|
-
July 9th, 2010, 08:03 AM
#1
 [RESOLVED] Trojans found
I was working on this computer for a friend about a year ago, trying to get rid of some malware, and while I was working on it they decided to just get a new computer. I am now trying fix it again. I tried installing Norton 360 AV, but it made the system so slow, it was nearly impossible to use. I did an online scan using BitDefender, and it found some trojans/virus'. Installed Avira AntiVir Personal, that seems to run OK. Dont know if it was the trojans making Nortons run so slow or if I need to get more memory. Here are my logs.
BitDefender Online Scanner - Real Time Virus Report
Generated at: Thu, Jul 08, 2010 - 14:27:56
--------------------------------------------------------------------------------
Scan Info
Scanned Files
191458
Infected Files
4
Virus Detected
Trojan.Vundo.GMM
1
Trojan.Agent.AGVK
1
Trojan.Generic.1615286
1
Gen:Heur.Krypt.14
1
--------------------------------------------------------------------------------
This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-09 06:13:03
Windows 5.1.2600 Service Pack 3
Running: 7q5q9uwp.exe; Driver: C:\DOCUME~1\Paul\LOCALS~1\Temp\kwwirfog.sys
---- System - GMER 1.0.15 ----
SSDT F989706E ZwCreateKey
SSDT F9897064 ZwCreateThread
SSDT F9897073 ZwDeleteKey
SSDT F989707D ZwDeleteValueKey
SSDT spqo.sys ZwEnumerateKey [0xF9166DA4]
SSDT spqo.sys ZwEnumerateValueKey [0xF9167132]
SSDT F9897082 ZwLoadKey
SSDT spqo.sys ZwOpenKey [0xF914E0C0]
SSDT F9897050 ZwOpenProcess
SSDT F9897055 ZwOpenThread
SSDT spqo.sys ZwQueryKey [0xF916720A]
SSDT spqo.sys ZwQueryValueKey [0xF916708A]
SSDT F989708C ZwReplaceKey
SSDT F9897087 ZwRestoreKey
SSDT F9897078 ZwSetValueKey
INT 0x62 ? 8130EBF8
INT 0x82 ? 8130EBF8
---- Kernel code sections - GMER 1.0.15 ----
? spqo.sys The system cannot find the file specified. !
.text a0dpu1i0.SYS F8D01386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a0dpu1i0.SYS F8D013AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a0dpu1i0.SYS F8D013C4 3 Bytes [00, 80, 02]
.text a0dpu1i0.SYS F8D013C9 1 Byte [30]
.text a0dpu1i0.SYS F8D013C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 813132D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F9179DDC] spqo.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F9179E30] spqo.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F914F042] spqo.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F914F13E] spqo.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F914F0C0] spqo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F914F800] spqo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F914F6D6] spqo.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F915EB90]
-
July 9th, 2010, 08:06 AM
#2
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] FFA4F2D8
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!swprintf] 001CBA86
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8986
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C8B
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmFreeMappingAddress] 96868801
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CB286
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmUnmapIoSpace] 88968B00
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IofCompleteRequest] 001CA496
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IofCallDriver] 001CC186
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] C286880C
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CC386
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C98
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!ObfDereferenceObject] 22F6E852
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!ZwClose] 1CB48E8D
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 000022E4
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoCreateDevice] 00001CA0
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 22D2E850
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!ZwOpenKey] 1CBC968D
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoStartTimer] 000022C0
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoInitializeTimer] 001CC38E
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CC58688
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC386
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C98
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2292E851
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CB4868D
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmUnlockPages] 00002280
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CC38E
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CC58688
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CC396
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CC5
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CC5
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CC68E
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC886
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoAllocateIrp] 11E85000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000022
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CC08E
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmLockPagableDataSection] C4968B00
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CCC8E
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!ExFreePoolWithTag] D0968900
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!InitSafeBootMode] D4C68150
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!PoCallDriver] 0021E7E8
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\a0dpu1i0.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
-
July 9th, 2010, 08:08 AM
#3
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8130C1F8
Device \FileSystem\Fastfat \FatCdrom FF804500
Device \Driver\NetBT \Device\NetBT_Tcpip_{273C306C-7B37-4B0C-9DC8-44542C50A181} FF8D01F8
Device \Driver\usbuhci \Device\USBPDO-0 FFA4E1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8130F1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8130F1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8130F1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8130F1F8
Device \Driver\usbuhci \Device\USBPDO-1 FFA4E1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1B65CF21-01CA-4A67-B243-23F763DE71D1} FF8D01F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 813101F8
Device \Driver\Cdrom \Device\CdRom0 FFA511F8
Device \Driver\Cdrom \Device\CdRom1 FFA511F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F90A2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F90A2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F90A2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F90A2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\sptd \Device\1493065136 spqo.sys
Device \Driver\PCI_PNP1386 \Device\0000003d spqo.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export FF8D01F8
Device \Driver\NetBT \Device\NetbiosSmb FF8D01F8
Device \Driver\usbuhci \Device\USBFDO-0 FFA4E1F8
Device \Driver\usbuhci \Device\USBFDO-1 FFA4E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver FF8B31F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector FF8B31F8
Device \Driver\Ftdisk \Device\FtControl 813101F8
Device \Driver\a0dpu1i0 \Device\Scsi\a0dpu1i01Port2Path0Target0Lun0 FFA4D1F8
Device \Driver\a0dpu1i0 \Device\Scsi\a0dpu1i01 FFA4D1F8
Device \FileSystem\Fastfat \Fat FF804500
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs FFA7E500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7E 0xFC 0x5C 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x74 0x33 0xB0 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x98 0x91 0x80 0x50 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7E 0xFC 0x5C 0xE8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x74 0x33 0xB0 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x98 0x91 0x80 0x50 ...
---- EOF - GMER 1.0.15 ----
-
July 9th, 2010, 08:09 AM
#4
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4294
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/8/2010 7:26:53 PM
mbam-log-2010-07-08 (19-26-53).txt
Scan type: Quick scan
Objects scanned: 140843
Time elapsed: 17 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:45:10 PM, on 7/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [jebogobiki] Rundll32.exe "C:\WINDOWS\system32\sihiyadu.dll",s (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1188583180984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1239638374406
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames...n.cab55579.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - Unknown owner - C:\WINDOWS\system32\lxczcoms.exe (file missing)
--
End of file - 5982 bytes
-
July 9th, 2010, 09:52 PM
#5
I don't see Avira running, judging from your HJT log. What's up with that?
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
July 9th, 2010, 10:35 PM
#6
That is odd, I dont recall disabling Avira, maybe I posted the wrong HJT log. Here is a new one. I'll post combofix log when it is finished.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:30:12 PM, on 7/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [jebogobiki] Rundll32.exe "C:\WINDOWS\system32\sihiyadu.dll",s (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1188583180984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1239638374406
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames...n.cab55579.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - Unknown owner - C:\WINDOWS\system32\lxczcoms.exe (file missing)
--
End of file - 6528 bytes
-
July 9th, 2010, 11:54 PM
#7
The first time I ran Combofix I was informed that the recovery console was not installed. First log is without it.
ComboFix 10-07-08.02 - Paul 07/09/2010 21:48:21.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.109 [GMT -5:00]
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\ogeyewag.ini
c:\windows\xpsp1hfm.log
.
((((((((((((((((((((((((( Files Created from 2010-06-10 to 2010-07-10 )))))))))))))))))))))))))))))))
.
2010-07-09 16:14 . 2010-07-09 16:14 -------- d-----w- c:\program files\Triumph Studios
2010-07-09 01:15 . 2010-07-09 01:15 -------- d-----w- c:\documents and settings\Paul\Application Data\Avira
2010-07-09 01:13 . 2010-07-09 06:04 -------- d-----w- c:\windows\system32\NtmsData
2010-07-09 01:03 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-09 01:03 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-09 01:03 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-09 01:03 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-09 01:03 . 2010-07-09 01:03 -------- d-----w- c:\program files\Avira
2010-07-09 01:03 . 2010-07-09 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-07-09 00:37 . 2010-07-09 00:37 388096 ----a-r- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-09 00:37 . 2010-07-09 00:37 -------- d-----w- c:\program files\Trend Micro
2010-07-08 16:43 . 2010-07-08 19:27 -------- d-----w- c:\windows\BDOSCAN8
2010-07-08 02:48 . 2010-07-08 02:48 -------- d-----w- c:\program files\Ascaron Entertainment
2010-07-08 02:32 . 2010-07-08 02:33 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-08 02:32 . 2010-07-08 02:40 -------- d-----w- c:\documents and settings\Paul\Application Data\DAEMON Tools Lite
2010-07-08 02:31 . 2010-07-08 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-07-08 02:11 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-07-07 19:05 . 2010-07-07 19:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-07 18:59 . 2010-07-07 22:15 -------- d-----w- c:\program files\Cossacks
2010-07-07 18:59 . 2010-07-07 18:57 4358144 ----a-w- c:\windows\uncsetup.exe
2010-07-07 18:45 . 2010-07-08 01:17 -------- d-----w- c:\documents and settings\Paul\Application Data\BitTorrent
2010-07-07 18:45 . 2010-07-07 18:45 -------- d-----w- c:\program files\BitTorrent
2010-07-06 17:24 . 2010-07-06 17:24 -------- d-----w- c:\program files\Take2 Interactive
2010-07-06 10:09 . 2010-07-06 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-07-06 01:12 . 2010-07-06 01:12 -------- d-----w- c:\program files\Atari
2010-07-05 19:33 . 2007-12-20 15:43 248448 ----a-w- c:\windows\system32\PROUnstl.exe
2010-07-05 19:18 . 2010-07-05 19:18 -------- d-sh--w- c:\documents and settings\Paul\IECompatCache
2010-07-05 18:55 . 2010-07-05 18:55 -------- d-sh--w- c:\documents and settings\Paul\PrivacIE
2010-07-05 18:49 . 2010-07-05 18:49 -------- d-sh--w- c:\documents and settings\Paul\IETldCache
2010-07-05 18:25 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-07-05 18:25 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-05 18:25 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-05 18:24 . 2010-07-05 19:10 -------- d-----w- c:\windows\ie8updates
2010-07-05 18:24 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-07-05 18:20 . 2010-07-05 18:24 -------- dc-h--w- c:\windows\ie8
2010-07-05 18:05 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-07-05 18:05 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-07-05 17:40 . 2010-07-05 17:40 -------- d-----w- c:\program files\Common Files\Java
2010-07-05 17:38 . 2010-07-05 17:38 503808 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-51158460-n\msvcp71.dll
2010-07-05 17:38 . 2010-07-05 17:38 499712 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-51158460-n\jmc.dll
2010-07-05 17:38 . 2010-07-05 17:38 348160 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-51158460-n\msvcr71.dll
