Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

xp antivirus 2009 is killing me


  • This topic is locked This topic is locked
11 replies to this topic

#1 lj4207

lj4207

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Battle Creek MI
  • Local time:11:32 PM

Posted 14 January 2009 - 04:48 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:42:35 PM, on 1/13/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe

--
End of file - 2962 bytes






i used super antispyware avira antivirus malwarebytes all found some form of xp antivirus 2009 i deleted and rebooted now
my normal mode is too slow to do anything at all if i use safe mode with networking it works fine need help
cant update windows

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:32 PM

Posted 24 January 2009 - 11:43 PM

Hello, lj4207
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
Please note that these instructions need to be run from NORMAL mode, not Safe mode with network support.


We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • GMER's Log

BillyIII

Edited by Billy O'Neal, 24 January 2009 - 11:44 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 lj4207

lj4207
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Battle Creek MI
  • Local time:11:32 PM

Posted 28 January 2009 - 03:00 PM

sorry i havent been here didnt think it worked but computer real slow innormal but descent in safe mode

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:32 PM

Posted 28 January 2009 - 03:03 PM

I understand that, but in Safe Mode, the tools aren't able to get a complete picture of what's going on. The reports shouldn't take too long to generate, even when things are bogged down.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 lj4207

lj4207
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Battle Creek MI
  • Local time:11:32 PM

Posted 28 January 2009 - 03:20 PM

ill try again but is so slow usually cant do nothing

#6 lj4207

lj4207
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Battle Creek MI
  • Local time:11:32 PM

Posted 28 January 2009 - 03:38 PM

well i tried it and as soon as i double clicked it it pretty much froze and never did nothing its pretty messed up i guess anything to do to make it speed up let me know

#7 lj4207

lj4207
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Battle Creek MI
  • Local time:11:32 PM

Posted 28 January 2009 - 03:47 PM

reports in safemode thought they would help


OTViewIt logfile created on: 2009-01-28 12:40:58 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

247.48 Mb Total Physical Memory | 157.18 Mb Available Physical Memory | 63.51% Memory free
606.64 Mb Paging File | 558.55 Mb Available in Paging File | 92.07% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.18 Gb Total Space | 24.65 Gb Free Space | 74.30% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 0.78 Gb Free Space | 19.10% Space Free | Partition Type: FAT32
Drive E: | 269.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-C8BH3JAGLT
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2009-01-28 12:17:03 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008-10-15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Stopped])
[2008-10-15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Stopped])
[2003-02-21 02:19:38 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2004-12-22 17:45:22 | 00,255,600 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE -- (ccEvtMgr [Disabled | Stopped])
[2004-12-22 17:45:30 | 00,087,664 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE -- (ccPwdSvc [On_Demand | Stopped])
[2004-12-22 17:45:42 | 00,235,120 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE -- (ccSetMgr [Disabled | Stopped])
[2003-11-03 19:47:08 | 00,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity [Auto | Stopped])
[2004-01-16 19:16:06 | 00,417,792 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService [On_Demand | Stopped])
[2003-08-17 23:34:02 | 00,158,376 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton AntiVirus\navapsvc.exe -- (navapsvc [Disabled | Stopped])
[2003-07-28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2003-08-10 00:26:24 | 00,193,816 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton AntiVirus\SAVScan.exe -- (SAVScan [On_Demand | Stopped])

