Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kota123

Pages: [1] 2 3
1
Tech Clinic / Browsing, Downloading Issues
« on: October 27, 2009, 10:20:19 AM »
I will get the RAM upgraded and leave Avira on for the time being.  And yes, I was able to download and install Microsoft updates.

Thank you very much for all your help.

2
Tech Clinic / Browsing, Downloading Issues
« on: October 26, 2009, 11:25:49 AM »
Thank you very much for all your help and patience.  I know it was a long process, slowed further by our different time zones.

Just a couple of questions in the end.

1.  Avira takes a long time to load at startup.  Can I switch to AVG?

2.  Is ATF Cleaner as efficient as CCleaner?  I have ATF on my laptop and am more comfortable with it.

3.  I presume I can start downloading the Windows updates, which I was unable to do before.

Thank you once again.

3
Tech Clinic / Browsing, Downloading Issues
« on: October 26, 2009, 04:16:38 AM »
Sorry for the delay in replying.

Ran OTC and removed Avast.

Avira Scan Log:

Avira AntiVir Personal
Report file date: Monday, October 26, 2009  13:29

Scanning for 1822519 virus strains and unwanted programs.

Licensee        : Avira AntiVir Personal - FREE Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows XP
Windows version : (Service Pack 2)  [5.1.2600]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : AA-EC0D1346D3FA

Version information:
BUILD.DAT       : 9.0.0.407     17961 Bytes   7/29/2009 10:34:00
AVSCAN.EXE      : 9.0.3.7      466689 Bytes   7/21/2009 09:06:16
AVSCAN.DLL      : 9.0.3.0       40705 Bytes   2/27/2009 06:28:26
LUKE.DLL        : 9.0.3.2      209665 Bytes   2/20/2009 07:05:50
LUKERES.DLL     : 9.0.2.0       12033 Bytes   2/27/2009 06:28:54
ANTIVIR0.VDF    : 7.1.0.0    15603712 Bytes  10/27/2008 08:00:38
ANTIVIR1.VDF    : 7.1.4.132   5707264 Bytes   6/24/2009 04:51:44
ANTIVIR2.VDF    : 7.1.6.112   4833792 Bytes  10/15/2009 07:52:40
ANTIVIR3.VDF    : 7.1.6.146    323072 Bytes  10/25/2009 07:52:44
Engineversion   : 8.2.1.44
AEVDF.DLL       : 8.1.1.2      106867 Bytes  10/26/2009 07:53:22
AESCRIPT.DLL    : 8.1.2.40     487804 Bytes  10/26/2009 07:53:20
AESCN.DLL       : 8.1.2.5      127346 Bytes  10/26/2009 07:53:16
AERDL.DLL       : 8.1.3.2      479604 Bytes  10/26/2009 07:53:16
AEPACK.DLL      : 8.2.0.2      422263 Bytes  10/26/2009 07:53:12
AEOFFICE.DLL    : 8.1.0.38     196987 Bytes   7/23/2009 05:29:40
AEHEUR.DLL      : 8.1.0.167   2011511 Bytes  10/26/2009 07:53:08
AEHELP.DLL      : 8.1.7.0      237940 Bytes  10/26/2009 07:52:54
AEGEN.DLL       : 8.1.1.68     364918 Bytes  10/26/2009 07:52:52
AEEMU.DLL       : 8.1.1.0      393587 Bytes  10/26/2009 07:52:48
AECORE.DLL      : 8.1.8.1      184693 Bytes  10/26/2009 07:52:46
AEBB.DLL        : 8.1.0.3       53618 Bytes   10/9/2008 10:02:40
AVWINLL.DLL     : 9.0.0.3       18177 Bytes  12/12/2008 04:18:00
AVPREF.DLL      : 9.0.0.1       43777 Bytes   12/5/2008 06:02:16
AVREP.DLL       : 8.0.0.3      155905 Bytes   1/20/2009 10:04:30
AVREG.DLL       : 9.0.0.0       36609 Bytes   12/5/2008 06:02:10
AVARKT.DLL      : 9.0.0.3      292609 Bytes   3/24/2009 10:35:42
AVEVTLOG.DLL    : 9.0.0.7      167169 Bytes   1/30/2009 06:07:10
SQLITE3.DLL     : 3.6.1.0      326401 Bytes   1/28/2009 10:33:50
SMTPLIB.DLL     : 9.2.0.25      28417 Bytes    2/2/2009 03:51:34
NETNT.DLL       : 9.0.0.0       11521 Bytes   12/5/2008 06:02:12
RCIMAGE.DLL     : 9.0.0.25    2438913 Bytes   5/15/2009 11:10:00
RCTEXT.DLL      : 9.0.37.0      86785 Bytes   4/17/2009 05:49:50

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: d:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Monday, October 26, 2009  13:29

Starting search for hidden objects.
d:\windows\ï¿‹b913580.log
    [INFO]      The file is not visible.
    [WARNING]   The file could not be copied to the quarantine directory.
    [WARNING]   Error in ARK library
'28628' objects were checked, '1' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'WDFMGR.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'JQS.EXE' - '1' Module(s) have been scanned
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
25 processes with 25 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
Boot sector 'D:\'
    [INFO]      No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '52' files ).