2010-07-05 17:38 . 2010-07-05 17:38 61440 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44fa989a-n\decora-sse.dll
2010-07-05 17:38 . 2010-07-05 17:38 12800 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44fa989a-n\decora-d3d.dll
2010-07-05 17:37 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-05 17:27 . 2010-07-05 17:27 503808 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-552a14fc-n\msvcp71.dll
2010-07-05 17:27 . 2010-07-05 17:27 348160 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-552a14fc-n\msvcr71.dll
2010-07-05 17:27 . 2010-07-05 17:27 499712 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-552a14fc-n\jmc.dll
2010-07-05 16:39 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 16:39 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-05 16:39 . 2010-07-05 16:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 16:24 . 2006-08-17 02:04 402944 ----a-r- c:\windows\system32\drivers\WlanGZXP.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 04:37 . 2007-07-01 03:55 43520 -c--a-w- c:\windows\system32\CmdLineExt03.dll
2010-07-08 02:32 . 2009-03-24 00:20 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-06 10:29 . 2007-06-29 16:07 -------- d-----w- c:\program files\Age of Wonders II
2010-07-06 01:12 . 2007-06-13 05:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-06 01:10 . 2007-06-13 05:51 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-06 00:48 . 2007-07-19 20:33 -------- d-----w- c:\program files\Steam
2010-07-05 19:40 . 2007-06-21 19:26 -------- d-----w- c:\program files\Lavasoft
2010-07-05 17:36 . 2009-03-16 18:07 -------- d-----w- c:\program files\Java
2010-07-05 15:55 . 2009-06-11 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-05 15:55 . 2009-06-11 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-05 15:54 . 2009-06-11 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2010-05-06 10:41 . 2002-09-03 13:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2010-05-04 17:20 78336 ------w- c:\windows\system32\ieencode.dll
2010-05-02 05:22 . 2002-09-03 13:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2002-09-03 13:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/8/2010 8:03 PM 135336]
R3 ZG760_XP;ZyXEL 802.11g XG762 1211 Driver;c:\windows\system32\drivers\WlanGZXP.sys [7/5/2010 11:24 AM 402944]
S3 Fadpu16E;Fadpu16E;\??\c:\docume~1\Paul\LOCALS~1\Temp\Fadpu16E.sys --> c:\docume~1\Paul\LOCALS~1\Temp\Fadpu16E.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/23/2009 7:20 PM 691696]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - SSMDRV
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
HKLM-Run-FaxCenterServer - c:\program files\Lexmark Fax Solutions\fm3032.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-09 22:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-07-09 22:11:21
ComboFix-quarantined-files.txt 2010-07-10 03:11
Pre-Run: 26,782,117,888 bytes free
Post-Run: 27,340,292,096 bytes free
- - End Of File - - CFBD14F925983CCF71672C95BDE5F98A
-
July 9th, 2010, 11:58 PM
#8
ComboFix 10-07-08.02 - Paul 07/09/2010 22:29:09.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.21 [GMT -5:00]
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((( Files Created from 2010-06-10 to 2010-07-10 )))))))))))))))))))))))))))))))
.
2010-07-09 16:14 . 2010-07-09 16:14 -------- d-----w- c:\program files\Triumph Studios
2010-07-09 01:15 . 2010-07-09 01:15 -------- d-----w- c:\documents and settings\Paul\Application Data\Avira
2010-07-09 01:13 . 2010-07-09 06:04 -------- d-----w- c:\windows\system32\NtmsData
2010-07-09 01:03 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-09 01:03 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-09 01:03 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-09 01:03 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-09 01:03 . 2010-07-09 01:03 -------- d-----w- c:\program files\Avira
2010-07-09 01:03 . 2010-07-09 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-07-09 00:37 . 2010-07-09 00:37 388096 ----a-r- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-09 00:37 . 2010-07-09 00:37 -------- d-----w- c:\program files\Trend Micro
2010-07-08 16:43 . 2010-07-08 19:27 -------- d-----w- c:\windows\BDOSCAN8
2010-07-08 02:48 . 2010-07-08 02:48 -------- d-----w- c:\program files\Ascaron Entertainment
2010-07-08 02:32 . 2010-07-08 02:33 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-08 02:32 . 2010-07-08 02:40 -------- d-----w- c:\documents and settings\Paul\Application Data\DAEMON Tools Lite
2010-07-08 02:31 . 2010-07-08 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-07-08 02:11 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-07-07 19:05 . 2010-07-07 19:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-07 18:59 . 2010-07-07 22:15 -------- d-----w- c:\program files\Cossacks
2010-07-07 18:59 . 2010-07-07 18:57 4358144 ----a-w- c:\windows\uncsetup.exe
2010-07-07 18:45 . 2010-07-08 01:17 -------- d-----w- c:\documents and settings\Paul\Application Data\BitTorrent
2010-07-07 18:45 . 2010-07-07 18:45 -------- d-----w- c:\program files\BitTorrent
2010-07-06 17:24 . 2010-07-06 17:24 -------- d-----w- c:\program files\Take2 Interactive
2010-07-06 10:09 . 2010-07-06 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-07-06 01:12 . 2010-07-06 01:12 -------- d-----w- c:\program files\Atari
2010-07-05 19:33 . 2007-12-20 15:43 248448 ----a-w- c:\windows\system32\PROUnstl.exe
2010-07-05 19:18 . 2010-07-05 19:18 -------- d-sh--w- c:\documents and settings\Paul\IECompatCache
2010-07-05 18:55 . 2010-07-05 18:55 -------- d-sh--w- c:\documents and settings\Paul\PrivacIE