========== Driver Services ==========

[2004-01-16 19:58:50 | 01,252,940 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Stopped])
[2003-12-12 06:54:14 | 00,391,424 | ---- | M] (Sensaura Ltd) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Stopped])
[2004-02-14 02:00:34 | 00,611,836 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Stopped])
[2008-05-09 12:15:51 | 00,045,376 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntdd.sys -- (avgntdd [System | Running])
[2008-01-21 17:11:28 | 00,022,336 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntmgr.sys -- (avgntmgr [Boot | Running])
[2008-10-30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Stopped])
[2003-12-02 18:23:20 | 00,142,336 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k [Boot | Running])
[2003-11-03 19:47:08 | 00,009,760 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2009-01-28 12:01:30 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])
[2004-02-10 18:17:06 | 00,681,469 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Stopped])
[2008-09-23 06:45:32 | 00,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50 [On_Demand | Stopped])
[2008-09-23 06:45:31 | 00,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50 [On_Demand | Stopped])
[2004-03-04 08:00:00 | 00,067,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040304.008\NAVENG.SYS -- (NAVENG [On_Demand | Stopped])
[2004-03-04 08:00:00 | 00,598,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040304.008\NAVEX15.SYS -- (NAVEX15 [On_Demand | Stopped])
[2002-07-29 21:43:50 | 00,023,808 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2 [On_Demand | Running])
[2004-02-11 20:04:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2003-08-01 02:09:08 | 00,017,136 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2002-10-04 17:04:10 | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139 [On_Demand | Running])
[2005-03-21 11:00:24 | 00,004,096 | ---- | M] (SuperAdBlocker.com) -- C:\WINDOWS\System32\sabprocenum.sys -- (SABProcEnum [On_Demand | Stopped])
[2008-12-22 11:06:00 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Stopped])
[2008-12-22 11:06:02 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2008-12-22 11:05:58 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Stopped])
[2003-08-06 23:02:06 | 00,300,736 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton AntiVirus\savrt.sys -- (SAVRT [System | Stopped])
[2003-08-06 23:02:12 | 00,035,008 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Stopped])
[2004-02-11 20:01:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004-01-02 19:20:40 | 00,432,000 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315 [On_Demand | Stopped])
[2003-07-18 16:58:20 | 00,036,992 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP [Boot | Running])
[2004-01-02 20:05:48 | 00,011,520 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp [System | Stopped])
[2007-03-01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Stopped])
[2003-08-16 00:22:12 | 00,082,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])
[2005-01-21 22:31:48 | 00,026,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Stopped])
[2005-01-21 22:31:50 | 00,267,384 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Stopped])
[2003-07-02 11:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [Boot | Running])
[2004-02-04 17:28:00 | 00,134,144 | ---- | M] (Copyright © VIA/S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx [On_Demand | Stopped])
[2004-02-11 19:51:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"provider"=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = localhost

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-530512159-2363719490-746642466-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=yahoo.com

[HKEY_USERS\S-1-5-21-530512159-2363719490-746642466-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"provider"=

[HKEY_USERS\S-1-5-21-530512159-2363719490-746642466-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = localhost

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
AutorunsDisabled (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)

[HKEY_USERS\S-1-5-21-530512159-2363719490-746642466-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
"hpsysdrv"=c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
"KBD"=C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
"PS2"=C:\WINDOWS\system32\ps2.exe (Hewlett-Packard Company)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Infodelivery\Restrictions]
"NoUpdateCheck"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"LinkResolveIgnoreLinkInfo"=0
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"LinkResolveIgnoreLinkInfo"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-530512159-2363719490-746642466-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"LinkResolveIgnoreLinkInfo"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

========== (O9) IE Extensions ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Web Browser Applet Control] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Web Browser Applet Control] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Web Browser Applet Control] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-21-530512159-2363719490-746642466-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Web Browser Applet Control] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
8 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-530512159-2363719490-746642466-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
8 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}: http://www.eset.eu/buxus/docs/OnlineScanner.cab -- OnlineScanner Control
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1231993383453 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{B1E2B96C-12FE-45E2-BEF1-44A219113CDD}: http://www.superadblocker.com/activex/sabspx.cab -- SABScanProcesses Class
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03

========== (O17) DNS Name Servers ==========

{A7686DE8-7A56-426F-92BB-C50589F30112} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004-04-02 00:03:32 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTOEXEC.BAT []
[2001-07-28 06:07:38 | 00,000,000 | -HS- | M] () -- D:\AUTOEXEC.BAT -- [ FAT32 ]

autorun.inf [[autorun] | OPEN=AT&T_High_Speed_Internet_Service.exe | ICON=Activation\ATT.ico | ]
[2008-04-14 06:24:46 | 00,000,079 | R--- | M] () -- E:\autorun.inf -- [ CDFS ]

