|
-
July 30th, 2010, 04:03 PM
#1
I have a virus of some kind; please help
I have a virus that avast picked up and move it to its virus chest called Win32 Malware and Win32 Hilot; Win32: Kuang2 . I cannot get to windows update page. I have XP. Computer running very slow. Here first is the Malwarebyte log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4370
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/30/2010 1:51:37 PM
mbam-log-2010-07-30 (13-51-37).txt
Scan type: Quick scan
Objects scanned: 145639
Time elapsed: 15 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
July 30th, 2010, 04:05 PM
#2
GMER log
Here is the GMER log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-30 15:00:00
Windows 5.1.2600 Service Pack 3
Running: 6qj9w7dh.exe; Driver: C:\DOCUME~1\admin\LOCALS~1\Temp\ugtdipoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA95AB6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA95AB574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA95ABA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA95AB14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA95AB64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA95AB08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA95AB0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA95AB76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA95AB72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA95AB8AE]
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF8204F80]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[572] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D9000A
.text C:\WINDOWS\Explorer.EXE[572] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DA000A
.text C:\WINDOWS\Explorer.EXE[572] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00AB000C
.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0084000A
.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0085000A
.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 003D000C
.text C:\WINDOWS\System32\svchost.exe[1100] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00F9000A
.text C:\WINDOWS\system32\SearchIndexer.exe[1904] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[1968] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006C000A
.text C:\WINDOWS\system32\wuauclt.exe[1968] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\wuauclt.exe[1968] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 003E000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C7000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00FD000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C6000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01449315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 01524832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 0163E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 0163DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 0163DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 0163DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 0163DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 0163E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3676] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 0163DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3748] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B1000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3748] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B2000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3748] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B0000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3748] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01449315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3748] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0151DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3748] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 0151DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3748] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 01524832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3748] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01481CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3748] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 0163E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3748] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 0163DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3748] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 0163DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3748] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 0163DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3748] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 0163DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3748] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 0163E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3748] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 0163DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3748] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0152488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[720] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002
IAT C:\WINDOWS\system32\services.exe[720] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000
IAT C:\Program Files\Internet Explorer\iexplore.exe[3748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00B518FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A80D3D20
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
-
July 30th, 2010, 04:20 PM
#3
DDS logs
Here are the DDS logs:
DDS (Ver_10-03-17.01) - NTFSx86
Run by admin at 15:48:42.32 on Fri 07/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.174 [GMT -4:00]
AV: avast! antivirus 4.8.1368 [VPS 100730-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\MDM.EXE
C:\Documents and Settings\admin\Desktop\dds.pif
============== Pseudo HJT Report ===============
uStart Page = hxxp://us.mg1.mail.yahoo.com/dc/launch?.rand=bn7ggb95hdrnu
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: ameritrade.com\wwws
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\support
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www.update
Trusted Zone: windowsupdate.com
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} - hxxps://ethanallen-mc.on.webvisuals.net/confmgr/installs/ICWMInstall.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.39/uploader2.cab
DPF: {53D40FAA-4E21-459F-AA87-E4D97FC3245A} - hxxp://www.furniture-pro.com/downloads/agents/setup.exe
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {61F38134-94CB-491C-AECA-37B387E73C23} - hxxps://copperevents.on.webvisuals.net/confmgr/mount/27518/branding/installs/ICWMInstall.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265154828500
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265154818312
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Kashi/Coupons.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://constantcontact.webex.com/client/T26L/training/ieatgpc.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
============= SERVICES / DRIVERS ===============
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-1-22 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-11 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-11 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-11-11 138680]
R2 RDIConverterPrintHelper;RDI Document Conversion Helper;c:\program files\common files\icwm\printer\RDIConverterService.exe [2008-1-17 59392]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-11-11 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-11-11 352920]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-1-16 30192]
S3 iTivityODConnector;iTivity Live Support Connector Direct;c:\program files\itivity\bin\connector_od.exe [2006-1-20 469875]
S3 iTivityODConnectToIASConnector;iTivity Live Support Connector To IAS;c:\program files\itivity\bin\connector_od.exe [2006-1-20 469875]
S3 iTivityODController;iTivity Live Support Controller;c:\program files\itivity\bin\processor_od.exe [2006-1-20 444175]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S3 TridiaFTPServer;TridiaFTP Server;c:\program files\itivity\bin\ftpd.exe [2006-1-20 536640]
=============== Created Last 30 ================
2010-07-30 17:33:52 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes
2010-07-30 17:33:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-30 17:33:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-30 17:33:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-30 17:33:26 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-29 23:44:24 0 d-sh--w- c:\documents and settings\admin\IECompatCache
2010-07-29 23:32:35 0 dc-h--w- c:\windows\ie8
2010-07-29 21:39:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-07-28 20:28:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-07-28 20:28:46 423656 ----a-w- c:\windows\system32\deployJava1.dll
==================== Find3M ====================
2009-01-22 20:26:09 3165824 ----a-w- c:\program files\ccsetup215.exe
2008-12-08 22:50:19 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120820081209\index.dat
============= FINISH: 15:50:29.18 ===============
-
July 30th, 2010, 04:21 PM
#4
DDS Attach log
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/20/2006 5:14:44 PM
System Uptime: 7/30/2010 3:03:49 PM (0 hours ago)
Motherboard: Dell Inc. | | 0F8101
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 74 GiB total, 57.646 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP742: 7/29/2010 5:35:43 PM - System Checkpoint
RP743: 7/29/2010 7:34:27 PM - Installed Windows Internet Explorer 8.
==== Installed Programs ======================
A-PDF Page Master 1.7
Ad-Aware SE Personal
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player 11.5
Apple Software Update
avast! Antivirus
Bluebeam PDF Revu Standard v8.0.0
Broadcom Advanced Control Suite
CCleaner
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
DING!
FOX News Live
Furniture-Pro 16.2
Google AFE
Google Desktop
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting/GoToWebinar 3.0.0.198
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Intel(R) Graphics Media Accelerator Driver
iTivity Support Agent
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 21
Lexmark Software Uninstall
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft User-Mode Driver Framework Feature Pack 1.0
ML-1450 Series
Mobile Broadband Generic Drivers
MSN Music Assistant
MSXML 6.0 Parser
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
Panasonic KX-P7105 and KX-P7110 Ver1.30
Panda ActiveScan 2.0
Policies Now 6
PowerDVD 5.5
QuickTime
Samsung SCX-6x20 Series
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Spybot - Search & Destroy 1.4
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb977719)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VZAccess Manager
Web Visuals Client
WebEx
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
7/29/2010 4:22:21 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
7/29/2010 4:22:21 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/29/2010 4:19:50 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.
7/29/2010 4:19:47 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/29/2010 4:19:47 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
7/29/2010 4:13:28 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\WININET.dll. Reference error message: Error Message is unavailable .
7/29/2010 4:13:27 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\urlmon.dll. Reference error message: Error Message is unavailable .
7/29/2010 4:13:27 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\SHELL32.dll. Reference error message: The operation completed successfully. .
7/28/2010 5:21:58 PM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s).
7/28/2010 5:20:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
7/28/2010 5:20:54 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/26/2010 4:47:25 PM, error: Service Control Manager [7023] - The 6to4 service terminated with the following error: The specified module could not be found.
==== End Of File ===========================
-
July 30th, 2010, 06:30 PM
#5
Download MBRCheck to your desktop
Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
=============================================================
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
July 31st, 2010, 08:36 PM
#6
MBR log
MBRCheck, version 1.1.1
(c) 2010, AD
\\.\C: --> \\.\PhysicalDrive0
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
Done! Press ENTER to exit...
-
July 31st, 2010, 08:49 PM
#7
-
July 31st, 2010, 09:01 PM
#8
Combofix (see my note)
Please note that when I first tried to run combofix, it "hung" for over 6 hours at the "Scanning for infected files....this typically doesn't take more than 10 minutes. However scan time for badly infected machines may easily double". Nothing else happened. So after 6 hours, I decided to restart machine and RERUN combofix and it ran quickly and fine. Here is the log:
ComboFix 10-07-31.02 - admin 07/31/2010 20:44:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.300 [GMT -4:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100731-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\admin\g2mdlhlpx.exe
c:\documents and settings\admin\GoToAssistDownloadHelper.exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
c:\program files\QuickTime\Plugins\npqtplugin2.dll
c:\program files\QuickTime\Plugins\npqtplugin3.dll
c:\program files\QuickTime\Plugins\npqtplugin4.dll
c:\program files\QuickTime\Plugins\npqtplugin5.dll
c:\program files\QuickTime\Plugins\npqtplugin6.dll
c:\program files\QuickTime\Plugins\npqtplugin7.dll
----- BITS: Possible infected sites -----
hxxp://download.wij+|Cv+@J:NGD_DQ{zcxLJS@LSN
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
((((((((((((((((((((((((( Files Created from 2010-07-01 to 2010-08-01 )))))))))))))))))))))))))))))))
.