2010-07-05 18:49 . 2010-07-05 18:49 -------- d-sh--w- c:\documents and settings\Paul\IETldCache
2010-07-05 18:25 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-07-05 18:25 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-05 18:25 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-05 18:24 . 2010-07-05 19:10 -------- d-----w- c:\windows\ie8updates
2010-07-05 18:24 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-07-05 18:20 . 2010-07-05 18:24 -------- dc-h--w- c:\windows\ie8
2010-07-05 18:05 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-07-05 18:05 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-07-05 17:40 . 2010-07-05 17:40 -------- d-----w- c:\program files\Common Files\Java
2010-07-05 17:38 . 2010-07-05 17:38 503808 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-51158460-n\msvcp71.dll
2010-07-05 17:38 . 2010-07-05 17:38 499712 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-51158460-n\jmc.dll
2010-07-05 17:38 . 2010-07-05 17:38 348160 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-51158460-n\msvcr71.dll
2010-07-05 17:38 . 2010-07-05 17:38 61440 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44fa989a-n\decora-sse.dll
2010-07-05 17:38 . 2010-07-05 17:38 12800 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44fa989a-n\decora-d3d.dll
2010-07-05 17:37 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-05 17:27 . 2010-07-05 17:27 503808 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-552a14fc-n\msvcp71.dll
2010-07-05 17:27 . 2010-07-05 17:27 348160 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-552a14fc-n\msvcr71.dll
2010-07-05 17:27 . 2010-07-05 17:27 499712 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-552a14fc-n\jmc.dll
2010-07-05 16:39 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 16:39 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-05 16:39 . 2010-07-05 16:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 16:24 . 2006-08-17 02:04 402944 ----a-r- c:\windows\system32\drivers\WlanGZXP.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 04:37 . 2007-07-01 03:55 43520 -c--a-w- c:\windows\system32\CmdLineExt03.dll
2010-07-08 02:32 . 2009-03-24 00:20 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-06 10:29 . 2007-06-29 16:07 -------- d-----w- c:\program files\Age of Wonders II
2010-07-06 01:12 . 2007-06-13 05:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-06 01:10 . 2007-06-13 05:51 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-06 00:48 . 2007-07-19 20:33 -------- d-----w- c:\program files\Steam
2010-07-05 19:40 . 2007-06-21 19:26 -------- d-----w- c:\program files\Lavasoft
2010-07-05 17:36 . 2009-03-16 18:07 -------- d-----w- c:\program files\Java
2010-07-05 15:55 . 2009-06-11 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-05 15:55 . 2009-06-11 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-05 15:54 . 2009-06-11 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2010-05-06 10:41 . 2002-09-03 13:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2010-05-04 17:20 78336 ------w- c:\windows\system32\ieencode.dll
2010-05-02 05:22 . 2002-09-03 13:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2002-09-03 13:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/8/2010 8:03 PM 135336]
R3 ZG760_XP;ZyXEL 802.11g XG762 1211 Driver;c:\windows\system32\drivers\WlanGZXP.sys [7/5/2010 11:24 AM 402944]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/23/2009 7:20 PM 691696]
S3 Fadpu16E;Fadpu16E;\??\c:\docume~1\Paul\LOCALS~1\Temp\Fadpu16E.sys --> c:\docume~1\Paul\LOCALS~1\Temp\Fadpu16E.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - SSMDRV
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-09 22:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3592)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-09 22:47:10
ComboFix-quarantined-files.txt 2010-07-10 03:47
ComboFix2.txt 2010-07-10 03:11
Pre-Run: 27,342,172,160 bytes free
Post-Run: 27,336,564,736 bytes free
- - End Of File - - 516C50A5A189F0B50A443144652355A2
-
July 10th, 2010, 01:46 AM
#9
Combofix reports:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
Please, allow recovery console installation on next Combofix run.
1. Please open Notepad- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\docume~1\Paul\LOCALS~1\Temp\Fadpu16E.sys
Folder::
c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Norton
Driver::
Fadpu16E
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
-
July 10th, 2010, 04:01 AM
#10
ComboFix 10-07-08.02 - Paul 07/10/2010 2:26.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.117 [GMT -5:00]
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Paul\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE ::
"c:\docume~1\Paul\LOCALS~1\Temp\Fadpu16E.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Norton
c:\documents and settings\All Users\Application Data\Norton\00000082\00000105\0000034c\cltLMS1.dat
c:\documents and settings\All Users\Application Data\Norton\00000082\00000105\0000034c\cltLMS2.dat
c:\documents and settings\All Users\Application Data\Norton\00000082\00000105\cltupgrade.dat
c:\documents and settings\All Users\Application Data\Norton\00000082\00000105\key.txt
c:\documents and settings\All Users\Application Data\Norton\symdata.xml
c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec\SubEng\platformid.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FADPU16E
-------\Service_Fadpu16E
((((((((((((((((((((((((( Files Created from 2010-06-10 to 2010-07-10 )))))))))))))))))))))))))))))))
.
2010-07-09 16:14 . 2010-07-09 16:14 -------- d-----w- c:\program files\Triumph Studios
2010-07-09 01:15 . 2010-07-09 01:15 -------- d-----w- c:\documents and settings\Paul\Application Data\Avira
2010-07-09 01:13 . 2010-07-09 06:04 -------- d-----w- c:\windows\system32\NtmsData
2010-07-09 01:03 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-09 01:03 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-09 01:03 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-09 01:03 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-09 01:03 . 2010-07-09 01:03 -------- d-----w- c:\program files\Avira
2010-07-09 01:03 . 2010-07-09 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-07-09 00:37 . 2010-07-09 00:37 -------- d-----w- c:\program files\Trend Micro
2010-07-08 16:43 . 2010-07-08 19:27 -------- d-----w- c:\windows\BDOSCAN8
2010-07-08 02:48 . 2010-07-08 02:48 -------- d-----w- c:\program files\Ascaron Entertainment
2010-07-08 02:32 . 2010-07-08 02:33 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-08 02:32 . 2010-07-08 02:40 -------- d-----w- c:\documents and settings\Paul\Application Data\DAEMON Tools Lite
2010-07-08 02:31 . 2010-07-08 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-07-08 02:11 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-07-07 19:05 . 2010-07-07 19:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-07 18:59 . 2010-07-07 22:15 -------- d-----w- c:\program files\Cossacks
2010-07-07 18:59 . 2010-07-07 18:57 4358144 ----a-w- c:\windows\uncsetup.exe
2010-07-07 18:45 . 2010-07-08 01:17 -------- d-----w- c:\documents and settings\Paul\Application Data\BitTorrent
2010-07-07 18:45 . 2010-07-07 18:45 -------- d-----w- c:\program files\BitTorrent
2010-07-06 17:24 . 2010-07-06 17:24 -------- d-----w- c:\program files\Take2 Interactive
2010-07-06 10:09 . 2010-07-06 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-07-06 01:12 . 2010-07-06 01:12 -------- d-----w- c:\program files\Atari
2010-07-05 19:33 . 2007-12-20 15:43 248448 ----a-w- c:\windows\system32\PROUnstl.exe
2010-07-05 19:18 . 2010-07-05 19:18 -------- d-sh--w- c:\documents and settings\Paul\IECompatCache
2010-07-05 18:55 . 2010-07-05 18:55 -------- d-sh--w- c:\documents and settings\Paul\PrivacIE
2010-07-05 18:49 . 2010-07-05 18:49 -------- d-sh--w- c:\documents and settings\Paul\IETldCache
2010-07-05 18:25 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-07-05 18:25 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-05 18:25 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-05 18:24 . 2010-07-05 19:10 -------- d-----w- c:\windows\ie8updates
2010-07-05 18:24 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-07-05 18:20 . 2010-07-05 18:24 -------- dc-h--w- c:\windows\ie8
2010-07-05 18:05 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-07-05 18:05 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-07-05 17:40 . 2010-07-05 17:40 -------- d-----w- c:\program files\Common Files\Java
2010-07-05 17:37 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-05 16:39 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 16:39 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-05 16:39 . 2010-07-05 16:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 16:24 . 2006-08-17 02:04 402944 ----a-r- c:\windows\system32\drivers\WlanGZXP.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 00:37 . 2010-07-09 00:37 388096 ----a-r- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-08 04:37 . 2007-07-01 03:55 43520 -c--a-w- c:\windows\system32\CmdLineExt03.dll
2010-07-08 02:32 . 2009-03-24 00:20 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-06 10:29 . 2007-06-29 16:07 -------- d-----w- c:\program files\Age of Wonders II
2010-07-06 01:12 . 2007-06-13 05:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-06 01:10 . 2007-06-13 05:51 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-06 00:48 . 2007-07-19 20:33 -------- d-----w- c:\program files\Steam
2010-07-05 19:40 . 2007-06-21 19:26 -------- d-----w- c:\program files\Lavasoft
2010-07-05 17:38 . 2010-07-05 17:38 503808 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-51158460-n\msvcp71.dll
2010-07-05 17:38 . 2010-07-05 17:38 499712 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-51158460-n\jmc.dll
2010-07-05 17:38 . 2010-07-05 17:38 348160 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-51158460-n\msvcr71.dll
2010-07-05 17:38 . 2010-07-05 17:38 61440 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44fa989a-n\decora-sse.dll
2010-07-05 17:38 . 2010-07-05 17:38 12800 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-44fa989a-n\decora-d3d.dll
2010-07-05 17:36 . 2009-03-16 18:07 -------- d-----w- c:\program files\Java
2010-07-05 17:27 . 2010-07-05 17:27 503808 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-552a14fc-n\msvcp71.dll
2010-07-05 17:27 . 2010-07-05 17:27 348160 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-552a14fc-n\msvcr71.dll
2010-07-05 17:27 . 2010-07-05 17:27 499712 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-552a14fc-n\jmc.dll
2010-07-05 15:54 . 2009-06-11 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2010-05-06 10:41 . 2002-09-03 13:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2010-05-04 17:20 78336 ------w- c:\windows\system32\ieencode.dll
2010-05-02 05:22 . 2002-09-03 13:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2002-09-03 13:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/8/2010 8:03 PM 135336]
R3 ZG760_XP;ZyXEL 802.11g XG762 1211 Driver;c:\windows\system32\drivers\WlanGZXP.sys [7/5/2010 11:24 AM 402944]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/23/2009 7:20 PM 691696]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-10 02:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2204)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Completion time: 2010-07-10 02:53:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-10 07:52
ComboFix2.txt 2010-07-10 03:47
ComboFix3.txt 2010-07-10 03:11
Pre-Run: 27,275,943,936 bytes free
Post-Run: 27,283,664,896 bytes free
- - End Of File - - AF989BAFF12D835B0E3E1B0620431F93
-
July 10th, 2010, 01:00 PM
#11
Good 
Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.