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[2009-01-28 12:18:26 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2009-01-28 12:16:59 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2009-01-28 12:01:33 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009-01-28 12:01:30 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009-01-28 12:01:30 | 00,811,008 | R--- | C] () -- C:\WINDOWS\gmer.exe
[2009-01-28 12:01:30 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009-01-28 12:01:30 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009-01-14 21:36:40 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009-01-14 20:29:50 | 00,000,907 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk
[2009-01-14 20:29:43 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2009-01-14 20:20:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2009-01-14 20:20:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009-01-14 20:08:58 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009-01-14 20:08:58 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009-01-14 20:08:58 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009-01-14 20:08:58 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009-01-14 20:08:58 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009-01-14 20:08:58 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009-01-14 20:08:58 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009-01-14 20:08:58 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009-01-14 20:08:58 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009-01-14 20:08:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009-01-14 20:08:52 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009-01-14 20:06:47 | 00,000,000 | ---D | C] -- C:\Program Files\RogueRemover FREE
[2009-01-14 20:05:00 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009-01-13 18:42:09 | 00,000,000 | ---D | C] -- C:\Program Files\IObit
[2009-01-13 18:42:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\IObit
[2009-01-13 18:12:31 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009-01-13 17:44:11 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2009-01-13 17:41:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Download Manager
[2009-01-13 16:37:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla
[2009-01-13 16:37:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2009-01-13 16:31:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009-01-13 16:01:09 | 00,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009-01-13 16:00:48 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009-01-13 15:56:30 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-01-13 15:56:30 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009-01-13 15:56:28 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-01-13 15:56:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-01-13 15:56:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009-01-13 15:53:48 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-01-13 15:33:27 | 00,021,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBSTOR.SYS
[2009-01-12 22:15:41 | 00,001,859 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2009-01-12 22:14:52 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009-01-12 22:14:52 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009-01-12 22:14:51 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009-01-12 22:14:49 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009-01-12 22:14:34 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009-01-12 22:14:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009-01-12 22:00:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009-01-12 21:59:45 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009-01-12 21:59:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2009-01-12 21:58:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009-01-12 21:48:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009-01-11 18:54:13 | 00,000,000 | ---D | C] -- C:\Program Files\SymNetDrv
[2009-01-11 18:48:31 | 00,000,530 | ---- | C] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[2009-01-11 17:46:19 | 00,002,154 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2009-01-11 17:46:17 | 00,131,072 | ---- | C] (InterMute, Inc.) -- C:\WINDOWS\System32\SpSubLSP.dll
[2009-01-11 17:46:16 | 00,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2009-01-11 17:45:05 | 00,001,181 | ---- | C] () -- C:\WINDOWS\System32\imbrmute.ini
[2009-01-11 17:05:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009-01-11 17:03:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009-01-11 17:03:46 | 00,022,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2009-01-11 17:00:08 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgr.dll
[2009-01-11 17:00:08 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winhttp.dll
[2009-01-11 17:00:08 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll
[2009-01-11 17:00:08 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpob2res.dll
[2009-01-11 17:00:08 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2009-01-11 17:00:08 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgrprxy.dll
[2009-01-11 17:00:08 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx2.dll
[2009-01-11 17:00:08 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2009-01-11 17:00:08 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx3.dll
[2009-01-11 17:00:08 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2009-01-11 16:56:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009-01-11 16:54:40 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2009-01-11 16:54:40 | 00,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2009-01-11 16:54:40 | 00,213,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2009-01-11 16:54:40 | 00,202,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll
[2009-01-11 16:54:40 | 00,186,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2009-01-11 16:54:40 | 00,167,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2009-01-11 16:54:40 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2009-01-11 16:45:31 | 00,066,736 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\setup.exe
[2009-01-10 22:45:37 | 00,000,196 | RHS- | C] () -- C:\BOOT.BAK
[2009-01-10 22:45:26 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009-01-10 18:20:07 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos
[2009-01-10 18:20:07 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Pictures
[2009-01-10 18:20:07 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Music
[2009-01-10 18:18:36 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009-01-10 17:20:25 | 00,000,272 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2009-01-10 17:13:46 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp2res.dll
[2009-01-10 17:13:46 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsp2res.dll
[2009-01-10 17:13:46 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmcom.dll
[2009-01-10 17:13:46 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evtgprov.dll
[2009-01-10 17:13:46 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mf3216.dll
[2009-01-10 17:13:46 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mf3216.dll
[2009-01-10 17:13:45 | 00,741,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpctr.exe
[2009-01-10 17:13:45 | 00,548,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rtcdll.dll
[2009-01-10 17:13:45 | 00,548,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rtcdll.dll
[2009-01-10 17:13:45 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst120.dll
[2009-01-10 17:13:45 | 00,253,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\h323.tsp
[2009-01-10 17:13:45 | 00,253,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\h323.tsp
[2009-01-10 17:13:44 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\h323msp.dll
[2009-01-10 17:13:44 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\h323msp.dll
[2009-01-10 17:13:44 | 00,439,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipnathlp.dll
[2009-01-10 17:13:44 | 00,439,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipnathlp.dll
[2009-01-10 17:13:44 | 00,364,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\callcont.dll
[2009-01-10 17:13:44 | 00,306,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2009-01-10 17:13:44 | 00,306,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009-01-10 17:13:20 | 00,977,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2009-01-10 17:13:20 | 00,977,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2009-01-10 17:13:20 | 00,499,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comuid.dll
[2009-01-10 17:13:20 | 00,499,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2009-01-10 17:13:20 | 00,367,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2009-01-10 17:13:20 | 00,367,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2009-01-10 17:13:20 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comadmin.dll
[2009-01-10 17:13:20 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2009-01-10 17:13:20 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2009-01-10 17:13:20 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2009-01-10 17:13:20 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2009-01-10 17:13:20 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxclu.dll
[2009-01-10 17:13:20 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxclu.dll
[2009-01-10 17:13:20 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.exe
[2009-01-10 17:13:20 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2009-01-10 17:13:19 | 01,183,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ole32.dll
[2009-01-10 17:13:19 | 00,535,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rpcrt4.dll
[2009-01-10 17:13:19 | 00,263,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rpcss.dll
[2009-01-10 17:13:19 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\es.dll
[2009-01-10 17:13:19 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\es.dll
[2009-01-10 17:13:19 | 00,097,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\txflog.dll
[2009-01-10 17:13:19 | 00,097,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\txflog.dll
[2009-01-10 17:13:19 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009-01-10 17:13:19 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2009-01-10 17:13:18 | 01,194,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsvcs.dll
[2009-01-10 17:13:18 | 01,194,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2009-01-10 17:13:18 | 00,594,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvut.dll
[2009-01-10 17:13:18 | 00,594,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2009-01-10 17:13:18 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatq.dll
[2009-01-10 17:13:18 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatq.dll
[2009-01-10 17:13:18 | 00,225,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrv.dll
[2009-01-10 17:13:18 | 00,225,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2009-01-10 17:13:18 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatex.dll
[2009-01-10 17:13:18 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2009-01-10 17:12:03 | 00,134,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2009-01-10 17:12:03 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2009-01-10 17:10:11 | 00,051,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i8042prt.sys
[2009-01-10 17:10:11 | 00,023,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdclass.sys
[2009-01-09 21:58:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Game Mill Files
[2009-01-09 21:54:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2009-01-09 15:44:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AT&T
[2009-01-09 15:44:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ATTTOOLBAR
[2009-01-09 10:34:11 | 00,137,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\evuqaget.dll
[2009-01-09 09:32:16 | 00,000,000 | ---D | C] -- C:\Program Files\AT&T
[2009-01-09 09:32:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2009-01-09 09:31:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATTToolbar
[2009-01-09 09:31:38 | 00,000,000 | ---D | C] -- C:\Program Files\ATTToolbar
[2009-01-08 11:25:29 | 00,000,000 | ---D | C] -- C:\Program Files\ATT-HSI
[2009-01-08 11:24:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2009-01-01 10:34:04 | 00,028,280 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008-12-29 18:48:56 | 00,000,312 | ---- | C] () -- C:\WINDOWS\tasks\fzsvoecq.job

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[2009-01-28 12:33:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-01-28 12:29:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-01-28 12:21:39 | 02,754,576 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009-01-28 12:21:37 | 00,000,583 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-01-28 12:21:37 | 00,000,264 | RHS- | M] () -- C:\boot.ini
[2009-01-28 12:21:37 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-01-28 12:18:36 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2009-01-28 12:17:03 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2009-01-28 12:02:33 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009-01-28 12:01:30 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009-01-28 12:01:30 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009-01-28 12:01:30 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009-01-18 07:02:45 | 00,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-01-18 07:02:45 | 00,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-01-18 07:02:18 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-01-14 22:05:15 | 00,000,530 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[2009-01-14 22:05:15 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\fzsvoecq.job
[2009-01-14 22:05:15 | 00,000,272 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2009-01-14 20:29:50 | 00,000,907 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk
[2009-01-14 20:21:01 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009-01-14 20:21:01 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009-01-14 20:14:33 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009-01-14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-01-14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-01-13 16:01:09 | 00,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009-01-13 15:56:30 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009-01-12 22:15:42 | 00,001,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2009-01-11 18:48:32 | 00,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009-01-11 17:46:25 | 00,002,154 | ---- | M] () -- C:\WINDOWS\System32\mshrml.ini
[2009-01-11 17:46:24 | 00,002,154 | ---- | M] () -- C:\WINDOWS\System32\ssmute.ini
[2009-01-11 17:46:24 | 00,001,181 | ---- | M] () -- C:\WINDOWS\System32\imbrmute.ini
[2009-01-11 17:46:17 | 00,131,072 | ---- | M] (InterMute, Inc.) -- C:\WINDOWS\System32\SpSubLSP.dll
[2009-01-11 16:45:32 | 00,066,736 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\setup.exe
[2009-01-10 17:15:59 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-01-10 17:15:49 | 00,149,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-01-10 17:14:16 | 00,000,993 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009-01-10 17:09:57 | 00,000,196 | RHS- | M] () -- C:\BOOT.BAK
[2009-01-09 10:34:20 | 00,137,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\evuqaget.dll
[2009-01-01 10:34:15 | 00,028,280 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
< End of report >














