Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Rootkit.Agent/Gen-DNSHack


  • This topic is locked This topic is locked
26 replies to this topic

#1 cc550

cc550

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 31 October 2009 - 03:52 PM

Here are my DDS and RootRepeal logs:


DDS (Ver_09-10-26.01) - NTFSx86
Run by Chris at 16:02:16.39 on Sat 10/31/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.223 [GMT -4:00]

AV: DriveSentry Inc. DriveSentry 3.3.0.4 *On-access scanning disabled* (Outdated) {CC0BD5ED-DBB9-45D1-A16D-CD3C0176013B}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! antivirus 4.8.1335 [VPS 091030-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\DriveSentry\DriveSentryService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070123
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070123
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A057A204-BACC-4D26-9A9E-3AF287E2699B} - No File
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [DLBXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBXtime.dll,_RunDLLEntry@16
mRun: [dlbxmon.exe] "c:\program files\dell photo aio printer 962\dlbxmon.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [DriveSentry] c:\program files\drivesentry\DriveSentry.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pkzipa~1.lnk - c:\program files\pkware\pkzipm\12.40.0016\PKTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} - hxxp://www.link-systems.com/~sdk/SDK/paste/lsiw2k.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxp://osprey.smccme.edu:1350/dwa7W.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5317/mcfscan.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chris\applic~1\mozilla\firefox\profiles\ltnt2i4q.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npitunes.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPSFDMGR.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2008-8-11 26808]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-9-10 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-29 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-29 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-9-10 20560]
R2 DriveSentryCommsDriver;DriveSentryCommsDriver;c:\windows\system32\drivers\DriveSentryCommsDriver.sys [2009-3-9 20704]
R2 DriveSentryFilterDriver2Lite;DriveSentryFilterDriver2Lite;c:\windows\system32\drivers\DriveSentryFilterDriver2Lite.sys [2009-3-9 16736]
R2 DriveSentryKeeperDriver;DriveSentryKeeperDriver;c:\windows\system32\drivers\DriveSentryKeeperDriver.sys [2009-3-9 8160]
R2 DriveSentryRegHookDriver;DriveSentryRegHookDriver;c:\windows\system32\drivers\DriveSentryRegHookDriver.sys [2009-3-9 13792]
R2 DriveSentryService;DriveSentryService;c:\program files\drivesentry\DriveSentryService.exe [2009-3-9 122376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-7-30 210216]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~2\hwdiag\bin\PCD5SRVC.pkms [2008-7-25 22240]
S4 CSIScanner;CSIScanner;c:\program files\prevxcsi\prevxcsi.exe [2008-8-11 927288]

=============== Created Last 30 ================

2009-10-31 13:55:19 0 d-----w- c:\docume~1\chris\applic~1\PKWARE
2009-10-31 13:55:19 0 d-----w- c:\docume~1\alluse~1\applic~1\PKWARE
2009-10-31 13:54:51 0 d-----w- c:\program files\PKWARE
2009-10-31 13:54:51 0 d-----w- c:\program files\common files\PKWARE
2009-10-31 12:19:01 0 d-----w- c:\windows\system32\NtmsData
2009-10-30 23:35:56 0 d-----w- c:\docume~1\chris\applic~1\Canneverbe_Limited
2009-10-30 23:35:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Canneverbe Limited
2009-10-30 23:35:34 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-10-30 23:14:13 0 d-----w- c:\temp\Windows Server 2008 Datacenter Enterprise and Standard (x86) - DVD (English)
2009-10-23 00:53:48 446 ----a-w- c:\windows\POGO.INI
2009-10-23 00:44:00 27 ----a-w- c:\windows\SBSCORE.INI
2009-10-22 23:37:37 152 ----a-w- c:\windows\hockpong.ini
2009-10-22 23:35:39 62 ----a-w- c:\windows\GSTAR.INI
2009-10-22 23:35:37 0 d-----w- C:\hokypong
2009-10-22 23:16:31 246 ----a-w- c:\windows\MVPBR.INI
2009-10-22 23:15:12 10 ---ha-w- c:\windows\GCPVM.006
2009-10-22 23:14:58 0 d-----w- C:\WMVPBR
2009-10-22 23:00:19 44 ----a-w- c:\windows\bswr.ini
2009-10-22 23:00:19 0 d-----w- c:\program files\bstrain
2009-10-16 01:27:43 188 ----a-w- c:\windows\winfrotz.INI
2009-10-15 23:21:11 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-15 23:20:03 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-15 23:20:02 0 d-----w- c:\docume~1\chris\applic~1\SUPERAntiSpyware.com
2009-10-08 01:24:52 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2009-10-01 23:20:01 0 d-----w- c:\program files\Heretic II
2009-10-01 23:14:27 703 ----a-w- c:\windows\H2_Setup.INI

==================== Find3M ====================

2009-09-25 05:56:36 662016 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:56:32 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:03:37 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 03:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:11:47 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 12:49:00 2142720 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 12:02:00 2020864 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-09-29 12:35:06 88 --sha-r- c:\windows\system32\7741C9BB94.sys
2008-09-29 12:37:19 2672 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 16:03:16.79 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/2/2009 6:09:13 PM
System Uptime: 10/31/2009 7:28:14 AM (9 hours ago)

Motherboard: Dell Inc. | | 0XD720
Processor: Genuine Intel® CPU T2050 @ 1.60GHz | Microprocessor | 1595/133mhz
Processor: Genuine Intel® CPU T2050 @ 1.60GHz | Microprocessor | 1596/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 143 GiB total, 65.63 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01AF1028&REV_02\4&2FE911E8&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01AF1028&REV_02\4&2FE911E8&0&00F0
Service: bcm4sbxp

==== System Restore Points ===================

RP53: 8/3/2009 10:50:57 AM - System Checkpoint
RP54: 8/4/2009 11:48:29 AM - System Checkpoint
RP55: 8/5/2009 12:23:09 PM - System Checkpoint
RP56: 8/5/2009 9:04:03 PM - Software Distribution Service 3.0
RP57: 8/6/2009 9:29:36 AM - Printer Driver Microsoft XPS Document Writer Installed
RP58: 8/6/2009 9:21:29 PM - Software Distribution Service 3.0
RP59: 8/24/2009 12:31:42 PM - System Checkpoint
RP60: 8/25/2009 8:52:00 AM - Software Distribution Service 3.0
RP61: 8/26/2009 8:03:17 PM - Software Distribution Service 3.0
RP62: 8/27/2009 8:59:49 PM - System Checkpoint
RP63: 8/31/2009 9:38:56 AM - System Checkpoint
RP64: 9/4/2009 9:13:18 AM - System Checkpoint
RP65: 9/6/2009 3:49:33 PM - System Checkpoint
RP66: 9/9/2009 9:10:43 AM - System Checkpoint
RP67: 9/9/2009 9:25:24 PM - Software Distribution Service 3.0
RP68: 9/11/2009 10:37:44 AM - System Checkpoint
RP69: 9/14/2009 2:44:04 PM - System Checkpoint
RP70: 9/17/2009 9:59:20 PM - System Checkpoint
RP71: 10/7/2009 7:14:56 PM - System Checkpoint
RP72: 10/7/2009 9:24:40 PM - Software Distribution Service 3.0
RP73: 10/13/2009 3:09:15 PM - System Checkpoint
RP74: 10/13/2009 9:31:56 PM - Software Distribution Service 3.0
RP75: 10/15/2009 7:20:00 PM - Installed SUPERAntiSpyware Free Edition
RP76: 10/15/2009 9:29:04 PM - Software Distribution Service 3.0
RP77: 10/22/2009 6:25:33 PM - Software Distribution Service 3.0
RP78: 10/23/2009 6:54:55 PM - System Checkpoint
RP79: 10/24/2009 3:00:34 AM - Software Distribution Service 3.0
RP80: 10/29/2009 6:53:59 PM - Software Distribution Service 3.0
RP81: 10/30/2009 8:04:09 PM - System Checkpoint
RP82: 10/31/2009 3:00:21 AM - Software Distribution Service 3.0
RP83: 10/31/2009 8:18:31 AM - Installed Windows Backup Utility
RP84: 10/31/2009 9:54:50 AM - Installed PKZIP for Windows 12.40.0016.

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint Plus
Action DVD Player
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player 11.5
AGEIA PhysX v7.09.13
AOLIcon
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 6 FREE
ATI Catalyst Control Center
ATI Display Driver
Atlantica Online
avast! Antivirus
Azureus
Broadcom Management Programs
CCleaner (remove only)
CDBurnerXP
CDDRV_Installer
Classic Arcade Games from Midway
Conexant HDA D110 MDC V.92 Modem
Corel Snapfire Plus
Dell Photo AIO Printer 962
Dell Support 3.2.1
Dell Support Center (Support Software)
Dell Wireless WLAN Card
Diablo II
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DriveSentry 3.3.0.4
Free Fire Screensaver
Fx Video Converter
GameEx 10.06
Google Video Player
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life Deathmatch: Source
Heretic II
HijackThis 2.0.2
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
InterActual Player
iTunes
J2SE Development Kit 5.0 Update 2
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java™ SE Runtime Environment 6 Update 1
KhalInstallWrapper
Logitech SetPoint
Malwarebytes' Anti-Malware
McAfee SiteAdvisor
MediaDirect
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access 2007
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office XP Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft Virtual PC 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Modem Helper
Mozilla Firefox (3.5.4)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Need For Speed High Stakes
Nero
neroxml
NetWaiting
Network Stumbler 0.4.0 (remove only)
Norton Security Scan
OpenAL
Opera 9.23
OutlookAddinSetup
PKZIP for Windows 12.40.0016
Power Tab Editor 1.7
Power Tab Librarian
Prevx CSI
Print to Fax
Qtrax 0.2beta (20080125)
QuickSet
QuickTime
RACE 07 Demo
RealPlayer Basic
Revo Uninstaller 1.83
Rhapsody Player Engine
Scour Toolbar
SearchAssist
Security Task Manager 1.7f
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
Symantec KB-DocID:2003093015493306
Synaptics Pointing Device Driver


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/31 16:35
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF18D2000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B8B000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE81A000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf18f26b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf18f2574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf18f2a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf18f214c

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf18f264e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\Drivers\DriveSentryKeeperDriver.sys" at address 0xf7baf56a

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf18f20f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf18f276e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf18f272e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf18f28ae

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xf1a830b0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\Drivers\DriveSentryKeeperDriver.sys" at address 0xf7baf630

==EOF==


Thank you very much for your time

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:03 AM

Posted 07 November 2009 - 12:43 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 cc550

cc550
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 07 November 2009 - 05:16 PM

Here they are:

OTL logfile created on: 11/7/2009 2:34:50 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 189.75 Mb Available Physical Memory | 18.56% Memory free
2.40 Gb Paging File | 1.27 Gb Available in Paging File | 52.76% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.31 Gb Total Space | 65.56 Gb Free Space | 45.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISLAPTOP
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/07 14:33:06 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
PRC - [2009/11/05 06:16:25 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/11/05 06:16:24 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/31 08:55:01 | 00,298,320 | ---- | M] (PKWARE, Inc.) -- C:\Program Files\PKWARE\PKZIPM\12.40.0016\PKTray.exe
PRC - [2009/10/31 06:43:45 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/12 20:24:50 | 02,000,112 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/09/15 06:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/09/15 06:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/09/15 06:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/09/15 06:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/09/15 06:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/09/06 12:38:06 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/07/26 15:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/11 10:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/02/06 04:41:05 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/12/18 10:47:08 | 09,158,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
PRC - [2008/09/24 14:18:52 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/09/24 14:18:50 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/06/23 16:05:31 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/05/02 01:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 01:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2007/09/16 19:38:34 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2007/08/30 16:43:18 | 00,103,664 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2007/06/28 08:14:42 | 00,270,648 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2007/06/28 08:14:32 | 00,501,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/06/28 03:06:52 | 00,106,496 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/05/02 17:16:54 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/01/23 15:14:02 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2006/11/22 18:35:50 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2006/11/22 18:35:50 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2006/11/22 18:32:58 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2006/08/28 22:57:12 | 00,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/08/14 15:20:26 | 00,462,336 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
PRC - [2006/08/03 19:51:42 | 01,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/05/23 07:59:38 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006/05/23 07:59:38 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006/03/08 12:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/01/02 18:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2006/01/02 18:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/05/03 23:07:32 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
PRC - [2005/01/18 09:57:22 | 00,425,984 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exE
PRC - [2004/12/16 10:26:58 | 00,462,848 | ---- | M] (Dell) -- C:\WINDOWS\system32\dlbxcoms.exe
PRC - [2004/08/04 05:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/10/29 03:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/09/10 03:24:00 | 00,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


========== Modules (SafeList) ==========

MOD - [2009/11/07 14:33:06 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
MOD - [2009/02/11 10:06:38 | 00,014,032 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/07/25 10:17:20 | 00,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
MOD - [2008/05/02 01:42:50 | 00,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2006/08/25 09:45:56 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 06:00:00 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2004/08/04 05:00:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (NMIndexingService)
SRV - [2009/11/05 06:16:24 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/15 06:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/09/15 06:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/09/15 06:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/09/15 06:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/09/06 12:38:06 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/02/11 10:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/12/18 10:47:08 | 09,158,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ)
SRV - [2008/12/10 11:49:22 | 00,927,288 | ---- | M] (Prevx) -- C:\Program Files\PrevxCSI\prevxcsi.exe -- (CSIScanner)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/09/24 14:18:52 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/06/23 16:05:31 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/05/02 01:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/09/20 13:20:23 | 01,247,600 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/09/16 19:38:34 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2007/06/28 08:14:32 | 00,501,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/06/28 03:06:52 | 00,106,496 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006/11/22 18:35:50 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/05/23 07:59:38 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/05/03 23:50:28 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper)
SRV - [2005/05/03 22:42:56 | 00,323,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ)
SRV - [2004/12/16 10:26:58 | 00,462,848 | ---- | M] (Dell) -- C:\WINDOWS\System32\dlbxcoms.exe -- (dlbx_device)
SRV - [2004/09/15 06:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2004/08/04 06:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - [2009/11/04 15:32:46 | 00,211,893 | ---- | M] () -- C:\WINDOWS\System32\Drivers\IsDrv122.sys -- (IsDrv122)
DRV - [2009/10/12 20:24:56 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/12 20:24:54 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/12 20:24:52 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/10/07 20:24:52 | 00,229,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2009/09/28 20:57:28 | 00,007,168 | ---- | M] () -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/15 06:56:14 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/09/15 06:55:30 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 06:55:19 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/09/15 06:54:30 | 00,052,368 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/09/15 06:54:21 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/09/15 06:53:24 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/08/27 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/05/21 09:39:22 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/05/21 09:39:22 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/21 09:39:14 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/12/10 11:49:25 | 00,026,808 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxark.sys -- (pxark)
DRV - [2008/10/06 16:55:25 | 00,005,376 | ---- | M] () -- C:\WINDOWS\system32\drivers\MS1000.sys -- (MS1000)
DRV - [2008/07/25 18:05:18 | 00,022,240 | ---- | M] (PC-Doctor, Inc.) -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{FBEA8B78-1B22F121-05040000})
DRV - [2008/06/15 12:20:29 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/02/29 02:13:46 | 00,028,944 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 02:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 02:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/22 19:15:25 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/01/29 06:20:34 | 00,059,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2007/01/23 15:16:41 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2007/01/23 15:14:05 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/11/22 18:34:36 | 00,604,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/09/19 13:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2006/08/25 01:23:08 | 00,044,544 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/05/23 08:06:36 | 01,578,496 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/24 17:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/08 12:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/01/10 12:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/10/14 09:40:18 | 00,307,968 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 09:40:18 | 00,051,328 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 09:40:18 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 18:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/21 21:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 21:01:08 | 00,201,600 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 21:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/13 16:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2004/08/12 18:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 05:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/04 05:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/04 05:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/04 05:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/04 05:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/04 05:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/04 05:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/04 05:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/04 05:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/04 05:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/04 05:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 05:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/04 05:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/04 05:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/04 05:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/04 05:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/03/23 21:12:34 | 00,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2004/03/16 21:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2004/02/13 10:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070123
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070123


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070123
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070123
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-412942581-621714379-3372612161-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-412942581-621714379-3372612161-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070123
IE - HKU\S-1-5-21-412942581-621714379-3372612161-1007\S-1-5-21-412942581-621714379-3372612161-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/08/31 07:51:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/06 20:22:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/11/05 06:16:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/31 06:44:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/05 06:16:45 | 00,000,000 | ---D | M]

[2008/06/23 15:54:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2008/06/23 15:54:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/06 13:27:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\ltnt2i4q.default\extensions
[2009/08/24 08:19:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\ltnt2i4q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/07/15 12:25:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\ltnt2i4q.default\extensions\{247A53FC-FD17-B6D0-67D8-4D9C81D8E0B2}
[2008/08/16 16:50:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\ltnt2i4q.default\extensions\SolidStateION@solidstatenetworks.com
[2008/07/28 14:11:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\ltnt2i4q.default\extensions\summary@pluribo.com
[2008/07/14 10:49:48 | 00,004,431 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\ltnt2i4q.default\searchplugins\scour---search-socially.xml
[2007/06/11 08:57:55 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\ltnt2i4q.default\searchplugins\siteadvisor.xml
[2009/11/06 13:27:26 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/31 06:44:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/05 06:16:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/10/31 06:43:32 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/31 06:43:33 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/11/05 06:16:26 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2007/04/22 19:02:18 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2007/04/22 19:03:13 | 00,094,208 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2007/06/28 08:14:22 | 00,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
[2009/02/06 11:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/10/31 06:43:52 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2007/07/01 14:51:09 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2007/07/01 14:51:09 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2007/07/01 14:51:10 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2007/07/01 14:51:10 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2007/07/01 14:51:10 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2007/07/01 14:51:10 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2007/07/01 14:51:10 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2008/03/12 12:04:10 | 00,086,016 | ---- | M] (SpiralFrog Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPSFDMGR.dll
[2007/12/14 16:54:23 | 00,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
[2009/10/31 06:43:56 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/10/31 06:43:56 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/31 06:43:56 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/31 06:43:56 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/31 06:43:56 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/31 06:43:56 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/10/31 06:43:56 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (351285 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 12043 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9A9E-3AF287E2699B} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKU\S-1-5-21-412942581-621714379-3372612161-1007\..\Toolbar\ShellBrowser: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No CLSID value found.
O3 - HKU\S-1-5-21-412942581-621714379-3372612161-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-412942581-621714379-3372612161-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-412942581-621714379-3372612161-1007\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLBXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.DLL ()
O4 - HKLM..\Run: [dlbxmon.exe] C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe (Dell)
O4 - HKLM..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-412942581-621714379-3372612161-1007..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-412942581-621714379-3372612161-1007..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\S-1-5-21-412942581-621714379-3372612161-1007..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-412942581-621714379-3372612161-1007..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-412942581-621714379-3372612161-1007..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-412942581-621714379-3372612161-1007..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PKZIP Attachments Status.lnk = C:\Program Files\PKWARE\PKZIPM\12.40.0016\PKTray.exe (PKWARE, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-412942581-621714379-3372612161-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-412942581-621714379-3372612161-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-412942581-621714379-3372612161-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-412942581-621714379-3372612161-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-412942581-621714379-3372612161-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-412942581-621714379-3372612161-1007\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (CDownloadCtrl Object)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} http://www.link-systems.com/~sdk/SDK/paste/lsiw2k.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab (HGPlugin9USA Class)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} http://osprey.smccme.edu:1350/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...317/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.121.4.1 24.92.226.9
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3e2a1b5e-4b4f-11dc-a0f8-0019b956da6b}\Shell - "" = AutoRun
O33 - MountPoints2\{3e2a1b5e-4b4f-11dc-a0f8-0019b956da6b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3e2a1b5e-4b4f-11dc-a0f8-0019b956da6b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/07 14:33:06 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2009/11/05 23:03:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\thecleaner
[2009/11/05 23:03:35 | 00,000,000 | ---D | C] -- C:\Program Files\The Cleaner
[2009/11/05 22:48:28 | 00,669,032 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Chris\Desktop\autoruns.exe
[2009/11/05 22:48:28 | 00,559,976 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Chris\Desktop\autorunsc.exe
[2009/11/05 20:19:38 | 01,137,360 | ---- | C] (F-Secure Corporation) -- C:\Documents and Settings\Chris\Desktop\fsbl.exe
[2009/11/05 18:39:32 | 03,550,592 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Chris\Desktop\procexp.exe
[2009/11/05 18:27:53 | 00,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Chris\Desktop\RootkitRevealer.exe
[2009/11/05 06:16:45 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/11/05 06:16:45 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/05 06:16:45 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/05 06:16:45 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/05 03:37:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/11/04 15:53:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\TMRBLog
[2009/11/04 15:53:46 | 00,806,993 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Chris\Desktop\RootkitBuster.exe
[2009/11/04 11:28:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\AVG8
[2009/10/31 08:55:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\PKWARE
[2009/10/31 08:55:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PKWARE
[2009/10/31 08:54:51 | 00,000,000 | ---D | C] -- C:\Program Files\PKWARE
[2009/10/31 08:54:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PKWARE
[2009/10/31 08:54:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Downloaded Installations
[2009/10/31 07:19:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/10/31 06:47:53 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Chris\Desktop\RootRepeal.exe
[2009/10/30 18:35:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Canneverbe_Limited
[2009/10/30 18:35:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2009/10/30 18:35:33 | 00,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2009/10/30 12:21:33 | 00,421,888 | ---- | C] (e-academy Inc.) -- C:\Documents and Settings\Chris\Desktop\Downloader_for_Windows_Server_2008_SE_EE.exe
[2009/10/30 11:06:11 | 00,421,888 | ---- | C] (e-academy Inc.) -- C:\Documents and Settings\Chris\Desktop\Downloader_for_SQL_Srv_2008_EE_EN.exe
[2009/10/29 19:58:52 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Chris\Desktop\HijackThis.exe
[2009/10/22 18:35:37 | 00,000,000 | ---D | C] -- C:\hokypong
[2009/10/22 18:00:19 | 00,000,000 | ---D | C] -- C:\Program Files\bstrain
[2009/10/15 18:21:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/10/15 18:20:03 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/15 18:20:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Chris\My Documents\*.tmp files -> C:\Documents and Settings\Chris\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/07 14:33:06 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2009/11/06 18:00:40 | 00,000,474 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Chris.job
[2009/11/05 23:03:42 | 00,000,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Cleaner 2010.lnk
[2009/11/05 23:03:26 | 07,864,320 | ---- | M] () -- C:\Documents and Settings\Chris\ntuser.dat
[2009/11/05 22:47:40 | 01,151,881 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\PsTools.zip
[2009/11/05 22:47:23 | 00,595,445 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Autoruns.zip
[2009/11/05 20:20:31 | 01,137,360 | ---- | M] (F-Secure Corporation) -- C:\Documents and Settings\Chris\Desktop\fsbl.exe
[2009/11/05 18:30:16 | 00,552,868 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/05 18:30:16 | 00,463,974 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/05 18:30:16 | 00,081,442 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/05 17:26:50 | 00,231,390 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\RootkitRevealer.zip
[2009/11/05 17:26:24 | 01,615,732 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\ProcessExplorer.zip
[2009/11/05 17:25:49 | 00,912,762 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\359_pres.zip
[2009/11/05 06:16:22 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/05 06:16:22 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/05 06:16:22 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/05 06:16:22 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/11/05 06:16:21 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/11/04 21:27:02 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/11/04 21:26:29 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/04 21:22:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/04 21:22:48 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/04 21:22:45 | 10,721,03424 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/04 21:20:00 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Chris\ntuser.ini
[2009/11/04 21:19:52 | 01,576,872 | -H-- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\IconCache.db
[2009/11/04 21:15:19 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/11/04 15:32:46 | 00,211,893 | ---- | M] () -- C:\WINDOWS\System32\drivers\IsDrv122.sys
[2009/11/04 10:49:48 | 00,351,285 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/04 10:34:30 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Spybot - Search & Destroy.lnk
[2009/10/31 15:35:36 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\settings.dat
[2009/10/31 09:26:18 | 35,830,12598 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Backup.zip
[2009/10/31 08:54:56 | 00,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PKZIP Attachments Status.lnk
[2009/10/31 08:45:57 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\dds.scr
[2009/10/31 07:46:26 | 21,930,84414 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Backup.bkf
[2009/10/31 07:14:17 | 00,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/30 18:35:37 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2009/10/30 12:26:38 | 00,421,888 | ---- | M] (e-academy Inc.) -- C:\Documents and Settings\Chris\Desktop\Downloader_for_Windows_Server_2008_SE_EE.exe
[2009/10/30 11:06:12 | 00,421,888 | ---- | M] (e-academy Inc.) -- C:\Documents and Settings\Chris\Desktop\Downloader_for_SQL_Srv_2008_EE_EN.exe
[2009/10/30 11:03:33 | 00,147,456 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\catchme.exe
[2009/10/30 11:03:16 | 00,291,328 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\i22mlc5q.exe
[2009/10/22 20:28:35 | 00,000,446 | ---- | M] () -- C:\WINDOWS\POGO.INI
[2009/10/22 19:44:00 | 00,000,027 | ---- | M] () -- C:\WINDOWS\SBSCORE.INI
[2009/10/22 19:09:11 | 00,000,152 | ---- | M] () -- C:\WINDOWS\hockpong.ini
[2009/10/22 18:35:39 | 00,000,062 | ---- | M] () -- C:\WINDOWS\GSTAR.INI
[2009/10/22 18:16:31 | 00,000,246 | ---- | M] () -- C:\WINDOWS\MVPBR.INI
[2009/10/22 18:15:12 | 00,000,010 | -H-- | M] () -- C:\WINDOWS\GCPVM.006
[2009/10/22 18:00:20 | 00,000,044 | ---- | M] () -- C:\WINDOWS\bswr.ini
[2009/10/22 17:59:16 | 00,000,188 | ---- | M] () -- C:\WINDOWS\winfrotz.INI
[2009/10/20 19:51:58 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PKZIP for Windows.zipSendToPKZIP
[2009/10/20 09:49:26 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\question4 english.doc
[2009/10/19 19:08:13 | 03,063,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/19 19:08:13 | 03,063,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/10/15 20:27:41 | 00,000,989 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\theatre3.sav
[2009/10/15 20:24:35 | 00,000,959 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\theatre2.sav
[2009/10/15 20:08:34 | 00,000,629 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\theatre1.sav
[2009/10/15 18:20:11 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/13 10:20:20 | 00,669,032 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Chris\Desktop\autoruns.exe
[2009/10/13 10:20:20 | 00,559,976 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Chris\Desktop\autorunsc.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Chris\My Documents\*.tmp files -> C:\Documents and Settings\Chris\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/05 23:03:42 | 00,000,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Cleaner 2010.lnk
[2009/11/05 22:48:28 | 00,048,904 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\autoruns.chm
[2009/11/05 22:47:33 | 01,151,881 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\PsTools.zip
[2009/11/05 22:47:18 | 00,595,445 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Autoruns.zip
[2009/11/05 18:39:32 | 00,072,138 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\procexp.chm
[2009/11/05 18:29:56 | 01,275,392 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\SEC309_Advanced Malware Cleaning.ppt
[2009/11/05 18:27:53 | 00,102,160 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\RootkitRevealer.chm
[2009/11/05 17:26:49 | 00,231,390 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\RootkitRevealer.zip
[2009/11/05 17:26:13 | 01,615,732 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\ProcessExplorer.zip
[2009/11/05 17:25:47 | 00,912,762 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\359_pres.zip
[2009/11/04 15:32:46 | 00,211,893 | ---- | C] () -- C:\WINDOWS\System32\drivers\IsDrv122.sys
[2009/11/04 15:06:49 | 10,721,03424 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/04 10:34:30 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Spybot - Search & Destroy.lnk
[2009/10/31 08:55:24 | 35,830,12598 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Backup.zip
[2009/10/31 08:54:56 | 00,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PKZIP Attachments Status.lnk
[2009/10/31 08:45:56 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\dds.scr
[2009/10/31 07:23:37 | 21,930,84414 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Backup.bkf
[2009/10/31 06:48:52 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\settings.dat
[2009/10/30 18:35:37 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2009/10/30 18:35:34 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/10/30 11:03:32 | 00,147,456 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\catchme.exe
[2009/10/30 11:03:13 | 00,291,328 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\i22mlc5q.exe
[2009/10/22 19:53:48 | 00,000,446 | ---- | C] () -- C:\WINDOWS\POGO.INI
[2009/10/22 19:44:00 | 00,000,027 | ---- | C] () -- C:\WINDOWS\SBSCORE.INI
[2009/10/22 18:37:37 | 00,000,152 | ---- | C] () -- C:\WINDOWS\hockpong.ini
[2009/10/22 18:35:39 | 00,000,062 | ---- | C] () -- C:\WINDOWS\GSTAR.INI
[2009/10/22 18:16:31 | 00,000,246 | ---- | C] () -- C:\WINDOWS\MVPBR.INI
[2009/10/22 18:15:12 | 00,000,010 | -H-- | C] () -- C:\WINDOWS\GCPVM.006
[2009/10/22 18:00:19 | 00,000,044 | ---- | C] () -- C:\WINDOWS\bswr.ini
[2009/10/20 19:51:58 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PKZIP for Windows.zipSendToPKZIP
[2009/10/20 09:49:26 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\question4 english.doc
[2009/10/15 20:27:43 | 00,000,188 | ---- | C] () -- C:\WINDOWS\winfrotz.INI
[2009/10/15 20:27:41 | 00,000,989 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\theatre3.sav
[2009/10/15 20:24:34 | 00,000,959 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\theatre2.sav
[2009/10/15 20:08:34 | 00,000,629 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\theatre1.sav
[2009/10/15 18:20:11 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/01 18:14:27 | 00,000,703 | ---- | C] () -- C:\WINDOWS\H2_Setup.INI
[2009/06/24 17:24:45 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\PUTTY.RND
[2009/06/12 12:13:04 | 00,000,395 | ---- | C] () -- C:\WINDOWS\rboy.ini
[2008/11/08 17:56:22 | 00,000,582 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/11/08 17:39:58 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbxins.dll
[2008/11/08 17:39:58 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsr.dll
[2008/11/08 17:39:58 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbxvs.dll
[2008/11/08 17:39:54 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbxcu.dll
[2008/11/08 17:39:54 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbxcur.dll
[2008/11/08 17:39:53 | 00,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbxutil.dll
[2008/11/08 17:39:51 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsb.dll
[2008/11/08 17:39:51 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbxjswr.dll
[2008/11/08 17:39:51 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbxcub.dll
[2008/10/06 16:55:26 | 00,005,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\MS1000.sys
[2008/06/10 10:29:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\syscheck.INI
[2008/06/07 17:14:13 | 00,071,800 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\GDIPFONTCACHEV1.DAT
[2008/05/28 17:08:41 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\wklnhst.dat
[2007/10/30 18:05:18 | 00,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2007/10/15 18:42:21 | 00,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/09/21 18:33:27 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2007/08/13 09:28:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/08/12 18:18:04 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/07/01 20:06:44 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/07/01 20:04:56 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/07/01 20:04:56 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/07/01 20:04:56 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/06/25 10:35:29 | 00,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll
[2007/06/15 07:43:02 | 00,002,672 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/06/15 07:43:02 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\7741C9BB94.sys
[2007/06/14 09:14:36 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/06/11 18:55:43 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/09 07:12:24 | 00,007,680 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/22 19:15:29 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/22 19:01:47 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/04/20 06:57:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/02/12 15:01:43 | 00,077,040 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/02/12 15:01:43 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2007/02/12 15:01:43 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Chris\Application Data\desktop.ini
[2007/02/12 15:01:42 | 01,576,872 | -H-- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\IconCache.db
[2007/01/23 15:33:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/23 15:24:26 | 00,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/01/23 15:23:15 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/23 15:14:26 | 00,000,184 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/23 15:04:53 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/01/23 15:04:51 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/01/23 14:40:46 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/01/23 14:39:40 | 00,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/18 04:53:32 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\MBSSM5.dll
[2005/02/05 15:46:00 | 00,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
[2004/08/10 14:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/10 13:51:28 | 00,000,663 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 13:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/04 05:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1998/10/11 00:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1997/08/23 10:33:24 | 00,022,064 | ---- | C] () -- C:\WINDOWS\System32\tntlvr.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF
< End of report >