=============================================================
Download OTL to your Desktop.
* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
-
July 10th, 2010, 01:47 PM
#12
OTL logfile created on: 7/10/2010 12:23:05 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
254.00 Mb Total Physical Memory | 83.00 Mb Available Physical Memory | 33.00% Memory free
625.00 Mb Paging File | 370.00 Mb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 26.69 Gb Free Space | 69.72% Space Free | Partition Type: NTFS
Drive D: | 310.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: VALUED-B3D9B0B0
Current User Name: Paul
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/07/10 12:22:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 22:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
========== Modules (SafeList) ==========
MOD - [2010/07/10 12:22:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\lxczcoms.exe -- (lxcz_device)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2010/07/07 21:32:58 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/02 06:41:49 | 000,029,184 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2006/08/17 10:03:30 | 000,019,072 | ---- | M] (ZDC., Inc. (ZDC)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ZDCndis5.sys -- (ZDCNDIS5)
DRV - [2006/08/16 21:04:24 | 000,402,944 | R--- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WlanGZXP.sys -- (ZG760_XP)
DRV - [2004/08/03 22:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv10nt.sys -- (iAimTV5)
DRV - [2004/08/03 22:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv06nt.sys -- (iAimTV6)
DRV - [2004/08/03 22:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv09nt.sys -- (iAimFP7)
DRV - [2004/08/03 22:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv07nt.sys -- (iAimFP5)
DRV - [2004/08/03 22:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv08nt.sys -- (iAimFP6)
DRV - [2004/08/03 22:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 22:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2)
DRV - [2001/08/17 08:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 08:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)
DRV - [2001/08/17 07:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2010/07/10 02:40:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10...I.cab55579.cab (StagingUI Object)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10...t.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/reso...an8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1188583180984 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1239638374406 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10...y.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames...n.cab55579.cab (ZPA_Backgammon Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/01 13:23:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/10/21 10:11:40 | 000,000,042 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\iyvu9_32.dll ()
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
-
July 10th, 2010, 01:48 PM
#13
========== Files/Folders - Created Within 90 Days ==========
[2010/07/10 12:21:56 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2010/07/10 03:03:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/09 22:24:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/09 22:24:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2010/07/09 22:24:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2010/07/09 21:41:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/09 14:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\New Folder
[2010/07/09 11:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\Triumph Studios
[2010/07/08 20:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Avira
[2010/07/08 20:13:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/07/08 20:03:47 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/07/08 20:03:45 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/07/08 20:03:45 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/07/08 20:03:45 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/07/08 20:03:45 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/07/08 20:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/07/08 20:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/07/08 19:37:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/08 11:43:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/07/08 11:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\backups
[2010/07/07 21:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\Ascaron Entertainment
[2010/07/07 21:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/07/07 21:32:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\DAEMON Tools Lite
[2010/07/07 21:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/07/07 13:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\Cossacks
[2010/07/07 13:59:02 | 004,358,144 | ---- | C] (GSC Game World) -- C:\WINDOWS\uncsetup.exe
[2010/07/07 13:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\BitTorrent
[2010/07/07 13:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010/07/06 12:24:57 | 000,000,000 | ---D | C] -- C:\Program Files\Take2 Interactive
[2010/07/06 05:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/07/05 20:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\Atari
[2010/07/05 14:18:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Paul\IECompatCache
[2010/07/05 13:55:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Paul\PrivacIE
[2010/07/05 13:49:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Paul\IETldCache
[2010/07/05 13:24:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/07/05 13:20:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/07/05 13:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/07/05 12:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/05 12:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/05 11:39:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/05 11:39:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/05 11:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/05 11:24:14 | 000,402,944 | R--- | C] (ZyDAS Technology Corporation) -- C:\WINDOWS\System32\drivers\WlanGZXP.sys
[2010/07/02 08:24:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\Symantec
[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/07/10 12:22:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2010/07/10 12:15:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/10 12:15:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/10 12:14:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/10 12:14:51 | 266,719,232 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/10 12:13:29 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Paul\NTUSER.DAT
[2010/07/10 12:13:29 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Paul\ntuser.ini
[2010/07/10 12:13:17 | 001,578,260 | -H-- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\IconCache.db
[2010/07/10 09:45:27 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/07/10 02:41:41 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/10 02:40:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/09 22:25:11 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/07/09 21:28:19 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\HiJackThis.lnk
[2010/07/09 11:18:47 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Age of Wonders.lnk
[2010/07/08 20:04:14 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/07/08 19:37:11 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\HiJackThis.msi
[2010/07/08 15:36:32 | 000,000,658 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Cossacks EU.lnk
[2010/07/08 14:56:18 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\7q5q9uwp.exe
[2010/07/07 21:33:01 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/07/07 21:32:58 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/07/07 18:49:20 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/07 13:57:53 | 004,358,144 | ---- | M] (GSC Game World) -- C:\WINDOWS\uncsetup.exe
[2010/07/07 13:45:58 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2010/07/06 05:37:12 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\American Conquest.lnk
[2010/07/05 20:16:01 | 000,001,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Locomotion.lnk
[2010/07/05 14:38:58 | 000,000,669 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2010/07/05 14:34:22 | 000,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/05 14:34:22 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/05 14:34:22 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/05 14:10:15 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/05 13:49:38 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/05 13:48:32 | 000,106,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/05 11:40:15 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/07/09 22:25:11 | 000,000,211 | -HS- | C] () -- C:\BOOT.BAK
[2010/07/09 22:25:04 | 000,260,288 | RHS- | C] () -- C:\cmldr
[2010/07/09 11:18:46 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Age of Wonders.lnk
[2010/07/08 20:04:13 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/07/08 19:37:49 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\HiJackThis.lnk
[2010/07/08 19:37:07 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\HiJackThis.msi
[2010/07/08 15:35:15 | 000,000,658 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Cossacks EU.lnk
[2010/07/08 14:56:15 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\7q5q9uwp.exe
[2010/07/07 21:33:01 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/07/07 13:45:58 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2010/07/06 05:35:48 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\American Conquest.lnk
[2010/07/05 20:16:01 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Locomotion.lnk
[2010/07/05 11:40:15 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/13 13:20:31 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2009/06/13 13:20:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2009/06/13 13:20:29 | 000,001,162 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2009/06/13 13:20:27 | 000,000,008 | -HS- | C] () -- C:\WINDOWS\System32\_desktop.ini
[2009/06/13 13:20:26 | 000,000,008 | -HS- | C] () -- C:\WINDOWS\System32\drivers\_desktop.ini
[2009/01/31 15:03:10 | 000,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2009/01/31 14:50:32 | 000,000,659 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/01/31 14:50:28 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/11/10 07:43:51 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/10/30 11:17:30 | 000,000,158 | ---- | C] () -- C:\WINDOWS\civ.ini
[2008/06/05 12:05:42 | 000,000,026 | ---- | C] () -- C:\WINDOWS\ms_games.ini
[2007/08/28 22:23:19 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/07/04 21:13:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2007/07/04 21:13:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2007/07/04 21:09:04 | 000,000,302 | ---- | C] () -- C:\WINDOWS\Lexstat.ini
[2007/07/04 21:08:10 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv7.dll
[2007/07/04 21:08:10 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv6.dll
[2007/07/04 21:08:10 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv5.dll
[2007/07/04 21:08:10 | 000,039,899 | ---- | C] () -- C:\WINDOWS\System32\rtsicis.ini
[2007/06/30 22:55:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/06/28 19:36:39 | 000,000,218 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/06/20 16:16:09 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/06/20 16:16:09 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/06/20 16:16:09 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/06/16 03:26:37 | 000,000,669 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[1997/06/13 21:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
========== LOP Check ==========
[2010/07/07 21:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/03/23 19:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2008/06/12 14:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/06/12 14:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/05/05 13:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/07/05 10:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2010/07/07 20:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\BitTorrent
[2010/07/07 21:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\DAEMON Tools Lite
[2009/03/23 19:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\DAEMON Tools Pro
[2009/02/21 23:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\GetRightToGo
[2007/06/13 02:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Leadertech
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2007/06/19 15:33:38 | 000,205,856 | ---- | M] () -- C:\AnalysisLog.sr0
[2007/06/01 13:23:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/06/01 13:57:54 | 000,000,211 | -HS- | M] () -- C:\BOOT.BAK
[2010/07/09 22:25:11 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2008/04/13 18:02:08 | 000,260,288 | RHS- | M] () -- C:\cmldr
[2010/07/10 02:53:04 | 000,011,345 | ---- | M] () -- C:\ComboFix.txt
[2007/06/01 13:23:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/10 12:14:51 | 266,719,232 | -HS- | M] () -- C:\hiberfil.sys
[2007/06/01 13:23:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/05/07 08:41:10 | 000,000,167 | ---- | M] () -- C:\JANUS.ERR