OTViewIt Extras logfile created on: 2009-01-28 12:40:58 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

247.48 Mb Total Physical Memory | 157.18 Mb Available Physical Memory | 63.51% Memory free
606.64 Mb Paging File | 558.55 Mb Available in Paging File | 92.07% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.18 Gb Total Space | 24.65 Gb Free Space | 74.30% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 0.78 Gb Free Space | 19.10% Space Free | Partition Type: FAT32
Drive E: | 269.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-C8BH3JAGLT
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0x00000000
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0x00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
Protocol_Catalog9\Catalog_Entries\000000000001 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000002 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000003 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000004 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000005 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000006 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000007 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000008 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000009 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000010 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000011 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000012 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000013 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000014 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000015 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000016 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000017 -- File not found

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003-07-11 09:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003-07-11 09:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003-07-11 09:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003-08-01 22:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004-02-11 19:50:00 | 00,842,268 | ---- | M] () C:\WINDOWS\system32\msdxm.ocx (vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} (HKLM) [AsyncPProt Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003-07-15 05:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}"=SpyHunter
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}"=Adobe Photoshop Album 2.0 Starter Edition
"{14589F05-C658-4594-9429-D437BA688686}"=IntelliMover Data Transfer Demo
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}"=Microsoft Money 2004
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}"=PC-Doctor for Windows
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}"=Quicken 2004
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{7169B8E4-2632-46B1-AA5F-167CB5FE5029}"=Symantec Network Drivers Update
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}"=Microsoft Works 7.0
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}"=Easy Internet Sign-up
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics Driver
"{8C64E145-54BA-11D6-91B1-00500462BE80}"=Microsoft Money 2004 System Pack
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{9705A7E1-3DD1-4BAC-8CA9-FE7B1473BEC9}"=iTunes
"{98E8A2EF-4EAE-43B8-A172-74842B764777}"=InterVideo WinDVD Player
"{AC76BA86-7AD7-1033-7B44-A00000000001}"=Adobe Reader 6.0.1
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}"=Microsoft Plus! Digital Media Edition
"{C6F5B6CF-609C-428E-876F-CA83176C021B}"=Norton AntiVirus 2004
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}"=Compaq Organize
"{D6414CC7-F215-467F-88B1-546ED863F35B}"=CC_ccStart
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}"=HpSdpAppCoreApp
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}"=ccCommon
"{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}"=SymNet
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}"=Norton AntiVirus Parent MSI
"{FC37ABD0-2108-4beb-B010-1254E0662B5A}"=MSRedist
"0254DF9A-618A-4A2C-A5ED-FA7115988B02"=Word Symphony from Compaq (remove only)
"05E21449-3BA3-42BF-BBDA-95205F4EA40A"=Polar Bowler from Compaq (remove only)
"26DC0ED6-93A7-43C1-8DC5-EC16079580F9"=Orbital from Compaq (remove only)
"29FF6D07-4A15-41F1-9D5E-E0F3A58012C6"=Bounce Symphony from Compaq (remove only)
"2FDCC229-354D-4279-ABEF-CE17E355BFFA"=Five Card Frenzy from Compaq (remove only)
"66195170-D19D-46C5-8FB7-8A4630071ADC"=Tradewinds from Compaq (remove only)
"75528D5F-DD82-402E-BA7C-045B7DC6A712"=Blasterball 2 from Compaq (remove only)
"8A225900-C06D-41DD-B66C-43840D472758"=Otto from Compaq (remove only)
"8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E"=Slyder from Compaq (remove only)
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1"=Advanced SystemCare 3
"Agere Systems Soft Modem"=Agere Systems PCI Soft Modem
"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus
"BackWeb-1940576 Uninstaller"=Compaq Connections
"C43D84CD-EBFC-48D3-A330-7868C8AD415A"=Crystal Maze from Compaq (remove only)
"CCleaner"=CCleaner (remove only)
"Compaq Instant Support"=Compaq Instant Support
"EsetOnlineScanner"=ESET Online Scanner
"F07504C6-20C5-4BFE-83A0-523FB2455E72"=Blackhawk Striker from Compaq (remove only)
"FA7F5211-C629-4711-BD82-7DFFB08CB518"=Overball from Compaq (remove only)
"HijackThis"=HijackThis 2.0.2
"ieupdate"=Internet Explorer Q828750
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}"=Quicken 2004
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}"=Easy Internet Sign-up
"InstallShield_{9705A7E1-3DD1-4BAC-8CA9-FE7B1473BEC9}"=iTunes
"LiveReg"=LiveReg (Symantec Corporation)
"LiveUpdate"=LiveUpdate 1.90 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Malwarebytes' RogueRemover FREE_is1"=Malwarebytes' RogueRemover
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"NVIDIA"=
"oeupdate"=Outlook Express Update Q330994
"PopSubtract"=PopSubtract
"PS2"=PS2
"Python 2.2 combined Win32 extensions"=Python 2.2 combined Win32 extensions
"Python 2.2.1"=Python 2.2.1
"Q327979"=Windows XP Hotfix (SP2) Q327979
"Q329112"=Windows XP Hotfix (SP2) Q329112
"q329256"=Windows XP Hotfix (SP2) [See q329256 for more information]
"Q331958"=Windows XP Hotfix (SP2) Q331958
"Q811789"=Windows XP Hotfix (SP2) Q811789
"Q814995"=Windows XP Hotfix (SP2) Q814995
"Q815485"=Windows XP Hotfix (SP2) Q815485
"Q817357"=Windows XP Hotfix (SP2) Q817357
"QuickTime"=QuickTime
"RealPlayer 6.0"=RealOne Player
"Sophos-AntiRootkit"=Sophos Anti-Rootkit 1.3.1
"SpamSubtract"=SpamSubtract
"SpySubtract"=SpySubtract
"SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}"=Norton AntiVirus 2004 (Symantec Corporation)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009-01-21 06:52:08 PM | Computer Name = YOUR-C8BH3JAGLT | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 2009-01-21 09:56:14 PM | Computer Name = YOUR-C8BH3JAGLT | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 2009-01-21 09:56:14 PM | Computer Name = YOUR-C8BH3JAGLT | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 2009-01-25 11:30:55 PM | Computer Name = YOUR-C8BH3JAGLT | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 2009-01-25 11:30:55 PM | Computer Name = YOUR-C8BH3JAGLT | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 2009-01-28 12:02:08 PM | Computer Name = YOUR-C8BH3JAGLT | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 2009-01-28 12:02:08 PM | Computer Name = YOUR-C8BH3JAGLT | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 2009-01-28 04:13:25 PM | Computer Name = YOUR-C8BH3JAGLT | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 2009-01-28 04:13:25 PM | Computer Name = YOUR-C8BH3JAGLT | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 2009-01-28 04:33:17 PM | Computer Name = YOUR-C8BH3JAGLT | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 2009-01-28 04:13:25 PM | Computer Name = YOUR-C8BH3JAGLT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2009-01-28 04:13:43 PM | Computer Name = YOUR-C8BH3JAGLT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2009-01-28 04:14:53 PM | Computer Name = YOUR-C8BH3JAGLT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avipbb Fips Processor SASDIFSV SASKUTIL SAVRT SAVRTPEL ssmdrv SYMTDI