Starting the file scan:

Begin scan in 'C:\' <NEW>
Begin scan in 'D:\' <NEW>
D:\hiberfil.sys
    [WARNING]   The file could not be opened!
    [NOTE]      This file is a Windows system file.
    [NOTE]      This file cannot be opened for scanning.
D:\pagefile.sys
    [WARNING]   The file could not be opened!
    [NOTE]      This file is a Windows system file.
    [NOTE]      This file cannot be opened for scanning.
D:\Backup of old c\My Documents\My Pictures\WrapperOuter1154.EXE
    [DETECTION] Contains recognition pattern of the DR/VirtualBouncer.J.12 dropper
D:\Backup of old c\data of c\My Documents\My Pictures\WrapperOuter1154.EXE
    [DETECTION] Contains recognition pattern of the DR/VirtualBouncer.J.12 dropper

Beginning disinfection:
D:\Backup of old c\My Documents\My Pictures\WrapperOuter1154.EXE
    [DETECTION] Contains recognition pattern of the DR/VirtualBouncer.J.12 dropper
    [NOTE]      The file was moved to '4b465f1d.qua'!
D:\Backup of old c\data of c\My Documents\My Pictures\WrapperOuter1154.EXE
    [DETECTION] Contains recognition pattern of the DR/VirtualBouncer.J.12 dropper
    [NOTE]      The file was moved to '4adf9496.qua'!


End of the scan: Monday, October 26, 2009  14:02
Used time: 32:23 Minute(s)

The scan has been done completely.

   4829 Scanned directories
 176668 Files were scanned
      2 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 files were deleted
      0 Viruses and unwanted programs were repaired
      2 Files were moved to quarantine
      0 Files were renamed
      2 Files cannot be scanned
 176664 Files not concerned
   1761 Archives were scanned
      3 Warnings
      4 Notes
  28628 Objects were scanned with rootkit scan
      1 Hidden objects were found

_______________________________________________________________

HiJack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:54 PM, on 10/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\WINDOWS\system32\CTSvcCDA.EXE
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Open in new background tab - res://D:\Program Files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui/229?bd5c537a7d664a57afed0ed06658bb63
O8 - Extra context menu item: Open in new foreground tab - res://D:\Program Files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui/230?bd5c537a7d664a57afed0ed06658bb63
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\npjpi160_16.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\npjpi160_16.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202570621154
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202570594275
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3EDBC60-91DF-486C-9929-938433EAA145}: NameServer = 218.248.255.194 218.248.255.162
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5517 bytes
______________________________________________________
Thank you.

4
Tech Clinic / Browsing, Downloading Issues
« on: October 23, 2009, 08:45:15 AM »
Following are the four links.  Also, do you have any suggestions for an anti-virus program to use?
     Thank you.








http://www.virustotal.com/analisis/f09e291...cff3-1255897055

   

   

  http://www.virustotal.com/analisis/f09e291...cff3-1255897055

   

   

  http://www.virustotal.com/analisis/751cf7a...29ab-1244508227

   

  http://www.virustotal.com/analisis/2d0acbf...505a-1243575730

5
Tech Clinic / Browsing, Downloading Issues
« on: October 23, 2009, 01:00:00 AM »
Following is the OTL Log after the Adobe Reader installation:

