D639 5 Bytes JMP 720045A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2008] USER32.dll!MessageBoxExW 7734D65D 5 Bytes JMP 72004542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



Any help that you can provide would be awesome.

Thanks
  • 0

Advertisements

#2
bjdill
Posted 25 June 2010 - 10:05 AM

bjdill

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I was able to find the Extras.txt...







OTL Extras logfile created on: 24/06/2010 7:55:11 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Benjamin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.87 Gb Total Space | 135.18 Gb Free Space | 60.93% Space Free | Partition Type: NTFS
Drive D: | 11.01 Gb Total Space | 1.52 Gb Free Space | 13.77% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BENJAMIN-PC
Current User Name: Benjamin
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B2F23F-525A-4A85-BFF3-5CE2938C7CAC}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe |
"{0FA24553-F3E6-4A8E-BD38-DC730ECDC6CE}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface |
"{1744DD9B-3800-403D-967A-00014F74E99D}" = lport=445 | protocol=6 | dir=in | app=system |
"{2B41637E-BD4B-4BC1-801B-9A8C4F756664}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4C246D0D-161F-4ACD-AE9A-8B0D9E543C5A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{4FC4E086-A385-4F9A-80CC-6FC916A6FE8D}" = rport=138 | protocol=17 | dir=out | app=system |
"{5364794E-30AC-4B81-BBC6-4CFE79FCE4B0}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{56DB618B-6917-492C-B501-D9F1257CA267}" = rport=139 | protocol=6 | dir=out | app=system |
"{57BD3CDC-1CBF-45BA-8149-6F13BEDDB53C}" = lport=139 | protocol=6 | dir=in | app=system |
"{655FA6F0-EEA0-4161-8671-CA401F7E5CB2}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface |
"{698615F8-B67A-4362-BE89-6F83B152075F}" = rport=445 | protocol=6 | dir=out | app=system |
"{71BBCC0A-A7CC-4575-AB53-99AA590EAAF1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{7A4AE043-AF0C-458B-863C-0539C0D99166}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7C6925F9-77FE-48A5-818D-E08DB1F88217}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{7C7209FB-760D-4617-93DB-E6586454F737}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{83F22EA9-2ACC-4439-8AC4-041BE3A71EBE}" = lport=1701 | protocol=17 | dir=in | app=system |
"{8DE3485C-FC23-4BAE-8E99-8A1C27567C74}" = lport=445 | protocol=6 | dir=in | app=system |
"{90F47A79-E710-4DEE-81B4-6A1CA026522A}" = lport=1723 | protocol=6 | dir=in | app=system |
"{9D5C6D10-EEB3-42CA-8E41-75D6FBD1EFE0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9DB1727F-1BF2-4F3C-97FE-8D87E7444911}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{A087C745-F131-49F6-BB6C-9ECB7B9E0ACB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AB7BAE0D-C3D7-4AF5-8C1E-0A6104D1F4CB}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{AD836EE9-433A-41F7-B150-78B87C753617}" = rport=1701 | protocol=17 | dir=out | app=system |
"{AEE36AC0-D425-40DF-A035-D0726001E339}" = lport=137 | protocol=17 | dir=in | app=system |
"{B991C7D4-8966-4CE9-B4D7-20AAF67B357B}" = rport=1723 | protocol=6 | dir=out | app=system |
"{BB21EF51-0389-4820-8B14-E67CB5BE4F43}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C713AF1B-FB99-464E-89D2-D5512B1F2AE8}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{D9095CD6-4D71-4305-8845-64EBDDF44B2A}" = rport=137 | protocol=17 | dir=out | app=system |
"{FB0014B0-29D6-4366-8437-F90F2D28CBD8}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0404C9FD-F282-4799-9569-1743B785FABC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{05C2B69F-2CBE-4478-A426-4F48BE363A08}" = protocol=17 | dir=in | app=c:\program files\jabbear\jabbear.exe |
"{07233EC9-C608-4262-85FC-7B1233E0DB92}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{08EC0FAB-62E7-42CE-96A2-14DF74BB7496}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{112C67D8-C2E5-4C9B-B981-23142C6829EA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1E69E81A-9768-4483-8500-DA604E2B69EF}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{26266316-226B-4762-9386-C31C362F4C23}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{354FD378-BBE8-4B76-9F8C-0D704AD67486}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{37972C5C-D3EE-4331-9B51-AF112182ABA5}" = protocol=58 | dir=in | [email protected],-28545 |
"{46A0BA98-6899-45F9-B018-3F57A21FF402}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{507D9053-9100-4501-ADC7-1156C8FBAEC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5419DAE0-2E78-4434-82D1-A462E4283438}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6135CD99-5572-4F51-B660-08DA261A77BB}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{6568FB9F-80B8-4E58-80B1-0D8F63214F35}" = protocol=58 | dir=out | [email protected],-28546 |
"{6AA6F30C-54F6-4EA1-B32E-76855B632F77}" = protocol=1 | dir=out | [email protected],-28544 |
"{6C2A6662-1998-4F7C-B9B9-F8183D46E7B2}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{71524D67-9198-413D-91EF-5AA54BD91348}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{76BF6037-B16F-47BA-ACEA-7D520A8C39D1}" = protocol=1 | dir=in | [email protected],-28543 |
"{7989D409-CE44-46CC-84D2-EEC0FC471986}" = protocol=6 | dir=out | app=system |
"{7B72F3D4-6C5B-4C6D-973C-BD571C1D01BE}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{94BFC56B-8D38-474C-9BA1-516168B42D8A}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{97EF1970-FEAF-4256-B197-CD1A85939FD5}" = protocol=6 | dir=in | app=c:\program files\jabbear\jabbear.exe |
"{9EBE82E0-B2F5-41BD-A3A2-20D8666C6A21}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{A3A6030A-3B7E-4C94-8549-8E1560D3A6E5}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{BB35A2FE-EEA2-43EE-896F-E90B4342CFF1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CA319ABC-C823-4968-A379-BE66F39C1AF3}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{D1F7FFCA-2FF5-46C3-BF75-623B7A8FF960}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{D2B43DB3-58DA-4A40-B170-72B07C62B876}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D881420E-647B-4473-A3E4-56890ECE78D0}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E3EC4C6B-F455-46CD-B405-C6161EC3947A}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |
"{EE29720B-242F-46E0-8819-13CB335280FF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F13252C6-FCF7-474D-B623-A632D8A75B14}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{51D491A7-5539-4E41-8F69-A81591396DD8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{524805F3-60FE-4DBA-AC46-C188A0173DC3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{B1E16E74-7843-4B42-A9FA-4F37D3F7DE88}C:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare\bearshare.exe |
"UDP Query User{4BB7C2E9-70BC-406D-844E-130256568844}C:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare\bearshare.exe |
"UDP Query User{7698E370-659B-4716-B65D-EB54E4A335BE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E3409B0B-52BB-4BDB-A0F6-472FA6D9D268}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216012F0}" = Java™ 6 Update 12
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 17
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{48BF4489-0C58-4E80-BB17-94A673CE310A}" = HP Demo
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C7DDA8E7-AD3D-4F51-AC1E-B0FF57002192}" = Microsoft IntelliPoint 6.3
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Akamai" = Akamai NetSession Interface
"BearShare" = BearShare
"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"F-Secure Product 444" = EastLink Internet Security Services
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Out of the Park 8" = Out of the Park 8
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#3
bjdill
Posted 02 July 2010 - 07:30 PM

bjdill

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP