Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkid enbedded in my system; related to Win32/Alureon.exe


  • This topic is locked This topic is locked
10 replies to this topic

#1 AlyRuth

AlyRuth

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta, GA, USA
  • Local time:11:18 PM

Posted 06 August 2010 - 04:01 PM

Read my topic here:

http://www.bleepingcomputer.com/forums/t/336479/google-redirect-virus-gone;-still-getting-incoming-packets-from-the-ip-blocked-by-zonealarm/

Here's my DDS log. GMER locked up my computer three times.

Attached Files

  • Attached File  DDS.txt   17.8KB   6 downloads

Edited by AlyRuth, 06 August 2010 - 04:02 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:18 AM

Posted 14 August 2010 - 08:26 AM

Hello AlyRuth

Welcome to BleepingComputer smile.gif
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 AlyRuth

AlyRuth
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta, GA, USA
  • Local time:11:18 PM

Posted 14 August 2010 - 11:42 AM

Ran perfectly. thumbup2.gif Here are the logs:

OTL.Text:

OTL logfile created on: 8/14/2010 12:14:00 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Aly\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 437.24 Gb Free Space | 93.88% Space Free | Partition Type: NTFS
Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALLI
Current User Name: Aly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Aly\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Lexmark 1300 Series\lxdcamon.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\lxdccoms.exe ( )
PRC - C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe (Belkin)
PRC - C:\WINDOWS\system32\acs.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Aly\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\netui1.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netui0.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ntlanman.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netrap.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\drprov.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\davclnt.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (6to4) -- C:\WINDOWS\System32\6to4v32.dll File not found
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (lxdcCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe ()
SRV - (lxdc_device) -- C:\WINDOWS\System32\lxdccoms.exe ( )
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()


========== Driver Services (SafeList) ==========

DRV - (SetupNTGLM7X) -- D:\NTGLM7X.sys File not found
DRV - (pnicml) -- C:\DOCUME~1\Aly\LOCALS~1\Temp\pnicml.sys File not found
DRV - (NTACCESS) -- D:\NTACCESS.sys File not found
DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (amdide) -- C:\WINDOWS\system32\DRIVERS\amdide.sys (Advanced Micro Devices)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\AtiHdAud.sys (ATI Research Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (BLKWGD) -- C:\WINDOWS\system32\drivers\BLKWGD.sys (Belkin Corporation.)
DRV - (wlanndi5) -- C:\WINDOWS\system32\wlanndi5.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE B2 36 41 5B 36 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {24cea704-946d-11da-a72b-0800200c9a66}:1.1.2
FF - prefs.js..extensions.enabledItems: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/12/15 00:56:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/12/13 23:11:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/08/11 18:25:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/14 12:08:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/30 20:58:04 | 000,000,000 | ---D | M]

[2009/12/13 17:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aly\Application Data\Mozilla\Extensions
[2009/12/13 17:05:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aly\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/08/13 16:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aly\Application Data\Mozilla\Firefox\Profiles\egz68bbg.default\extensions
[2009/12/15 17:26:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Aly\Application Data\Mozilla\Firefox\Profiles\egz68bbg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/23 19:35:55 | 000,000,000 | ---D | M] (Panic Button) -- C:\Documents and Settings\Aly\Application Data\Mozilla\Firefox\Profiles\egz68bbg.default\extensions\{24cea704-946d-11da-a72b-0800200c9a66}
[2010/08/01 13:17:03 | 000,000,000 | ---D | M] (ZoneAlarm Toolbar) -- C:\Documents and Settings\Aly\Application Data\Mozilla\Firefox\Profiles\egz68bbg.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
[2010/08/13 16:06:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/30 15:27:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/12/13 23:11:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2010/06/10 22:14:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/22 22:07:09 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/07/22 22:07:10 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/22 22:07:11 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/12/21 18:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/04/07 19:34:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/04/07 19:34:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/04/07 19:34:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/04/07 19:34:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/04/07 19:34:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/04/07 19:34:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/04/07 19:34:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/07/22 19:41:04 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/07/22 19:41:04 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/07/22 19:41:04 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/07/22 19:41:04 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/07/22 19:41:04 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/07/22 19:41:04 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/07/22 19:41:04 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [lxdcamon] C:\Program Files\Lexmark 1300 Series\lxdcamon.exe ()
O4 - HKLM..\Run: [lxdcmon.exe] C:\Program Files\Lexmark 1300 Series\lxdcmon.exe File not found
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Utility.lnk = C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Aly\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1260733852494 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Aly\My Documents\My Pictures\yrbk.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Aly\My Documents\My Pictures\yrbk.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/13 14:24:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/12/19 13:56:20 | 000,000,000 | R--D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2006/07/20 19:56:36 | 000,253,952 | R--- | M] (Firaxis Games) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/07/24 14:33:33 | 000,007,974 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - C:\WINDOWS\System32\6to4v32.dll File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/14 12:08:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/08/13 15:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aly\Local Settings\Application Data\PCHealth
[2010/08/13 15:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/08/02 19:56:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aly\DoctorWeb
[2010/08/02 19:34:57 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/08/02 10:17:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aly\Desktop\tdsskiller
[2010/08/01 17:24:15 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/08/01 14:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/08/01 13:17:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aly\My Documents\ForceField Shared Files
[2010/08/01 13:17:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aly\Application Data\CheckPoint
[2010/08/01 13:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/01 13:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/01 13:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/08/01 13:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aly\Local Settings\Application Data\Conduit
[2010/08/01 13:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aly\Local Settings\Application Data\ZoneAlarm
[2010/08/01 13:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm
[2010/08/01 13:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/08/01 13:11:31 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010/08/01 13:11:26 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/08/01 13:11:26 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010/08/01 13:11:19 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010/08/01 13:11:18 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010/08/01 13:11:18 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2010/08/01 13:11:17 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010/08/01 13:11:17 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/08/01 13:11:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/08/01 13:11:15 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010/08/01 13:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/08/01 13:10:46 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010/08/01 13:10:46 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2010/08/01 13:10:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/08/01 13:10:45 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010/07/25 14:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aly\My Documents\My Spore Creations
[2010/07/25 14:22:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aly\Application Data\SPORE
[2010/07/17 15:09:13 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/18 11:41:59 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcserv.dll
[2010/04/18 11:41:59 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcusb1.dll
[2010/04/18 11:41:59 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpmui.dll
[2010/04/18 11:41:59 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdclmpm.dll
[2010/04/18 11:41:59 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcinpa.dll
[2010/04/18 11:41:59 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdciesc.dll
[2010/04/18 11:41:59 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDChcp.dll
[2010/04/18 11:41:59 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcprox.dll
[2010/04/18 11:41:59 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpplc.dll
[2010/04/18 11:41:58 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdchbn3.dll
[2010/04/18 11:41:58 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomc.dll
[2010/04/18 11:41:58 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomm.dll

========== Files - Modified Within 30 Days ==========

[2010/08/14 12:11:44 | 000,488,244 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/14 12:11:44 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/14 12:11:44 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/14 12:11:28 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\Aly\Desktop\Shortcut to OTL.lnk
[2010/08/14 12:10:56 | 063,430,874 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/14 12:09:20 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/14 12:04:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/14 12:04:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/14 12:04:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/13 21:59:04 | 002,834,432 | ---- | M] () -- C:\Documents and Settings\Aly\ntuser.dat
[2010/08/13 21:58:41 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Aly\ntuser.ini
[2010/08/13 19:54:22 | 003,765,136 | -H-- | M] () -- C:\Documents and Settings\Aly\Local Settings\Application Data\IconCache.db
[2010/08/13 17:36:55 | 000,112,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 16:33:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/04 22:59:16 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\Aly\Desktop\Shortcut to gmer.lnk
[2010/08/04 22:55:46 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\Aly\Desktop\Shortcut to dds.lnk
[2010/08/04 22:54:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Aly\defogger_reenable
[2010/08/04 22:51:34 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Aly\Desktop\Defogger.exe
[2010/08/02 19:43:03 | 048,116,736 | ---- | M] () -- C:\Documents and Settings\Aly\Desktop\b74qhawl.exe
[2010/08/02 15:01:10 | 000,020,933 | ---- | M] () -- C:\Documents and Settings\Aly\My Documents\history.odt
[2010/08/02 10:15:05 | 001,108,900 | ---- | M] () -- C:\Documents and Settings\Aly\Desktop\tdsskiller.zip
[2010/08/01 16:43:19 | 000,021,605 | ---- | M] () -- C:\Documents and Settings\Aly\My Documents\summer reading.odt
[2010/08/01 14:42:14 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/08/01 13:18:29 | 000,421,442 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/08/01 13:11:35 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/08/01 13:11:33 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Aly\Desktop\ZoneAlarm Security.lnk
[2010/07/30 15:27:32 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Aly\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/30 15:27:32 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/29 20:51:00 | 000,020,351 | ---- | M] () -- C:\Documents and Settings\Aly\My Documents\zu1.odt
[2010/07/29 18:49:06 | 000,020,160 | ---- | M] () -- C:\Documents and Settings\Aly\My Documents\zupro.odt
[2010/07/28 15:24:44 | 000,000,846 | ---- | M] () -- C:\Documents and Settings\Aly\.recently-used.xbel
[2010/07/27 02:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/25 14:20:23 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SPORE™.lnk
[2010/07/22 19:58:36 | 000,001,907 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2010/07/17 15:09:14 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/17 15:09:13 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/17 15:09:05 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

========== Files Created - No Company Name ==========

[2010/08/14 12:11:28 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\Aly\Desktop\Shortcut to OTL.lnk
[2010/08/04 22:59:16 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\Aly\Desktop\Shortcut to gmer.lnk
[2010/08/04 22:55:46 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\Aly\Desktop\Shortcut to dds.lnk
[2010/08/04 22:54:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Aly\defogger_reenable
[2010/08/04 22:53:58 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Aly\Desktop\Defogger.exe
[2010/08/02 19:44:31 | 048,116,736 | ---- | C] () -- C:\Documents and Settings\Aly\Desktop\b74qhawl.exe
[2010/08/02 10:17:16 | 001,108,900 | ---- | C] () -- C:\Documents and Settings\Aly\Desktop\tdsskiller.zip
[2010/08/01 18:39:40 | 000,020,933 | ---- | C] () -- C:\Documents and Settings\Aly\My Documents\history.odt
[2010/08/01 14:47:32 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/01 14:42:14 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/08/01 13:11:35 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/08/01 13:11:33 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Aly\Desktop\ZoneAlarm Security.lnk
[2010/08/01 13:11:15 | 000,421,442 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/07/31 16:44:55 | 000,021,605 | ---- | C] () -- C:\Documents and Settings\Aly\My Documents\summer reading.odt
[2010/07/30 15:27:32 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Aly\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/29 20:50:59 | 000,020,351 | ---- | C] () -- C:\Documents and Settings\Aly\My Documents\zu1.odt
[2010/07/29 18:49:05 | 000,020,160 | ---- | C] () -- C:\Documents and Settings\Aly\My Documents\zupro.odt
[2010/07/28 15:24:44 | 000,000,846 | ---- | C] () -- C:\Documents and Settings\Aly\.recently-used.xbel
[2010/07/25 14:20:23 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SPORE™.lnk
[2010/07/19 19:48:47 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Aly\Desktop\Internet Explorer.lnk
[2010/04/18 11:43:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdcvs.dll
[2010/04/18 11:43:07 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdccoin.dll
[2010/04/18 11:41:59 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDCinst.dll
[2010/04/18 11:41:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdcgrd.dll
[2010/04/11 12:28:29 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/04/02 13:32:22 | 000,000,016 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini

========== LOP Check ==========

[2010/04/11 12:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/06/09 22:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/01 13:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/24 12:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/05/18 17:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/05/17 17:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/04/27 18:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/07 13:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2010/06/09 21:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aly\Application Data\17DD061F1E0F05EE70EC391E74D38AAB
[2010/08/01 13:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aly\Application Data\CheckPoint
[2010/06/09 21:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aly\Application Data\gtk-2.0
[2010/05/13 22:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aly\Application Data\LolClient
[2010/02/17 14:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aly\Application Data\My Games
[2009/12/13 23:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aly\Application Data\OpenOffice.org
[2010/05/17 17:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aly\Application Data\Publish Providers
[2010/05/17 17:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aly\Application Data\Sony
[2010/07/25 14:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aly\Application Data\SPORE
[2010/04/07 13:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aly\Application Data\Yahoo
[2010/08/14 12:09:20 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/12/13 14:24:07 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/12/13 15:31:19 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2009/12/13 14:24:07 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/12/13 14:24:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/10 22:07:37 | 000,000,148 | ---- | M] () -- C:\lxdc.log
[2009/12/13 14:24:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/12/13 16:01:09 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/14 12:03:56 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/08/02 10:14:53 | 000,038,118 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_02.08.2010_10.14.17_log.txt
[2010/08/02 10:19:01 | 000,038,118 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_02.08.2010_10.18.38_log.txt
[2010/08/02 10:18:59 | 000,001,864 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_02.08.2010_10.18.57_log.txt
[2010/08/02 10:19:11 | 000,038,118 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_02.08.2010_10.19.03_log.txt
[2010/08/02 10:21:02 | 000,038,118 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_02.08.2010_10.20.51_log.txt
[2010/08/02 12:08:25 | 000,038,118 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_02.08.2010_12.08.14_log.txt
[2010/08/02 14:44:41 | 000,038,118 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_02.08.2010_14.44.31_log.txt
[2010/08/02 19:26:35 | 000,038,118 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_02.08.2010_19.26.14_log.txt
[2010/08/03 23:28:43 | 000,038,118 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_03.08.2010_23.28.31_log.txt
[2010/08/06 20:34:36 | 000,038,118 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_06.08.2010_20.33.49_log.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/03/09 22:07:10 | 000,372,736 | R--- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/12/12 21:17:36 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/12/12 21:17:36 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/12/12 21:17:36 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/07/17 15:09:05 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/06/09 21:25:35 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/07/17 15:09:14 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/08/01 16:20:36 | 000,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RDPCDD.SYS
[2010/06/21 11:27:11 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/01/18 06:18:54 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdcdrpp.dll
< End of report >








Extras.Txt:

OTL Extras logfile created on: 8/14/2010 12:14:00 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Aly\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 437.24 Gb Free Space | 93.88% Space Free | Partition Type: NTFS
Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALLI
Current User Name: Aly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"56206:TCP" = 56206:TCP:*:Enabled:Pando Media Booster
"56206:UDP" = 56206:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"56206:TCP" = 56206:TCP:*:Enabled:Pando Media Booster
"56206:UDP" = 56206:UDP:*:Enabled:Pando Media Booster
"8377:TCP" = 8377:TCP:*:Enabled:League of Legends Launcher
"8377:UDP" = 8377:UDP:*:Enabled:League of Legends Launcher
"8378:TCP" = 8378:TCP:*:Enabled:League of Legends Launcher
"8378:UDP" = 8378:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Lexmark 1300 Series\app4r.exe" = C:\Program Files\Lexmark 1300 Series\app4r.exe:*:Enabled:Lexmark Imaging Studio -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- File not found
"C:\WINDOWS\system32\lxdccoms.exe" = C:\WINDOWS\system32\lxdccoms.exe:*:Enabled:1300 Series Server -- ( )
"C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" = C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Enabled:Device Monitor Application -- ()
"C:\Program Files\Lexmark 1300 Series\App4R.exe" = C:\Program Files\Lexmark 1300 Series\App4R.exe:*:Enabled:Printing Application -- ()
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdcpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdcpswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdcjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdcjswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdctime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdctime.exe:*:Enabled: -- (Lexmark International, Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- File not found
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{071B2530-DE3C-736C-E803-C2FC71B5FCC6}" = CCC Help English
"{091A013B-889B-DB85-3ED0-C2BB233F8062}" = CCC Help Thai
"{0926FCAB-78EE-22C8-BA2B-6711239A64AB}" = Catalyst Control Center Localization Spanish
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{16F1E7AA-3E4A-BAE1-5952-3511303CBF2A}" = CCC Help Chinese Traditional
"{186A63A2-4256-43C6-8061-95EF77A5CDB6}" = Sid Meier's Civilization 4
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.5
"{1D3BFC7B-30BF-3687-8F69-C985F5E11B8A}" = Catalyst Control Center Localization Swedish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{388181F4-8B46-3014-F565-86B483FC7F8F}" = CCC Help Norwegian
"{3C077648-DFED-519D-1D68-0F708C9A18C0}" = Catalyst Control Center Localization French
"{3C61FA6E-484E-1041-13C5-C045E63CD26E}" = ccc-core-static
"{4566ECCC-7E0F-13DF-57FF-46572D5C88D6}" = Catalyst Control Center Localization Thai
"{49D23949-485F-5237-A29D-4A437879A764}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ECA41F3-1746-E75C-C755-36B15E0CBFE5}" = CCC Help Korean
"{4F024C0E-72BC-11CA-2CC6-E27BF958D289}" = CCC Help Russian
"{5314FAC0-F8A5-4432-8980-251D055B2C5B}" = Belkin Wireless Utility
"{54B6EB6F-60E2-40A8-1A59-DE81A20D71D4}" = CCC Help Finnish
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.2.3
"{67FD1065-9AB7-E3BF-2BC8-E6874F26C1E4}" = Catalyst Control Center Localization Greek
"{69364417-1721-2120-939E-3F0656984E8C}" = Catalyst Control Center Localization Polish
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D2DBCFC-22B1-5361-21AB-66BF7739904D}" = Catalyst Control Center Localization Finnish
"{6D442500-7D5D-F45B-940F-CF03ED854E88}" = ccc-utility
"{6E718153-1BE6-935F-F269-2E52893C926A}" = Catalyst Control Center Localization Turkish
"{6EEA1E34-96B6-7DDF-F566-ABCF65DD65C6}" = Catalyst Control Center Localization Japanese
"{71108A84-CD9E-F621-0E2E-FB436AF6ED53}" = CCC Help Portuguese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7617D8EF-B234-0EB9-A772-37CC9D64C7CE}" = CCC Help Polish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F0D4B6-CA19-1D28-AD0B-12EC980BB43F}" = CCC Help Hungarian
"{78B87CB6-2549-2ED7-522B-92BD7336B7AE}" = Catalyst Control Center Graphics Full New
"{8061C156-B1EC-ADCA-D639-0AA8DB908040}" = ccc-core-preinstall
"{806B5F54-AC5F-3A89-B4A6-902091281D22}" = Catalyst Control Center Localization Chinese Standard
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86B8A984-70F0-D69F-C12E-F0C05B1AB92C}" = Catalyst Control Center Localization Norwegian
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8A3530FD-5E75-545C-D712-E91FE37EEF94}" = CCC Help French
"{8D74BDB3-005F-DA77-B265-E9B419F64263}" = Catalyst Control Center Localization Chinese Traditional
"{907C5E3C-8968-A7DC-0A4D-28D7BE0160E4}" = CCC Help Turkish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C5F81D-0779-4932-BE83-32AAF814F4B9}" = League of Legends
"{96228425-7274-B574-55CE-50E59E033481}" = Catalyst Control Center Graphics Light
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9978BA43-526E-B363-5951-BF1C9C442151}" = CCC Help Chinese Standard
"{9CE072D3-AE52-769C-8C7E-3CC3CB187602}" = Catalyst Control Center Localization Italian
"{9D87CAA2-5DA2-CDA7-EBE0-EED718065CB0}" = CCC Help Italian
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AAAF3330-05A9-6F21-E212-00F8535C854F}" = CCC Help Danish
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B0874A9F-BAD6-FC1F-17CD-D733E16EF865}" = Catalyst Control Center Localization German
"{B0D4409A-2E6E-3C9C-89FD-6D2CC44A819A}" = CCC Help German
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B19C2B54-C4FA-7077-D617-1C975F84F060}" = Catalyst Control Center Graphics Full Existing
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B476A489-864B-3859-5F86-3D7D7D8967D2}" = CCC Help Dutch
"{B4FC556B-D07A-AA91-E1FD-564023ACB63B}" = Catalyst Control Center Core Implementation
"{BA55BEB2-A531-1A7F-1360-3B05002D60EF}" = Catalyst Control Center Localization Danish
"{BAD58CBB-7F63-2E8B-8299-BE039EA022B0}" = CCC Help Greek
"{BC3A0A2C-BF3A-4717-1A9A-C3988E25DF2B}" = Catalyst Control Center Localization Korean
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D09FF913-6A12-8750-59ED-F4DC2F866DA3}" = CCC Help Spanish
"{D10DE2E6-C670-05DD-57AD-21E6E561B226}" = Catalyst Control Center Localization Czech
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{D9DCAE50-FDC6-652D-F31D-A3FF49D81F5A}" = Catalyst Control Center Localization Portuguese
"{DDFAC722-4351-D8FE-0002-97ED0CF55294}" = CCC Help Japanese
"{E31B55E1-3168-1FEA-2F2B-FD1DF6810EC8}" = Catalyst Control Center Localization Russian
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E69B9FA2-E456-CFB7-711B-B1B3F9A12727}" = Catalyst Control Center Localization Hungarian
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E790D4DB-3418-482A-D703-89C50EC2FF81}" = CCC Help Czech
"{E9C2567D-F0E7-C47F-7C91-F43F5D3367EB}" = Skins
"{EB5F211D-85D5-44C4-BB15-1207C77EF430}" = Visual C++ 8.0 Runtime Setup Package
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F9CA0C53-EE6B-B5FB-D735-95F822A87522}" = Catalyst Control Center Localization Dutch
"{FCA257D5-ABC8-440F-BCE0-AA9EFA383C87}" = Catalyst Control Center - Branding
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"AVG9Uninstall" = AVG Free 9.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"EA Download Manager" = EA Download Manager
"ie8" = Windows Internet Explorer 8
"InstallShield_{5314FAC0-F8A5-4432-8980-251D055B2C5B}" = Belkin Wireless Utility
"Lexmark 1300 Series" = Lexmark 1300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/2/2010 1:31:32 PM | Computer Name = ALLI | Source = Application Error | ID = 1000
Description = Faulting application belkinwcui.exe, version 1.0.0.8, faulting module
belkinwcui.exe, version 1.0.0.8, fault address 0x00016839.

Error - 4/5/2010 12:25:30 PM | Computer Name = ALLI | Source = Application Error | ID = 1000
Description = Faulting application belkinwcui.exe, version 1.0.0.8, faulting module
belkinwcui.exe, version 1.0.0.8, fault address 0x0001683c.

Error - 4/6/2010 7:29:41 PM | Computer Name = ALLI | Source = MsiInstaller | ID = 11706
Description = Product: Sid Meier's Civilization 4 -- Error 1706.No valid source
could be found for product Sid Meier's Civilization 4. The Windows Installer cannot
continue.

Error - 4/15/2010 9:54:07 PM | Computer Name = ALLI | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3726, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/27/2010 8:03:30 PM | Computer Name = ALLI | Source = Application Hang | ID = 1002
Description = Hanging application TS3EP01.exe, version 0.2.0.98, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/8/2010 12:48:45 PM | Computer Name = ALLI | Source = Application Error | ID = 1000
Description = Faulting application belkinwcui.exe, version 1.0.0.8, faulting module
belkinwcui.exe, version 1.0.0.8, fault address 0x00016839.

Error - 5/19/2010 10:37:39 PM | Computer Name = ALLI | Source = Application Error | ID = 1000
Description = Faulting application belkinwcui.exe, version 1.0.0.8, faulting module
belkinwcui.exe, version 1.0.0.8, fault address 0x00009bf5.

Error - 5/20/2010 11:56:37 PM | Computer Name = ALLI | Source = Application Error | ID = 1000
Description = Faulting application belkinwcui.exe, version 1.0.0.8, faulting module
belkinwcui.exe, version 1.0.0.8, fault address 0x00009bf5.

Error - 5/23/2010 11:35:38 AM | Computer Name = ALLI | Source = Application Error | ID = 1000
Description = Faulting application belkinwcui.exe, version 1.0.0.8, faulting module
belkinwcui.exe, version 1.0.0.8, fault address 0x00009bf5.

[ System Events ]
Error - 8/13/2010 5:43:26 PM | Computer Name = ALLI | Source = Service Control Manager | ID = 7000
Description = The lxdcCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 8/13/2010 7:29:15 PM | Computer Name = ALLI | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 8/13/2010 7:29:15 PM | Computer Name = ALLI | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdcCATSCustConnectService
service to connect.


#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:18 AM

Posted 14 August 2010 - 01:06 PM

Hi you have more than one antivirus product running at the same time you only need one.
Please uninstall all but one.

Please do not proceed before doing this as it will block the removal process.
============================
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 AlyRuth

AlyRuth
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta, GA, USA
  • Local time:11:18 PM

Posted 14 August 2010 - 01:38 PM

Ran fine. Here's the log. I'll restart and update this post to tell you if I get any packets.

Update: Still getting packets. :/

ComboFix 10-08-14.01 - Aly 08/14/2010 14:27:02.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.1110 [GMT -4:00]
Running from: c:\documents and settings\Aly\My Documents\Downloads\ComboFix.exe
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2010-07-14 to 2010-08-14 )))))))))))))))))))))))))))))))
.

2010-08-13 19:56 . 2010-08-13 19:56 -------- d-----w- c:\documents and settings\Aly\Local Settings\Application Data\PCHealth
2010-08-13 19:56 . 2010-08-13 19:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-08-07 22:28 . 2010-08-07 22:28 503808 ----a-w- c:\documents and settings\Aly\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-76c71e82-n\msvcp71.dll
2010-08-07 22:28 . 2010-08-07 22:28 499712 ----a-w- c:\documents and settings\Aly\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-76c71e82-n\jmc.dll
2010-08-07 22:28 . 2010-08-07 22:28 12800 ----a-w- c:\documents and settings\Aly\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-22ee0043-n\decora-d3d.dll
2010-08-07 22:28 . 2010-08-07 22:28 61440 ----a-w- c:\documents and settings\Aly\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-22ee0043-n\decora-sse.dll
2010-08-07 22:28 . 2010-08-07 22:28 348160 ----a-w- c:\documents and settings\Aly\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-76c71e82-n\msvcr71.dll
2010-08-02 23:56 . 2010-08-02 23:56 -------- d-----w- c:\documents and settings\Aly\DoctorWeb
2010-08-02 23:34 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-01 21:24 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-01 20:20 . 2010-08-01 20:20 4224 ----a-w- c:\windows\system32\drivers\RDPCDD.SYS
2010-08-01 17:17 . 2010-08-01 17:17 -------- d-----w- c:\documents and settings\Aly\Application Data\CheckPoint
2010-08-01 17:17 . 2010-07-26 21:42 52224 ----a-w- c:\documents and settings\Aly\Application Data\Mozilla\Firefox\Profiles\egz68bbg.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll
2010-08-01 17:17 . 2010-07-26 21:42 101376 ----a-w- c:\documents and settings\Aly\Application Data\Mozilla\Firefox\Profiles\egz68bbg.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll
2010-08-01 17:12 . 2010-08-07 18:06 -------- d-----w- c:\documents and settings\Aly\Local Settings\Application Data\Conduit
2010-08-01 17:12 . 2010-08-01 17:12 -------- d-----w- c:\program files\Conduit
2010-08-01 17:12 . 2010-08-07 18:06 -------- d-----w- c:\documents and settings\Aly\Local Settings\Application Data\ZoneAlarm
2010-08-01 17:12 . 2010-08-01 17:12 -------- d-----w- c:\program files\ZoneAlarm
2010-08-01 17:10 . 2010-08-14 18:29 -------- d-----w- c:\windows\Internet Logs
2010-07-25 18:22 . 2010-07-25 18:23 -------- d-----w- c:\documents and settings\Aly\Application Data\SPORE
2010-07-22 23:29 . 2010-07-22 23:28 53632 ----a-w- c:\documents and settings\Aly\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-20 23:55 . 2010-07-20 23:55 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-20 23:55 . 2010-07-20 23:55 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-20 23:55 . 2010-07-20 23:55 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe
2010-07-20 23:55 . 2010-07-20 23:55 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-17 19:09 . 2010-07-17 19:09 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-17 19:09 . 2010-07-17 19:09 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-17 19:08 . 2010-07-17 19:08 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-17 19:08 . 2010-07-17 19:08 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-17 19:08 . 2010-07-17 19:08 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-17 19:08 . 2010-07-17 19:08 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-14 18:21 . 2009-12-13 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-08-14 18:16 . 2009-12-13 20:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-14 18:14 . 2009-12-13 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-07 17:16 . 2009-12-14 03:13 1 ----a-w- c:\documents and settings\Aly\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-01 17:11 . 2010-08-01 17:11 -------- d-----w- c:\program files\CheckPoint
2010-08-01 17:11 . 2010-08-01 17:11 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-06-23 13:44 . 2006-02-28 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-02-28 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-02-28 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-12-13 18:21 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 02:15 . 2010-06-11 02:15 503808 ----a-w- c:\documents and settings\Aly\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-16f8f9d0-n\msvcp71.dll
2010-06-11 02:15 . 2010-06-11 02:15 499712 ----a-w- c:\documents and settings\Aly\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-16f8f9d0-n\jmc.dll
2010-06-11 02:15 . 2010-06-11 02:15 348160 ----a-w- c:\documents and settings\Aly\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-16f8f9d0-n\msvcr71.dll
2010-06-11 02:15 . 2010-06-11 02:15 61440 ----a-w- c:\documents and settings\Aly\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-78c61ca7-n\decora-sse.dll
2010-06-11 02:15 . 2010-06-11 02:15 12800 ----a-w- c:\documents and settings\Aly\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-78c61ca7-n\decora-d3d.dll
2010-05-30 18:31 . 2010-05-30 18:31 537 ----a-w- c:\windows\eReg.dat
2010-05-28 16:23 . 2010-05-15 18:47 87 ----a-w- c:\documents and settings\Aly\jagex_runescape_preferences2.dat
2010-05-28 16:21 . 2010-05-15 17:16 42 ----a-w- c:\documents and settings\Aly\jagex_runescape_preferences.dat
2010-05-23 01:43 . 2010-05-23 01:43 17280 ----a-w- c:\documents and settings\Lynn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2010-05-09 15:50 2517088 ----a-w- c:\program files\ZoneAlarm\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"lxdcamon"="c:\program files\Lexmark 1300 Series\lxdcamon.exe" [2009-04-27 25256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Aly\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Utility.lnk - c:\program files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe [2005-8-18 1388544]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdccoms.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\App4R.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdctime.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56206:TCP"= 56206:TCP:Pando Media Booster
"56206:UDP"= 56206:UDP:Pando Media Booster
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [5/26/2010 9:35 AM 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [5/26/2010 9:35 AM 493032]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\drivers\BLKWGD.sys [12/13/2009 3:36 PM 463872]
R3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [4/21/2004 6:51 PM 16384]
R4 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]
S2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdcserv.exe [4/18/2010 11:43 AM 99248]
S3 pnicml;pnicml;\??\c:\docume~1\Aly\LOCALS~1\Temp\pnicml.sys --> c:\docume~1\Aly\LOCALS~1\Temp\pnicml.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7/1/2010 1:14 PM 27064]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - AvgLdx86
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Aly\Application Data\Mozilla\Firefox\Profiles\egz68bbg.default\
FF - component: c:\documents and settings\Aly\Application Data\Mozilla\Firefox\Profiles\egz68bbg.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Aly\Application Data\Mozilla\Firefox\Profiles\egz68bbg.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-lxdcmon.exe - c:\program files\Lexmark 1300 Series\lxdcmon.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-14 14:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-746137067-602162358-839522115-1005\Software\SecuROM\License information*]
"datasecu"=hex:7e,ff,11,41,be,16,27,f5,8c,aa,11,5e,3e,9c,36,e8,3d,1d,fd,94,c2,
81,4f,30,34,78,5f,60,9e,53,f7,81,92,64,4d,5e,60,cf,fd,ad,29,60,e3,f2,3e,10,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\Ati2evxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(860)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'explorer.exe'(14016)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-14 14:33:41
ComboFix-quarantined-files.txt 2010-08-14 18:33

Pre-Run: 471,176,048,640 bytes free
Post-Run: 471,476,391,936 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 881AB4026DA99C3D9EA2EDE02B2F6FA5

Edited by AlyRuth, 14 August 2010 - 01:42 PM.


#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:18 AM

Posted 14 August 2010 - 04:28 PM

  1. Please download mbrcheck from Here
  2. Save that file to your desktop and double click on it to run it.
  3. It will show a Black screen with some data on it then hit any key to continue.
  4. Once it finishes there will be a log produced on your desktop that is labeled mbrcheck*.txt (where the * is date)
  5. Please post the contents of that log in your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 AlyRuth

AlyRuth
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta, GA, USA
  • Local time:11:18 PM

Posted 15 August 2010 - 01:26 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 120):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA671000 amdide.sys
0xBA0E8000 VolSnap.sys
0xB9F31000 atapi.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9F11000 fltmgr.sys
0xB9EFF000 sr.sys
0xB9EE8000 KSecDD.sys
0xB9E5B000 Ntfs.sys
0xB9E2E000 NDIS.sys
0xB9E14000 Mup.sys
0xBA298000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xB79A7000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB7993000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB796B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB7951000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB792D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3D8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB790A000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA568000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB7898000 \SystemRoot\system32\DRIVERS\BLKWGD.sys
0xBA730000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA56C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB7881000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA308000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA318000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB7870000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA138000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA148000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA400000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5BE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB7812000 \SystemRoot\system32\DRIVERS\update.sys
0xBA57C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA158000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5C4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA168000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA75F2000 \SystemRoot\system32\drivers\AtiHdAud.sys
0xA75CE000 \SystemRoot\system32\drivers\portcls.sys
0xBA198000 \SystemRoot\system32\drivers\drmk.sys
0xA7123000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xBA5CC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7AF000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5CE000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA420000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA428000 \SystemRoot\System32\drivers\vga.sys
0xBA5D0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5D2000 \SystemRoot\SYSTEM32\DRIVERS\RDPCDD.SYS
0xBA430000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA438000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA54C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA70A0000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA7047000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA701F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA6FF9000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA6F78000 \SystemRoot\System32\vsdatant.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA6F56000 \SystemRoot\System32\drivers\afd.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA6E8B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA6E1B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA218000 \SystemRoot\System32\Drivers\Fips.SYS
0xB775E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA228000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB775A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA440000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xBA448000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB7752000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA278000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA6DDB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA612000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA70FB000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA458000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA765000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF05F000 \SystemRoot\System32\ati2cqag.dll
0xBF0DE000 \SystemRoot\System32\atikvmag.dll
0xBF14E000 \SystemRoot\System32\atiok3x2.dll
0xBF17C000 \SystemRoot\System32\ati3duag.dll
0xBF484000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA467A000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA466E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA488000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0xA4225000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA40DE000 \SystemRoot\system32\DRIVERS\srv.sys
0xA3E99000 \SystemRoot\system32\drivers\wdmaud.sys
0xA402E000 \SystemRoot\system32\drivers\sysaudio.sys
0xA3A70000 \SystemRoot\System32\Drivers\HTTP.sys
0xA3B6D000 \??\C:\WINDOWS\system32\wlanndi5.SYS
0xA3545000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 40):
0 System Idle Process
4 System
684 C:\WINDOWS\system32\smss.exe
752 csrss.exe
788 C:\WINDOWS\system32\winlogon.exe
832 C:\WINDOWS\system32\services.exe
844 C:\WINDOWS\system32\lsass.exe
1004 C:\WINDOWS\system32\ati2evxx.exe
1020 C:\WINDOWS\system32\svchost.exe
1092 svchost.exe
1140 C:\WINDOWS\system32\svchost.exe
1260 svchost.exe
1288 svchost.exe
1324 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
1428 C:\WINDOWS\system32\ati2evxx.exe
1728 C:\WINDOWS\explorer.exe
1916 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
1972 C:\WINDOWS\system32\spoolsv.exe
116 svchost.exe
168 C:\WINDOWS\system32\acs.exe
188 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
248 C:\Program Files\Java\jre6\bin\jqs.exe
484 C:\WINDOWS\system32\lxdccoms.exe
564 C:\WINDOWS\system32\svchost.exe
720 C:\WINDOWS\system32\wuauclt.exe
2180 alg.exe
2416 C:\WINDOWS\system32\wscntfy.exe
2476 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2504 C:\WINDOWS\RTHDCPL.exe
2512 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2532 C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
2548 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
2556 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2572 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
2664 C:\Program Files\OpenOffice.org 3\program\soffice.exe
2796 C:\Program Files\OpenOffice.org 3\program\soffice.bin
3100 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3232 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
3472 C:\Program Files\Mozilla Firefox\firefox.exe
3808 C:\Documents and Settings\Aly\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AACS-00ZUB0, Rev: 01.01B01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:18 AM

Posted 15 August 2010 - 02:15 PM

Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit)

C:\WINDOWS\system32\svchost.exeThis will produce a report after the scan is complete, please copy and paste those results in your next post.


Also what does Gmer do when you try to run it?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 AlyRuth

AlyRuth
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta, GA, USA
  • Local time:11:18 PM

Posted 15 August 2010 - 04:05 PM

Found nothing. Here's the report. Anyway, as for Gmer, it'll run fine, but then at seemingly random points in time during a scan--or even before the scan sometimes--it'll lock up everything on my computer except the mouse pointer. I can't even CTRL ALT DEL, close, etc. I have to manually reset it.

Antivirus Version Last Update Result
AhnLab-V3 2010.08.15.01 2010.08.15 -
AntiVir 8.2.4.34 2010.08.15 -
Antiy-AVL 2.0.3.7 2010.08.11 -
Authentium 5.2.0.5 2010.08.15 -
Avast 4.8.1351.0 2010.08.15 -
Avast5 5.0.332.0 2010.08.15 -
AVG 9.0.0.851 2010.08.15 -
BitDefender 7.2 2010.08.15 -
CAT-QuickHeal 11.00 2010.08.14 -
ClamAV 0.96.0.3-git 2010.08.15 -
Comodo 5750 2010.08.15 -
DrWeb 5.0.2.03300 2010.08.15 -
Emsisoft 5.0.0.37 2010.08.15 -
eSafe 7.0.17.0 2010.08.15 -
eTrust-Vet 36.1.7790 2010.08.13 -
F-Prot 4.6.1.107 2010.08.14 -
F-Secure 9.0.15370.0 2010.08.15 -
Fortinet 4.1.143.0 2010.08.15 -
GData 21 2010.08.15 -
Ikarus T3.1.1.88.0 2010.08.15 -
Jiangmin 13.0.900 2010.08.15 -
Kaspersky 7.0.0.125 2010.08.15 -
McAfee 5.400.0.1158 2010.08.15 -
McAfee-GW-Edition 2010.1 2010.08.15 -
Microsoft 1.6004 2010.08.15 -
NOD32 5368 2010.08.15 -
Norman 6.05.11 2010.08.15 -
nProtect 2010-08-15.01 2010.08.15 -
Panda 10.0.2.7 2010.08.15 -
PCTools 7.0.3.5 2010.08.15 -
Prevx 3.0 2010.08.15 -
Rising 22.60.06.04 2010.08.15 -
Sophos 4.56.0 2010.08.15 -
Sunbelt 6738 2010.08.15 -
SUPERAntiSpyware 4.40.0.1006 2010.08.15 -
Symantec 20101.1.1.7 2010.08.15 -
TheHacker 6.5.2.1.348 2010.08.15 -
TrendMicro 9.120.0.1004 2010.08.15 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.15 -
VBA32 3.12.14.0 2010.08.13 -
ViRobot 2010.8.9.3978 2010.08.15 -
VirusBuster 5.0.27.0 2010.08.15 -
Additional information
Show all
MD5 : 27c6d03bcdb8cfeb96b716f3d8be3e18
SHA1 : 49083ae3725a0488e0a8fbbe1335c745f70c4667
SHA256: 2910ebc692d833d949bfd56059e8106d324a276d5f165f874f3fb1b6c613cdd5
ssdeep: 384:IDvi+JmG6yqlCRaJt4RHS5LutGJae7g9VJnpWCNJbW:INcG6xlCRaJKGOA7SHJ
File size : 14336 bytes
First seen: 2008-05-01 02:35:20
Last seen : 2010-08-15 21:01:06
TrID:
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: © Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Generic Host Process for Win32 Services
original name: svchost.exe
internal name: svchost.exe
file version.: 5.1.2600.5512 (xpsp.080413-2111)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x2509
timedatestamp....: 0x48025BC0 (Sun Apr 13 19:15:12 2008)
machinetype......: 0x14c (I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x2C00, 0x2C00, 6.29, f6589e1ed3da6afefb0b4294d9ff7f2e
.data, 0x4000, 0x210, 0x200, 1.62, cbd504e46c836e09e8faabdcfbabaec2
.rsrc, 0x5000, 0x408, 0x600, 2.51, dcede0c303bbb48c6875eb64477e5882

[[ 4 import(s) ]]
ADVAPI32.dll: RegQueryValueExW, SetSecurityDescriptorDacl, SetEntriesInAclW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetServiceStatus, RegisterServiceCtrlHandlerW, RegCloseKey, RegOpenKeyExW, StartServiceCtrlDispatcherW
KERNEL32.dll: HeapFree, GetLastError, WideCharToMultiByte, lstrlenW, LocalFree, GetCurrentProcess, GetCurrentThread, GetProcAddress, LoadLibraryExW, LeaveCriticalSection, HeapAlloc, EnterCriticalSection, LCMapStringW, FreeLibrary, lstrcpyW, ExpandEnvironmentStringsW, lstrcmpiW, ExitProcess, GetCommandLineW, InitializeCriticalSection, GetProcessHeap, SetErrorMode, SetUnhandledExceptionFilter, RegisterWaitForSingleObject, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, LocalAlloc, lstrcmpW, DelayLoadFailureHook
ntdll.dll: NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, wcscat, wcscpy, RtlAllocateHeap, RtlCompareUnicodeString, RtlInitUnicodeString, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtClose, RtlSubAuthorityCountSid, RtlGetDaclSecurityDescriptor, RtlQueryInformationAcl, RtlGetAce, RtlImageNtHeader, wcslen, RtlUnhandledExceptionFilter, RtlCopySid
RPCRT4.dll: RpcServerUnregisterIfEx, RpcMgmtWaitServerListen, RpcMgmtSetServerStackSize, RpcServerUnregisterIf, RpcServerListen, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcMapWin32Status, RpcMgmtStopServerListening

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:18 AM

Posted 15 August 2010 - 07:19 PM

Hi I see nothing in your logs to indicate an infection.
Use it for a few days and let me know if anything has changed ex alureon returning.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:18 AM

Posted 22 November 2010 - 07:11 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users