[2009/06/11 16:49:04 | 000,000,385 | ---- | M] () -- C:\lxcz.log
[2007/06/01 13:23:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/13 16:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/13 18:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/10 12:14:51 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
< %systemroot%\Fonts\*.dll >
< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/05/06 05:41:50 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2007/05/31 16:24:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/05/31 16:24:27 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/05/31 16:24:27 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 19:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-05-22 06:19:46
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP 9F6664C
< End of report >
-
July 10th, 2010, 01:50 PM
#14
OTL Extras logfile created on: 7/10/2010 12:23:05 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
254.00 Mb Total Physical Memory | 83.00 Mb Available Physical Memory | 33.00% Memory free
625.00 Mb Paging File | 370.00 Mb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 26.69 Gb Free Space | 69.72% Space Free | Partition Type: NTFS
Drive D: | 310.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: VALUED-B3D9B0B0
Current User Name: Paul
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Games\Age of Mythology\aom.exe" = C:\Program Files\Microsoft Games\Age of Mythology\aom.exe:*isabled:Age of Mythology -- (Ensemble Studios)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam Client -- (Valve Corporation)
"C:\Program Files\Sierra On-Line\SIGSPat.exe" = C:\Program Files\Sierra On-Line\SIGSPat.exe:*isabled:SIGSPat -- (Havas Interactive)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*isabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}" = Civilization III v1.29f
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{77F45E76-E897-42CA-A9FE-5F56817D875C}" = Locomotion
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"Age of Wonders" = Age of Wonders
"American Conquest" = American Conquest
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"Cossacks : Back To War" = Cossacks - Back To War
"EW : Cossacks" = EW : Cossacks
"ft_Transport Tycoon Deluxe" = Transport Tycoon Deluxe
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Mall Tycoon" = Mall Tycoon
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) Network Connections Drivers
"Sierra Utilities" = Sierra Utilities
"Steam App 50" = Opposing Force
"WinAce Archiver" = WinAce Archiver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Steam App 10" = Counter-Strike
"Steam App 130" = Half-Life: Blue Shift
"Steam App 20" = Team Fortress Classic
"Steam App 30" = Day of Defeat
"Steam App 40" = Deathmatch Classic
"Steam App 50" = Opposing Force
"Steam App 60" = Ricochet
"Steam App 70" = Half-Life
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 6/11/2009 12:27:26 PM | Computer Name = VALUED-B3D9B0B0 | Source = MsiInstaller | ID = 11905
Description = Product: URGE -- Error 1905.Module C:\WINDOWS\system32\Macromed\Flash\Flash8c.ocx
failed to unregister. HRESULT -2147220472. Contact your support personnel.
Error - 6/11/2009 5:42:57 PM | Computer Name = VALUED-B3D9B0B0 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\176cb591.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.
Error - 6/11/2009 5:43:00 PM | Computer Name = VALUED-B3D9B0B0 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\176cb591.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.
Error - 6/11/2009 5:43:54 PM | Computer Name = VALUED-B3D9B0B0 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\e63f598.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.
Error - 6/11/2009 5:44:42 PM | Computer Name = VALUED-B3D9B0B0 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\e63f598.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.
Error - 6/11/2009 5:50:06 PM | Computer Name = VALUED-B3D9B0B0 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\176cb591.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.
Error - 6/11/2009 5:50:16 PM | Computer Name = VALUED-B3D9B0B0 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\e63f598.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.
Error - 6/13/2009 2:51:05 PM | Computer Name = VALUED-B3D9B0B0 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/13/2009 2:52:52 PM | Computer Name = VALUED-B3D9B0B0 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/13/2009 2:53:21 PM | Computer Name = VALUED-B3D9B0B0 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 7/8/2010 9:01:31 PM | Computer Name = VALUED-B3D9B0B0 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .
Error - 7/8/2010 9:01:31 PM | Computer Name = VALUED-B3D9B0B0 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\DOCUME~1\Paul\LOCALS~1\Temp\RarSFX0\redist.dll.
Reference
error message: The operation completed successfully. .
Error - 7/8/2010 9:35:07 PM | Computer Name = VALUED-B3D9B0B0 | Source = Service Control Manager | ID = 7034
Description = The Distributed Transaction Coordinator service terminated unexpectedly.
It has done this 1 time(s).
Error - 7/9/2010 10:41:10 PM | Computer Name = VALUED-B3D9B0B0 | Source = Service Control Manager | ID = 7000
Description = The lxcz_device service failed to start due to the following error:
%%2
Error - 7/10/2010 12:08:24 AM | Computer Name = VALUED-B3D9B0B0 | Source = Service Control Manager | ID = 7000
Description = The lxcz_device service failed to start due to the following error:
%%2
Error - 7/10/2010 1:10:15 AM | Computer Name = VALUED-B3D9B0B0 | Source = Service Control Manager | ID = 7000
Description = The lxcz_device service failed to start due to the following error:
%%2
Error - 7/10/2010 3:21:50 AM | Computer Name = VALUED-B3D9B0B0 | Source = Service Control Manager | ID = 7000
Description = The lxcz_device service failed to start due to the following error:
%%2
Error - 7/10/2010 3:39:20 AM | Computer Name = VALUED-B3D9B0B0 | Source = Service Control Manager | ID = 7000
Description = The lxcz_device service failed to start due to the following error:
%%2
Error - 7/10/2010 9:40:11 AM | Computer Name = VALUED-B3D9B0B0 | Source = Service Control Manager | ID = 7000
Description = The lxcz_device service failed to start due to the following error:
%%2
Error - 7/10/2010 1:15:19 PM | Computer Name = VALUED-B3D9B0B0 | Source = Service Control Manager | ID = 7000
Description = The lxcz_device service failed to start due to the following error:
%%2
< End of report >
-
July 10th, 2010, 01:58 PM
#15
I believe that the lxcz_device may be for a printer no loger used
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