OTL logfile created on: 10/23/2009 11:24:03 AM - Run 2
OTL by OldTimer - Version 3.0.21.0     Folder = D:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
223.48 Mb Total Physical Memory | 47.63 Mb Available Physical Memory | 21.31% Memory free
547.08 Mb Paging File | 356.26 Mb Available in Paging File | 65.12% Paging File free
Paging file location(s): D:\pagefile.sys 336 672 [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 18.62 Gb Total Space | 15.98 Gb Free Space | 85.82% Space Free | Partition Type: FAT32
Drive D: | 18.63 Gb Total Space | 10.44 Gb Free Space | 56.03% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: AA-EC0D1346D3FA
Current User Name: user
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2009/10/22 19:20:52 | 00,521,216 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2009/10/15 03:41:36 | 02,555,120 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2009/10/15 03:41:34 | 00,040,384 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/08/25 01:45:04 | 00,908,280 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2004/10/11 11:20:30 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\wdfmgr.exe
PRC - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- D:\WINDOWS\System32\HPZipm12.exe
PRC - [2004/08/03 19:26:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Explorer.EXE
PRC - [2002/01/01 11:08:40 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2002/01/01 11:08:40 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\MsPMSPSv.exe
PRC - [1999/12/12 22:31:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\System32\CTSvcCDA.EXE
PRC - [1998/09/03 23:09:08 | 00,119,400 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\MDM.EXE
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2009/10/15 03:41:34 | 00,040,384 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2009/10/15 03:41:34 | 00,040,384 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/10/15 03:41:34 | 00,040,384 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/09/23 16:37:30 | 00,051,168 | ---- | M] (NOS Microsystems Ltd.) -- D:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper [On_Demand | Running])
SRV - [2004/10/11 11:20:30 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- D:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2004/08/04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2003/02/20 19:19:38 | 00,032,768 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2002/01/01 11:08:40 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
SRV - [1999/12/12 22:31:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\System32\CTSvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2009/10/15 03:29:22 | 00,046,544 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2009/10/15 03:29:00 | 00,149,328 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/10/15 03:25:34 | 00,023,120 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/10/15 03:25:06 | 00,100,176 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/10/15 03:24:54 | 00,019,024 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/10/15 03:24:38 | 00,027,728 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2005/12/16 11:12:48 | 00,091,263 | R--- | M] (VM) -- D:\WINDOWS\System32\Drivers\usbVM31b.sys -- (ZSMC301b [On_Demand | Stopped])
DRV - [2004/12/14 22:06:52 | 00,051,120 | R--- | M] (HP) -- D:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2004/12/14 22:06:52 | 00,021,744 | R--- | M] (HP) -- D:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2004/12/14 22:06:52 | 00,016,496 | R--- | M] (HP) -- D:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2004/08/03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2004/08/03 22:41:56 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys -- (HSF_DP [On_Demand | Stopped])
DRV - [2004/08/03 22:41:56 | 00,011,868 | ---- | M] (Conexant) -- D:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2004/08/03 22:41:50 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys -- (winachsf [On_Demand | Stopped])
DRV - [2004/08/03 22:41:48 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys -- (HSFHWBS2 [On_Demand | Stopped])
DRV - [2004/08/03 22:29:52 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- D:\WINDOWS\System32\DRIVERS\s3gnbm.sys -- (S3SavageNB [On_Demand | Stopped])
DRV - [2004/08/03 22:29:52 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- D:\WINDOWS\System32\DRIVERS\s3gnbm.sys -- (S3Psddr [On_Demand | Running])
DRV - [2004/07/17 06:06:38 | 00,027,440 | ---- | M] () -- D:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003/10/23 01:23:00 | 00,016,848 | ---- | M] (Creative Technology Ltd.) -- D:\WINDOWS\System32\DRIVERS\ctpdusb.sys -- (Jukebox3 [On_Demand | Stopped])
DRV - [2002/10/03 00:09:08 | 00,031,424 | R--- | M] (Robert Schlabbach) -- D:\WINDOWS\System32\DRIVERS\RMSPPPOE.SYS -- (RMSPPPOE [On_Demand | Running])
DRV - [2001/11/21 09:23:22 | 00,242,412 | ---- | M] (Avance Logic, Inc.) -- D:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2001/08/23 06:30:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- D:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2001/08/17 14:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
DRV - [2001/08/17 12:12:40 | 00,019,017 | ---- | M] (Realtek Semiconductor Corporation) -- D:\WINDOWS\System32\DRIVERS\RTL8029.SYS -- (rtl8029 [On_Demand | Running])
DRV - [2001/05/04 12:54:52 | 00,003,033 | ---- | M] (VIA Technologies. Inc.) -- D:\WINDOWS\System32\Drivers\VIAPFD.SYS -- (VIAPFD [System | Running])
DRV - [2000/10/25 17:57:24 | 00,003,000 | R--- | M] () -- D:\WINDOWS\system32\SetupNT.sys -- (SetupNT [Auto | Running])
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=\"#E56717\"]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
 
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: D:\Program Files\Java\jre6\lib\deploy\jqs\ff [2002/01/01 11:08:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2006/06/21 13:37:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2006/06/21 13:37:04 | 00,000,000 | ---D | M]
 