OTL Extras logfile created on: 11/7/2009 2:34:50 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 189.75 Mb Available Physical Memory | 18.56% Memory free
2.40 Gb Paging File | 1.27 Gb Available in Paging File | 52.76% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.31 Gb Total Space | 65.56 Gb Free Space | 45.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISLAPTOP
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"38502:TCP" = 38502:TCP:*:Disabled:SolidNetworkManager
"38502:UDP" = 38502:UDP:*:Disabled:SolidNetworkManager

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\WINDOWS\system32\dlbxcoms.exe" = C:\WINDOWS\system32\dlbxcoms.exe:*:Enabled:Dell 962 Server -- (Dell)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxPSWX.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxPSWX.EXE:*:Enabled:Dell 962 Printer Status -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Chris\Local Settings\Application Data\Kamuse\KCSTrayDownloader\KCSTrayDownloaderEngine.exe" = C:\Documents and Settings\Chris\Local Settings\Application Data\Kamuse\KCSTrayDownloader\KCSTrayDownloaderEngine.exe:*:Enabled:KCSDownloaderEngine -- (Kamuse, Incorporated)
"C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe" = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe:*:Enabled:CLI Application (Command Line Interface) -- (ATI Technologies Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0EEAB659-66AB-4250-BB30-984D92A9AC8C}" = Power Tab Librarian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2620AFEF-CEB5-49FA-B714-C5E9AF7A06F9}" = Atlantica Online
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{32A3A4F4-B792-11D6-A78A-00B0D0150020}" = J2SE Development Kit 5.0 Update 2
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C49EA42-5647-4051-84C2-E6404F25A931}" = Yahoo! Music Jukebox
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}" = Rhapsody Player Engine
"{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}" = iTunes
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D7FA188-F222-4B5E-A645-9636E0768119}" = PKZIP for Windows 12.40.0016
"{8FC46258-0843-4D79-B7F0-F2B82FE6173B}" = Apple Mobile Device Support
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_Access_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_Access_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_Access_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_Access_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_Access_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_Access_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_Access_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}" = ATI Catalyst Control Center
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint Plus
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B510A987-487E-4C66-9F4F-D386AC275715}" = TextPad 4.7
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E9EEE4CB-CB2B-4273-9AF5-7E12022B444B}" = Opera 9.23
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Access" = Microsoft Office Access 2007
"Action DVD Player_is1" = Action DVD Player
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"Azureus" = Azureus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner (remove only)
"Classic Arcade Games from Midway" = Classic Arcade Games from Midway
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Dell Photo AIO Printer 962" = Dell Photo AIO Printer 962
"Diablo II" = Diablo II
"Free Fire Screensaver" = Free Fire Screensaver
"Fx Video Converter" = Fx Video Converter
"GameEx_is1" = GameEx 10.06
"GoogleVideoPlayer" = Google Video Player
"Heretic II" = Heretic II
"HijackThis" = HijackThis 2.0.2
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"Need For Speed High Stakes" = Need For Speed High Stakes
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NSS" = Norton Security Scan
"OpenAL" = OpenAL
"PCSI" = Prevx CSI
"Qtrax 20080125" = Qtrax 0.2beta (20080125)
"RealPlayer 6.0" = RealPlayer Basic
"RealVNC_is1" = VNC Free Edition 4.1.3
"Revo Uninstaller" = Revo Uninstaller 1.83
"scourtoolbar" = Scour Toolbar
"Security Task Manager" = Security Task Manager 1.7f
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Cleaner_is1" = The Cleaner 2010
"Ultra Screen Saver Maker" = Ultra Screen Saver Maker
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Yahoo! Messenger" = Yahoo! Messenger
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-412942581-621714379-3372612161-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 360" = Half-Life Deathmatch: Source
"Steam App 380" = Half-Life 2: Episode One
"Steam App 4260" = RACE 07 Demo