2010-07-30 17:33 . 2010-07-30 17:33 -------- d-----w- c:\documents and settings\admin\Application Data\Malwarebytes
2010-07-30 17:33 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-30 17:33 . 2010-07-30 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-30 17:33 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-30 17:33 . 2010-07-30 17:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-29 23:44 . 2010-07-29 23:44 -------- d-sh--w- c:\documents and settings\admin\IECompatCache
2010-07-29 23:32 . 2010-07-29 23:35 -------- dc-h--w- c:\windows\ie8
2010-07-29 22:59 . 2010-07-29 22:59 0 ----a-w- c:\windows\nsreg.dat
2010-07-29 22:58 . 2010-07-29 22:58 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Mozilla
2010-07-29 21:39 . 2010-07-29 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-29 21:39 . 2010-07-29 21:42 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\NPE
2010-07-28 20:33 . 2010-07-28 20:33 503808 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-46ec8c1e-n\msvcp71.dll
2010-07-28 20:33 . 2010-07-28 20:33 499712 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-46ec8c1e-n\jmc.dll
2010-07-28 20:33 . 2010-07-28 20:33 12800 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-53ddb7fd-n\decora-d3d.dll
2010-07-28 20:33 . 2010-07-28 20:33 61440 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-53ddb7fd-n\decora-sse.dll
2010-07-28 20:33 . 2010-07-28 20:33 348160 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-46ec8c1e-n\msvcr71.dll
2010-07-28 20:28 . 2010-07-28 20:27 423656 ----a-w- c:\windows\system32\deployJava1.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-29 17:58 . 2010-02-16 21:38 -------- d-----w- c:\program files\A-PDF Page Master
2010-07-28 20:36 . 2009-01-22 20:24 -------- d-----w- c:\program files\CCleaner
2010-07-28 20:34 . 2006-01-16 17:47 -------- d-----w- c:\program files\Common Files\Java
2010-07-28 20:27 . 2006-01-16 17:47 -------- d-----w- c:\program files\Java
2010-06-23 17:13 . 2010-06-23 17:13 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb4.tmp.exe
2010-05-27 17:01 . 2009-09-09 11:43 38784 ----a-w- c:\documents and settings\admin\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-01-22 20:26 . 2009-01-22 20:26 3165824 ----a-w- c:\program files\ccsetup215.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKLM\~\startupfolder\C:^Documents and Settings^admin^Start Menu^Programs^Startup^DING!.lnk]
path=c:\documents and settings\admin\Start Menu\Programs\Startup\DING!.lnk
backup=c:\windows\pss\DING!.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BbInstallUser]
2010-02-08 19:40 38560 ----a-w- c:\program files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BbPrintMonitor]
2009-09-24 14:08 173216 ----a-w- c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-06-14 18:41 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 21:32 77824 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 21:36 114688 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 21:35 94208 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTivityODConnector]
2007-11-03 21:57 469875 ----a-w- c:\program files\iTivity\bin\connector_od.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTivityODController]
2007-11-03 21:57 444175 ----a-w- c:\program files\iTivity\bin\processor_od.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 14:36 256576 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-16 16:57 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LMabcoms.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [1/22/2009 3:07 PM 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/11/2009 6:28 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/11/2009 6:28 PM 20560]
R2 RDIConverterPrintHelper;RDI Document Conversion Helper;c:\program files\Common Files\ICWM\Printer\RDIConverterService.exe [1/17/2008 9:41 AM 59392]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 3:21 PM 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/16/2006 1:49 PM 30192]
S3 iTivityODConnector;iTivity Live Support Connector Direct;c:\program files\iTivity\bin\connector_od.exe [1/20/2006 6:43 PM 469875]
S3 iTivityODConnectToIASConnector;iTivity Live Support Connector To IAS;c:\program files\iTivity\bin\connector_od.exe [1/20/2006 6:43 PM 469875]
S3 iTivityODController;iTivity Live Support Controller;c:\program files\iTivity\bin\processor_od.exe [1/20/2006 6:43 PM 444175]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 1:23 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 12:08 PM 174336]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 8:03 PM 32408]
S3 TridiaFTPServer;TridiaFTP Server;c:\program files\iTivity\bin\ftpd.exe [1/20/2006 6:43 PM 536640]
.
Contents of the 'Scheduled Tasks' folder
2009-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42]
2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 19:21]
2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 19:21]
2010-08-01 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mg1.mail.yahoo.com/dc/launch?.rand=bn7ggb95hdrnu
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: ameritrade.com\wwws
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\support
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www.update
Trusted Zone: windowsupdate.com
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} - hxxps://ethanallen-mc.on.webvisuals.net/confmgr/installs/ICWMInstall.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.39/uploader2.cab
DPF: {53D40FAA-4E21-459F-AA87-E4D97FC3245A} - hxxp://www.furniture-pro.com/downloads/agents/setup.exe
.
- - - - ORPHANS REMOVED - - - -
Notify-NavLogon - (no file)
MSConfigStartUp-xgukxzrvux - c:\xgukxzrvux.exe\xgukxzrvux.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-31 20:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3040)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2010-07-31 20:57:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-01 00:57
Pre-Run: 61,759,045,632 bytes free
Post-Run: 62,072,905,728 bytes free
- - End Of File - - 904427636EBE5D8A2E53503540A8A388
-
July 31st, 2010, 09:54 PM
#9
I decided to restart machine and RERUN combofix and it ran quickly and fine
Yeah, sometimes this is what you have to do.
The log looks good now 
Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.
================================================================
Download OTL to your Desktop.
* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
-
August 1st, 2010, 02:00 PM
#10
OTL text (first part)
By the way, computer running much faster and I can now get into Windows Update (although I have NOT downloaded anything new from there)
OTL logfile created on: 8/1/2010 1:46:50 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
502.00 Mb Total Physical Memory | 236.00 Mb Available Physical Memory | 47.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 58.27 Gb Free Space | 78.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TAMPA4
Current User Name: admin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/01 13:44:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
PRC - [2009/11/24 19:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/17 09:41:40 | 000,059,392 | ---- | M] (Web Visuals) -- C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
PRC - [2007/07/16 12:57:18 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
========== Modules (SafeList) ==========
MOD - [2010/08/01 13:44:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010/06/14 14:41:29 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/17 09:41:40 | 000,059,392 | ---- | M] (Web Visuals) [Auto | Running] -- C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe -- (RDIConverterPrintHelper)
SRV - [2007/11/03 17:57:56 | 000,444,175 | ---- | M] (Tridia Corporation) [On_Demand | Stopped] -- C:\Program Files\iTivity\bin\processor_od.exe -- (iTivityODController)
SRV - [2007/11/03 17:57:20 | 000,469,875 | ---- | M] (Tridia Corporation) [On_Demand | Stopped] -- C:\Program Files\iTivity\bin\connector_od.exe -- (iTivityODConnectToIASConnector)
SRV - [2007/11/03 17:57:20 | 000,469,875 | ---- | M] (Tridia Corporation) [On_Demand | Stopped] -- C:\Program Files\iTivity\bin\connector_od.exe -- (iTivityODConnector)
SRV - [2007/07/16 17:48:10 | 000,536,640 | ---- | M] (Tridia Corporation) [On_Demand | Stopped] -- C:\Program Files\iTivity\bin\ftpd.exe -- (TridiaFTPServer)
SRV - [2005/06/14 17:40:54 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\LMabcoms.exe -- (lmab_device)
SRV - [2004/07/14 18:49:48 | 000,278,528 | ---- | M] (Tridia Corporation) [On_Demand | Stopped] -- C:\Program Files\iTivity\bin\WinVNC.exe -- (winvnc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2009/11/24 19:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 19:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 19:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/15 07:56:14 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/09/15 07:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 07:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/03/20 20:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/07/07 13:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/06/19 18:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/06/02 17:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2005/04/01 18:52:46 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 16:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/05/17 23:04:16 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
-
August 1st, 2010, 02:01 PM
#11
OTL log second part
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mg1.mail.yahoo.com/dc/laun...=bn7ggb95hdrnu
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
[2010/07/29 18:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Extensions
[2010/07/29 18:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\oxwutaf2.default\extensions
[2010/07/29 18:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\oxwutaf2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/29 18:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\oxwutaf2.default\extensions\staged-xpis
O1 HOSTS File: ([2010/07/31 20:53:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ameritrade.com ([wwws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} https://ethanallen-mc.on.webvisuals....CWMInstall.cab (ICWMInstallObj Class)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/actives.../as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/56.39/uploader2.cab (UploadListView Class)
O16 - DPF: {53D40FAA-4E21-459F-AA87-E4D97FC3245A} http://www.furniture-pro.com/downloads/agents/setup.exe (InstallShield Setup Player V12)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...scbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {61F38134-94CB-491C-AECA-37B387E73C23} https://copperevents.on.webvisuals.n...CWMInstall.cab (IWebVisualsInstallObj Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsof...?1265154828500 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1265154818312 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://constantcontact.webex.com/cl...ng/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: vzTCPConfig http://www2.verizon.net/help/fios_se...zTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.238.0.12 68.238.112.12 192.168.51.2
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
-
August 1st, 2010, 02:02 PM
#12
OTL log third part
CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
========== Files/Folders - Created Within 90 Days ==========
[2010/08/01 13:44:34 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2010/07/31 14:24:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/31 14:19:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/30 13:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Malwarebytes
[2010/07/30 13:33:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/30 13:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/30 13:33:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/30 13:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/30 13:32:02 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\admin\Desktop\mbam-setup-1.46.exe
[2010/07/29 19:44:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\admin\IECompatCache
[2010/07/29 19:32:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/07/29 18:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla
[2010/07/29 18:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Mozilla
[2010/07/29 17:41:10 | 005,527,408 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\admin\Desktop\NPE.exe
[2010/07/29 17:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/07/29 17:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\NPE
[2010/07/28 16:42:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\admin\Recent
[2010/07/28 16:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/23 17:21:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/23 17:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/24 16:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\Asian restaurant
[2010/06/22 14:30:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\Restaurant
[2006/05/30 16:12:04 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[11 C:\Documents and Settings\admin\My Documents\*.tmp files -> C:\Documents and Settings\admin\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/08/01 13:44:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2010/08/01 13:42:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/01 13:42:51 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/08/01 13:42:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/01 13:42:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/01 13:42:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/01 13:42:24 | 526,528,512 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/01 13:41:28 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\admin\NTUSER.DAT
[2010/08/01 13:41:28 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\admin\ntuser.ini
[2010/07/31 20:53:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/31 20:53:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/31 20:36:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/31 14:24:32 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/31 14:08:16 | 000,000,990 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/31 14:05:36 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\MBRCheck.exe
[2010/07/30 15:25:11 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\dds.pif
[2010/07/30 13:58:12 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\6qj9w7dh.exe
[2010/07/30 13:33:33 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/30 13:32:03 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\admin\Desktop\mbam-setup-1.46.exe
[2010/07/29 19:37:24 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/29 18:59:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/07/29 18:24:44 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/29 17:41:10 | 005,527,408 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\admin\Desktop\NPE.exe
[2010/07/29 14:56:00 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\EthanAllenTampaRates032609#2.XLS
[2010/07/29 14:50:04 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\EthanAllenTampa Service Rates 06252010.XLS
[2010/07/29 14:47:00 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\EthanAllenTampaRates07082010.XLS
[2010/07/28 16:36:46 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\CCleaner.lnk
[2010/07/28 16:19:46 | 000,000,515 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Shortcut to March_8_retailcall.lnk
[2010/07/23 16:55:25 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Employee BD and DOH List 2009.xls
[2010/07/23 15:05:58 | 000,146,717 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\June Sharkey.pdf
[2010/07/22 15:59:38 | 000,273,592 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\W9.pdf
[2010/07/22 14:52:40 | 000,416,386 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Joan D Bateman W9.pdf
[2010/07/21 15:35:48 | 000,095,108 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Charla Lagasse IDA app.pdf
[2010/06/24 16:29:18 | 000,086,730 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\El_Greco_Wood.pdf
[2010/06/23 13:21:07 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/23 13:21:07 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/06/22 16:18:29 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\draft to Kimco June 20 2010.doc
[2010/06/21 13:59:50 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\draft to Kimco June 20 2010 revised.doc
[2010/06/18 17:21:10 | 004,082,176 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Proto_Product_List_V2.xls
[2010/06/18 17:20:03 | 004,561,408 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Proto_Product_List-w-Fall-09-V2(1).xls
[2010/06/18 17:18:33 | 000,243,200 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Proto_Product_List-w-Fall-09-NoPhotos-V2.xls
[2010/06/18 16:30:41 | 000,408,477 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Site Plan 1 2.14.08 With Drive Through.pdf
[2010/06/18 15:21:36 | 000,442,880 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\JIAN FENG HUANG.doc
[2010/06/18 15:14:13 | 000,580,096 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Jin Liu.doc
[2010/06/18 15:05:03 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\RetLSalesRp0510Prelimwithnames.xls
[2010/06/16 15:28:07 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Letter to Linda Brown 7-18-08.doc
[2010/06/03 16:29:43 | 000,012,406 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\IDA invite revised by Rick.docx
[2010/06/02 15:53:16 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Life Insurance Trust transmittal letter.doc
[2010/06/02 15:52:20 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Life Insurance Trust Notice Letter.doc
[2010/06/02 15:46:41 | 000,012,011 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\IDA invite revised by Rick again.docx
[2010/06/01 12:21:36 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\RetLSalesRp0410FINAL.xls
[2010/05/26 12:55:23 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\IDA invite.doc
[2010/05/06 12:41:53 | 000,025,801 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\SalesOrd_2432_from_El_Greco.pdf
[2010/05/03 15:30:49 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\RetLSalesRp0310FINALWITHNAMES.xls
[11 C:\Documents and Settings\admin\My Documents\*.tmp files -> C:\Documents and Settings\admin\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[
-
August 1st, 2010, 02:03 PM
#13
OTL fourth part
color=#E56717]========== Files Created - No Company Name ==========[/color]
[2010/07/31 14:24:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/31 14:24:27 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/31 14:05:36 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\MBRCheck.exe
[2010/07/30 15:25:10 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\dds.pif
[2010/07/30 13:58:11 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\6qj9w7dh.exe
[2010/07/30 13:33:33 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/29 18:59:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/29 14:56:51 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\EthanAllenTampaRates032609#2.XLS
[2010/07/29 14:50:00 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\EthanAllenTampa Service Rates 06252010.XLS
[2010/07/29 14:47:38 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\EthanAllenTampaRates07082010.XLS
[2010/07/28 16:19:46 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Shortcut to March_8_retailcall.lnk
[2010/07/23 15:05:58 | 000,146,717 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\June Sharkey.pdf
[2010/07/22 15:59:38 | 000,273,592 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\W9.pdf
[2010/07/22 14:52:39 | 000,416,386 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Joan D Bateman W9.pdf
[2010/07/21 15:35:48 | 000,095,108 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Charla Lagasse IDA app.pdf
[2010/06/24 16:29:18 | 000,086,730 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\El_Greco_Wood.pdf
[2010/06/23 13:21:07 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/06/23 13:21:07 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/06/21 13:59:50 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\draft to Kimco June 20 2010 revised.doc
[2010/06/21 12:50:02 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\draft to Kimco June 20 2010.doc
[2010/06/18 17:21:09 | 004,082,176 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Proto_Product_List_V2.xls
[2010/06/18 17:19:58 | 004,561,408 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Proto_Product_List-w-Fall-09-V2(1).xls
[2010/06/18 17:18:33 | 000,243,200 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Proto_Product_List-w-Fall-09-NoPhotos-V2.xls
[2010/06/18 16:30:39 | 000,408,477 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Site Plan 1 2.14.08 With Drive Through.pdf
[2010/06/18 15:12:03 | 000,442,880 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\JIAN FENG HUANG.doc
[2010/06/18 15:10:20 | 000,580,096 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Jin Liu.doc
[2010/06/18 15:05:03 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\RetLSalesRp0510Prelimwithnames.xls
[2010/06/01 12:21:29 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\RetLSalesRp0410FINAL.xls
[2010/05/26 15:43:05 | 000,012,011 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\IDA invite revised by Rick again.docx
[2010/05/26 15:35:20 | 000,012,406 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\IDA invite revised by Rick.docx
[2010/05/25 15:26:43 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\IDA invite.doc
[2010/05/06 12:41:53 | 000,025,801 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\SalesOrd_2432_from_El_Greco.pdf
[2010/05/03 15:30:44 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\RetLSalesRp0310FINALWITHNAMES.xls
[2009/12/09 15:06:40 | 011,384,320 | R--- | C] () -- C:\WINDOWS\System32\BGP870.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/13 09:56:26 | 000,246,272 | R--- | C] () -- C:\WINDOWS\System32\Bluebeam JPX Library.dll
[2008/11/06 11:29:26 | 000,678,912 | R--- | C] () -- C:\WINDOWS\System32\Bluebeam Javascript Library.dll
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/06 11:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/06/18 16:54:46 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/05/30 16:12:50 | 000,000,507 | ---- | C] () -- C:\WINDOWS\LMABB2DD.ini
[2006/05/30 16:11:41 | 000,630,784 | ---- | C] () -- C:\WINDOWS\System32\LMabpmui.dll
[2006/05/30 16:11:40 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\LMabusb1.dll
[2006/05/30 16:11:39 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\LMabserv.dll
[2006/05/30 16:11:39 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\LMabprox.dll
[2006/05/30 16:11:38 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\LMabip1.dll
[2006/05/30 16:11:38 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\LMabpar1.dll
[2006/05/30 16:11:38 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\LMablmpm.dll
[2006/05/30 16:11:38 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\LMabpplc.dll
[2006/05/30 16:11:37 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\LMabcomm.dll
[2006/05/30 16:11:36 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\LMabcomc.dll
[2006/03/16 15:20:03 | 000,056,429 | ---- | C] () -- C:\WINDOWS\System32\K08425JN.DLL
[2006/03/16 15:20:03 | 000,056,429 | ---- | C] () -- C:\WINDOWS\System32\K08425AC.DLL
[2006/03/03 17:13:35 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2006/03/03 17:13:35 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2006/03/02 16:57:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/02 16:57:56 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/03/02 16:57:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2006/01/23 16:10:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/01/20 18:43:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\omnithread_rt.dll
[2006/01/16 13:52:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/16 13:32:16 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 19:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[1999/01/22 22:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2009/01/15 17:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2008/10/28 16:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Furniture-Pro
[2008/01/09 15:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Southwest Airlines
[2008/04/28 12:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Web Visuals
[2009/06/04 13:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\webex
[2009/11/12 18:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Windows Desktop Search
[2010/02/03 15:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Windows Search
[2010/02/16 17:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\A-PDF
[2010/03/02 17:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluebeam Software
[2008/10/28 16:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Furniture-Pro
[2010/08/01 13:42:51 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/09/05 17:24:36 | 000,026,112 | ---- | M] () -- C:\ACG_2110_Nikolai_week_1.doc
[2004/08/11 19:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/29 18:24:44 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/31 14:24:32 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/31 20:57:42 | 000,015,330 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 19:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/01/16 13:32:38 | 000,003,921 | RH-- | M] () -- C:\dell.sdr
[2010/08/01 13:42:24 | 526,528,512 | -HS- | M] () -- C:\hiberfil.sys
[2006/03/02 16:01:55 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/01/23 15:46:21 | 000,004,416 | ---- | M] () -- C:\lmab.log
[2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/12/08 18:32:23 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/01 13:42:23 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2007/12/19 10:31:38 | 000,012,800 | ---- | M] ( ) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\rainprtx.dll
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004/08/11 19:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 19:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 19:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoUpdate" = 0
"AUOptions" = 3
"ScheduledInstallDay" = 0
"ScheduledInstallTime" = 12
"UseWUServer" = 1
"RescheduleWaitTimeEnabled" = 1
"RescheduleWaitTime" = 5
"DetectionFrequencyEnabled" = 1
"DetectionFrequency" = 6
"AutoInstallMinorUpdates" = 1
"RebootWarningTimeoutEnabled" = 1
"RebootWarningTimeout" = 10
"RebootRelaunchTimeoutEnabled" = 1
"RebootRelaunchTimeout" = 10
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
-
August 1st, 2010, 02:05 PM
#14
Extra.txt part one
OTL Extras logfile created on: 8/1/2010 1:46:50 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
502.00 Mb Total Physical Memory | 236.00 Mb Available Physical Memory | 47.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 58.27 Gb Free Space | 78.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TAMPA4
Current User Name: admin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\MICROS~2\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet isabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\LMabcoms.exe" = C:\WINDOWS\system32\LMabcoms.exe:*:Enabled:Lexmark Enhanced TCP/IP -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
-
August 1st, 2010, 02:06 PM
#15
Extra txt part two
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{058B32E2-6310-4359-B2D4-1988390C3B83}" = Broadcom Advanced Control Suite
"{135740AF-5662-4ABD-8CAA-389AAB164E01}" = iTivity Support Agent
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{31CF0A98-8618-4829-921A-036714CF01A6}" = Panasonic KX-P7105 and KX-P7110 Ver1.30
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39049458-1C9C-11D5-A13C-00D0B7BD089B}" = Policies Now 6
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Google AFE
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{73568F76-7A37-9DB4-73B1-11DCF1A2FC52}" = FOX News Live
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{7641FD7D-E94E-424E-A95C-0593C84DC0C0}" = VZAccess Manager
"{7B2ADCB5-3F3D-478A-90A9-A8C04EF82BF6}" = Mobile Broadband Generic Drivers
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A7CAD240-CCA9-4684-92B4-CC7D2ED2329F}" = Furniture-Pro 16.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C66B938D-3310-49B2-82AE-E99E2A6E957B}" = ML-1450 Series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{F2DC73D5-BD4D-4EC5-BF5F-6E86668BF1B4}" = Bluebeam PDF Revu Standard v8.0.0
"{FCBD687D-DD7E-490C-8071-D4DBF97A57FF}" = Web Visuals Client
"ActiveScan 2.0" = Panda ActiveScan 2.0
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"A-PDF Page Master_is1" = A-PDF Page Master 1.7
"avast!" = avast! Antivirus
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Desktop" = Google Desktop
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{F2DC73D5-BD4D-4EC5-BF5F-6E86668BF1B4}" = Bluebeam PDF Revu Standard v8.0.0
"Lexmark_HostCD" = Lexmark Software Uninstall
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Samsung SCX-6x20 Series" = Samsung SCX-6x20 Series
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 7/29/2010 2:51:36 PM | Computer Name = TAMPA4 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\GOOGLE
DESKTOP\9A9CDB66F456\UINFO.DAT failed, 00000005.
[ Application Events ]
Error - 7/29/2010 7:28:01 PM | Computer Name = TAMPA4 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 7/29/2010 7:28:01 PM | Computer Name = TAMPA4 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 7/30/2010 1:01:43 PM | Computer Name = TAMPA4 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/30/2010 1:01:43 PM | Computer Name = TAMPA4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 7/30/2010 1:01:43 PM | Computer Name = TAMPA4 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/30/2010 1:01:44 PM | Computer Name = TAMPA4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 7/31/2010 2:13:09 PM | Computer Name = TAMPA4 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/31/2010 2:13:09 PM | Computer Name = TAMPA4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 7/31/2010 2:13:10 PM | Computer Name = TAMPA4 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/31/2010 2:13:10 PM | Computer Name = TAMPA4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
[ OSession Events ]
Error - 3/2/2010 3:57:48 PM | Computer Name = TAMPA4 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10918
seconds with 3000 seconds of active time. This session ended with a crash.
Error - 7/22/2010 4:40:54 PM | Computer Name = TAMPA4 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5532
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 7/30/2010 12:49:01 PM | Computer Name = TAMPA4 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2
Error - 7/30/2010 1:55:00 PM | Computer Name = TAMPA4 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2
Error - 7/30/2010 3:04:47 PM | Computer Name = TAMPA4 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2
Error - 7/31/2010 2:15:00 PM | Computer Name = TAMPA4 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 7/31/2010 8:32:09 PM | Computer Name = TAMPA4 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126
Error - 7/31/2010 8:52:32 PM | Computer Name = TAMPA4 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126
Error - 8/1/2010 1:36:45 PM | Computer Name = TAMPA4 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126
Error - 8/1/2010 1:42:49 PM | Computer Name = TAMPA4 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126
Error - 8/1/2010 1:47:08 PM | Computer Name = TAMPA4 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.
Error - 8/1/2010 1:47:08 PM | Computer Name = TAMPA4 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2
< End of report >
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