[2008/07/02 20:13:18 | 00,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\mozilla\Extensions
[2008/07/02 20:13:18 | 00,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/07/02 20:13:18 | 00,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\7boyuqg7.default\extensions
[2009/10/23 10:59:56 | 00,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\7boyuqg7.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2008/07/02 20:12:20 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions
[2008/07/02 20:12:24 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2002/01/01 11:09:32 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/25 01:45:26 | 00,023,544 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/25 01:45:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/08/30 03:17:44 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- D:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2008/01/03 18:19:06 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- D:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/08/25 01:45:28 | 00,065,016 | ---- | M] (mozilla.org) -- D:\Program Files\mozilla firefox\plugins\npnul32.dll
[2002/01/01 11:08:42 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/23 16:37:30 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- D:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/08/25 00:15:46 | 00,001,394 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/25 00:15:46 | 00,002,193 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/25 00:15:46 | 00,001,534 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/25 00:15:46 | 00,002,344 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/25 00:15:46 | 00,002,371 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/25 00:15:46 | 00,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/25 00:15:46 | 00,000,792 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo.xml
 
O1 HOSTS File: (27 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] D:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: &Windows Live Search - D:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: &Yahoo! Search - D:\Program Files\Yahoo!\Common [2002/01/01 02:37:36 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Open in new background tab - D:\Program Files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - D:\Program Files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - D:\Program Files\Yahoo!\Common [2002/01/01 02:37:36 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - D:\Program Files\Yahoo!\Common [2002/01/01 02:37:36 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - D:\Program Files\Yahoo!\Common [2002/01/01 02:37:36 | 00,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\npjpi160_16.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1202570621154 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1202570594275 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll -  File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/24 00:50:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - D:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2009/10/22 13:23:14 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/10/23 11:00:07 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NOS
[2009/10/14 22:22:24 | 00,000,000 | ---D | C] -- D:\Documents and Settings\user\Application Data\MozillaControl
[2009/10/23 11:10:52 | 00,000,000 | ---D | C] -- D:\Program Files\Common Files\Adobe AIR
[2009/10/22 13:23:14 | 00,000,000 | ---D | C] -- D:\Program Files\Alwil Software
[2009/10/23 11:00:06 | 00,000,000 | ---D | C] -- D:\Program Files\NOS
[2009/10/23 11:13:03 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2009/10/23 10:50:20 | 00,000,000 | ---D | C] -- D:\_OTL
[2009/10/23 09:58:59 | 00,000,000 | --SD | C] -- D:\ComboFix
[2009/10/22 19:20:35 | 00,521,216 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\OTL.exe
[2009/10/22 13:24:48 | 00,019,024 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/10/22 13:24:47 | 00,149,328 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2009/10/22 13:24:46 | 00,023,120 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2009/10/22 13:24:43 | 00,046,544 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2009/10/22 13:24:39 | 00,100,176 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2009/10/22 13:24:39 | 00,094,544 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2009/10/22 13:24:38 | 00,027,728 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2009/10/22 13:23:46 | 00,149,600 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\aswBoot.exe
[2009/10/22 12:59:29 | 00,000,000 | ---D | C] -- D:\WINDOWS\temp
[2009/10/18 14:09:36 | 00,000,000 | -HSD | C] -- D:\Recycled
[2009/10/14 19:54:06 | 00,000,000 | ---D | C] -- D:\WINDOWS\ERDNT
[1998/12/08 18:53:54 | 00,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- D:\Program Files\Common Files\IRAREG.DLL
[1998/12/08 18:53:54 | 00,099,840 | ---- | C] (Symantec Corp.) -- D:\Program Files\Common Files\IRAABOUT.DLL
[1998/12/08 18:53:54 | 00,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- D:\Program Files\Common Files\IRAMDMTR.DLL
[1998/12/08 18:53:54 | 00,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- D:\Program Files\Common Files\IRALPTTR.DLL
[1998/12/08 18:53:54 | 00,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- D:\Program Files\Common Files\IRAWEBTR.DLL
[1998/12/08 18:53:54 | 00,017,920 | ---- | C] (Symantec Corp.) -- D:\Program Files\Common Files\IRASRIAL.DLL
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[2009/10/23 11:22:02 | 00,000,641 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2009/10/23 11:18:30 | 00,001,636 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/23 11:09:56 | 00,000,256 | ---- | M] () -- D:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/10/23 10:52:52 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2009/10/23 10:52:24 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2009/10/23 10:52:22 | 23,440,9984 | -HS- | M] () -- D:\hiberfil.sys
[2009/10/23 10:52:20 | 00,000,196 | ---- | M] () -- D:\WINDOWS\System32\drivers\ALCICH.DAT
[2009/10/22 19:20:52 | 00,521,216 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\OTL.exe
[2009/10/22 18:27:54 | 00,001,161 | ---- | M] () -- D:\WINDOWS\win.ini
[2009/10/22 18:27:54 | 00,000,227 | ---- | M] () -- D:\WINDOWS\system.ini
[2009/10/22 15:06:54 | 04,668,928 | ---- | M] () -- D:\Documents and Settings\user\Desktop\911AerialPhotos.pps
[2009/10/22 13:24:52 | 00,001,607 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2009/10/22 13:24:42 | 00,002,626 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT
[2009/10/21 14:44:04 | 00,666,658 | ---- | M] () -- D:\Documents and Settings\user\Desktop\drbr.zip
[2009/10/21 12:57:30 | 00,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2009/10/15 03:41:22 | 00,149,600 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\aswBoot.exe
[2009/10/15 03:29:22 | 00,046,544 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2009/10/15 03:29:00 | 00,149,328 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2009/10/15 03:25:34 | 00,023,120 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2009/10/15 03:25:06 | 00,100,176 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2009/10/15 03:25:02 | 00,094,544 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2009/10/15 03:24:54 | 00,019,024 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/10/15 03:24:38 | 00,027,728 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
 