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/4/2009 10:10:10 PM | Computer Name = CHRISLAPTOP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://valleywag.gawker.com/at.js.php failed, 0000A413.

Error - 11/4/2009 10:11:28 PM | Computer Name = CHRISLAPTOP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.google.com/complete/search...NSHack&cp=2
failed, 0000A413.

[ Application Events ]
Error - 11/5/2009 4:00:59 AM | Computer Name = CHRISLAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 11/5/2009 4:01:00 AM | Computer Name = CHRISLAPTOP | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB953297-X86\NDP1.1sp1-KB953297-X86-msi.0.log.

Error - 11/5/2009 4:01:02 AM | Computer Name = CHRISLAPTOP | Source = NativeWrapper | ID = 5000
Description =

Error - 11/5/2009 11:27:34 PM | Computer Name = CHRISLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application symlcsvc.exe, version 1.9.1.1255, faulting module
symlcnet.dll, version 1.9.1.1255, fault address 0x00010d44.

Error - 11/6/2009 4:00:58 AM | Computer Name = CHRISLAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 11/6/2009 4:00:59 AM | Computer Name = CHRISLAPTOP | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB953297-X86\NDP1.1sp1-KB953297-X86-msi.0.log.

Error - 11/6/2009 4:01:02 AM | Computer Name = CHRISLAPTOP | Source = NativeWrapper | ID = 5000
Description =

Error - 11/7/2009 4:00:55 AM | Computer Name = CHRISLAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 11/7/2009 4:00:57 AM | Computer Name = CHRISLAPTOP | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB953297-X86\NDP1.1sp1-KB953297-X86-msi.0.log.

Error - 11/7/2009 4:01:00 AM | Computer Name = CHRISLAPTOP | Source = NativeWrapper | ID = 5000
Description =

[ OSession Events ]
Error - 10/16/2008 4:44:56 PM | Computer Name = CHRISLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1676
seconds with 1440 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/3/2009 4:01:02 AM | Computer Name = CHRISLAPTOP | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update
for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2 (KB953297).

Error - 11/4/2009 4:02:15 AM | Computer Name = CHRISLAPTOP | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update
for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2 (KB953297).

Error - 11/4/2009 4:30:38 PM | Computer Name = CHRISLAPTOP | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 11/5/2009 4:02:14 AM | Computer Name = CHRISLAPTOP | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update
for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2 (KB953297).

Error - 11/5/2009 7:44:55 PM | Computer Name = CHRISLAPTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 10.121.6.114 for the Network Card with network
address 00197D600D46 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 11/5/2009 10:23:20 PM | Computer Name = CHRISLAPTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.105 for the Network Card with network
address 00197D600D46 has been denied by the DHCP server 10.0.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 11/5/2009 11:28:15 PM | Computer Name = CHRISLAPTOP | Source = Service Control Manager | ID = 7034
Description = The Symantec Core LC service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/5/2009 11:42:31 PM | Computer Name = CHRISLAPTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.105 for the Network Card with network
address 00197D600D46 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 11/6/2009 4:02:33 AM | Computer Name = CHRISLAPTOP | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update
for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2 (KB953297).

Error - 11/7/2009 4:02:19 AM | Computer Name = CHRISLAPTOP | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update
for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2 (KB953297).


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:03 AM

Posted 08 November 2009 - 07:26 AM

Hi,

could you please tell me where the Rootkit.Agnet is found and by which program?

Please also run Malwarebytes:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 cc550

cc550
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 08 November 2009 - 08:45 AM

Super AntiSpyware detected it, and I was able to remove it with Icesword, but since then it has seemed to be really slow, and if I leave it at the screensaver for awhile, the entire screen goes blank. When I try to wake it up it will take several minutes after hitting the spacebar for the screensaver to come back and then I can wake it up.

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

11/8/2009 8:40:52 AM
mbam-log-2009-11-08 (08-40-52).txt

Scan type: Quick Scan
Objects scanned: 99608
Time elapsed: 10 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:03 AM

Posted 08 November 2009 - 10:33 AM

Hi,

do you recall the location of the threat? It would be really helpful to understand what happened on your PC.