Error - 2009-01-28 04:21:40 PM | Computer Name = YOUR-C8BH3JAGLT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2009-01-28 04:26:34 PM | Computer Name = YOUR-C8BH3JAGLT | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service ImapiService
with arguments "-Service" in order to run the server: {520CCA63-51A5-11D3-9144-00104BA11C5E}

Error - 2009-01-28 04:29:26 PM | Computer Name = YOUR-C8BH3JAGLT | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2009-01-28 04:29:26 PM | Computer Name = YOUR-C8BH3JAGLT | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2009-01-28 04:33:17 PM | Computer Name = YOUR-C8BH3JAGLT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2009-01-28 04:33:45 PM | Computer Name = YOUR-C8BH3JAGLT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2009-01-28 04:34:58 PM | Computer Name = YOUR-C8BH3JAGLT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avipbb Fips Processor SASDIFSV SASKUTIL SAVRT SAVRTPEL ssmdrv SYMTDI


< End of report >

#8 lj4207

lj4207
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Battle Creek MI
  • Local time:11:32 PM

Posted 28 January 2009 - 04:02 PM

also in safe mode administrator



GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-28 13:01:13
Windows 5.1.2600 Service Pack 1


---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)
AttachedDevice \FileSystem\Fastfat \Fat avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)

---- EOF - GMER 1.0.14 ----

Edited by lj4207, 28 January 2009 - 04:03 PM.


#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:32 PM

Posted 28 January 2009 - 09:45 PM

Hello, lj4207
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

In your next reply, please include the following:
  • ComboFix.txt

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#10 lj4207

lj4207
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Battle Creek MI
  • Local time:11:32 PM

Posted 30 January 2009 - 05:51 PM

ill do this next step here in a couple days its not my computer so ill send you the log soon dont end the topic
thanks for the help

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:32 PM

Posted 03 February 2009 - 08:32 PM

Hello, lj4207
Are you still here?

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:32 PM

Posted 06 February 2009 - 07:49 PM

Hello, lj4207
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users