Please also run a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 cc550

cc550
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 08 November 2009 - 10:46 PM

Unfortunately I dont remember where the infection was.

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-08 22:46:06
Windows 5.1.2600 Service Pack 2
Running: i22mlc5q.exe; Driver: C:\DOCUME~1\Chris\LOCALS~1\Temp\kwrirpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF21176B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF2117574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF2117A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF211714C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF211764E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF211708C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF21170F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF211776E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF211772E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF21178AE]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF22A80B0]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3760] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 0116EDC0 C:\Program Files\McAfee\SiteAdvisor\saPlugin.dll

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[908] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[908] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[968] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device EE98BC8A

AttachedDevice FLTMGR.SYS (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9FF09314-D6BB-5701-967F-0359C157F079}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9FF09314-D6BB-5701-967F-0359C157F079}@eaimnacakf 0x66 0x61 0x6F 0x6D ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9FF09314-D6BB-5701-967F-0359C157F079}@dadmgogj 0x64 0x62 0x65 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9FF09314-D6BB-5701-967F-0359C157F079}@iaakmeefpgfddboaib 0x6A 0x61 0x6C 0x61 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9FF09314-D6BB-5701-967F-0359C157F079}@hagkgejbnlljffpb 0x6A 0x61 0x6A 0x61 ...

---- EOF - GMER 1.0.15 ----

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:03 AM

Posted 09 November 2009 - 05:00 AM

Hi,
you are running multiple anti virus programs.
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove two of the following three programs: DriveSentry and AVG and Avast.

Please check if that improves your problem.

regsards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 cc550

cc550
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 09 November 2009 - 12:48 PM

I removed Drivesentry, I removed AVG a long time ago.. there must be some of it left somewhere, but Im not sure where the files would be left over.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:03 AM

Posted 09 November 2009 - 04:40 PM

Hi,

that is probably a little hick up in WMI, please do the following:

1. Click on the Start menu.
2. Select Run...
3. Type wbemtest and click OK
4. Connect to root\SecurityCenter
5. Click on Query
6. Type in SELECT * FROM AntiVirusProduct and click on Apply

Posted Image

If there is more than one result, it means there is more than one Antivirus program installed. Double click on each result to view the properties for that Antivirus product. Identify the product(s) installed and DELETE any records for an Antivirus software that is no longer installed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 cc550

cc550
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 09 November 2009 - 04:49 PM

Thank you, I have now fully removed AVG from my computer. Is there anything I can do for the sluggishness?

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:03 AM

Posted 09 November 2009 - 06:12 PM

Hi,

are you familiar with those two folders:

C:\hokypong
C:\Program Files\bstrain

Do you know what they contain?

The sluggishness could be caused by many reasons. I'm not sure we will be able to find the source.

But you could try running chkdsk and sfc on your system, to see that your operating system is intact.
Go to the Run box on the Start Menu and type in:

sfc /scannow

Make sure to include the space between the first "c" and the "/".

This will run the System File checker and it will scan for corrupt or missing files. It may prompt you to insert the CD if it needs to obtain files.

Please post back when it has finished letting me know what it has reported.

More info on this process can be found here.

1. Run Chkdsk
Running chkdsk may take some time to complete. Please be patient and do not use the computer, press any keys, or try to stop the chkdsk scan once it has started.
  • Right-click the Start button and select Explore
  • Navigate to your C: Drive, then right-click the drive and select Properties
  • In the Properties window that pops-up, click the Tools tab and then click on the button that says Check Now
  • If the User Account Control window pops-up asking for permission to run Check Disk, please click on Continue
  • In the Check Disk Options window that pops-up, place a check-mark in both boxes:
    • Automatically fix file system errors
    • Scan for and attempt recovery of bad sectors
  • Now click on Start.
  • A new window will pop-up saying, Windows can't check the disk while it's in use, click schedule disk check
  • Now shut-down your computer, not restart, and then turn on your computer.
  • When your computer turns on, you will see a blcak screen with white lettering, this is chkdsk running.
  • Let chkdsk run through its 5 Stages. When it is finished, your computer will boot to the desktop.
2. Chkdsk Log
  • Click on Start, then Run.
  • Copy and paste the following bold text in to the Open: box:
    • eventvwr.msc /s
  • This will bring up the Event Viewer window
  • In the left panel click on Application
  • The chkdsk log should be the first entry, with a source of Wininit. If it is not the first log:
    • Click on View, and then on Newest First
    • This should place the chkdsk log at the top of the list.
  • Click on the entry once
  • Now right-click on the entry and choose Properties.
  • In the window that pops-up, click on Posted Image (this will copy the log).
  • Paste the log in a Reply to this topic.
You could also try and run StartupLite:
Download and Run StartupLite
This program will identify and give you the option to remove uneeded startup items to free memory.
  • Download StartupLite.exe by MalwareBytes to your desktop.
  • Double click the icon to start the program. If you are using Windows Vista, right click the icon and select Run As Administrator.
  • A list of uneeded startup entries will be compiled. Leave all the items as Disabled and click Continue.
  • Restart your computer.
Let me know if any of this helped.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 cc550

cc550
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 11 November 2009 - 02:58 PM

When trying to run chkdsk it says unable to scan volume. What should I do so that it can finish this?

Edited by cc550, 11 November 2009 - 02:58 PM.


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:03 AM

Posted 11 November 2009 - 06:31 PM

Hi,

please try booting into Recovery Console from CD:
  • Insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer.

  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
  • Your PC should now boot from your XP-CD.
    Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.

  • When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

  • When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

  • A command prompt will open
  • type chkdsk /f /r and hit enter.
It'll scan your hard disk for errors. Let me know if it finds anything.

Once it is finished, you can exit by typing exit.

regards myrti

EDIT: No log will be created.

Edited by myrti, 11 November 2009 - 06:31 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 cc550

cc550
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 11 November 2009 - 06:55 PM

It says it doesnt have the /f and /r switches... only has /p and /r switches




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users