[color=\"#E56717\"]========== Files - No Company Name ==========[/color]
[2009/10/23 11:22:01 | 00,000,641 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2009/10/23 11:18:28 | 00,001,636 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/22 15:05:31 | 04,668,928 | ---- | C] () -- D:\Documents and Settings\user\Desktop\911AerialPhotos.pps
[2009/10/22 13:24:50 | 00,001,607 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2009/10/21 14:43:52 | 00,666,658 | ---- | C] () -- D:\Documents and Settings\user\Desktop\drbr.zip
[2007/08/09 14:42:45 | 00,000,261 | ---- | C] () -- D:\WINDOWS\WPE PRO.INI
[2006/08/25 20:37:29 | 00,024,576 | R--- | C] () -- D:\WINDOWS\System32\RunSetup.dll
[2006/08/10 16:51:07 | 00,005,222 | ---- | C] () -- D:\Documents and Settings\user\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/08/10 16:51:07 | 00,000,206 | ---- | C] () -- D:\WINDOWS\HPGdiPlus.ini
[2005/11/23 15:51:52 | 00,000,127 | ---- | C] () -- D:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2005/11/23 15:27:21 | 00,000,820 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/10/24 21:51:23 | 00,271,264 | ---- | C] () -- D:\WINDOWS\VBRUN100.DLL
[2005/10/24 21:46:59 | 00,134,464 | ---- | C] () -- D:\WINDOWS\GLCV20DR.DLL
[2005/10/24 21:46:54 | 00,011,616 | ---- | C] () -- D:\WINDOWS\GLFS20DR.DLL
[2005/10/24 21:43:55 | 00,000,235 | ---- | C] () -- D:\WINDOWS\QTW.INI
[2005/10/24 21:42:43 | 00,000,110 | ---- | C] () -- D:\WINDOWS\KPCMS.INI
[2005/10/24 21:41:58 | 00,000,036 | ---- | C] () -- D:\WINDOWS\progman.ini
[2005/10/24 21:41:54 | 00,000,715 | ---- | C] () -- D:\WINDOWS\CARDSHOP.INI
[2005/10/24 21:38:05 | 00,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2005/10/24 21:38:05 | 00,000,063 | ---- | C] () -- D:\WINDOWS\mdm.ini
[2005/10/24 20:10:17 | 00,000,164 | ---- | C] () -- D:\WINDOWS\avrack.ini
[2005/10/24 20:00:42 | 04,839,974 | -H-- | C] () -- D:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2005/10/24 20:00:15 | 00,003,000 | R--- | C] () -- D:\WINDOWS\System32\SetupNT.sys
[2005/10/24 19:59:18 | 00,036,648 | ---- | C] () -- D:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/10/24 19:57:11 | 00,000,062 | -HS- | C] () -- D:\Documents and Settings\user\Application Data\desktop.ini
[2005/10/24 19:24:09 | 00,000,062 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/03 19:26:44 | 00,081,920 | ---- | C] () -- D:\WINDOWS\System32\ieencode.dll
[2004/07/17 06:06:38 | 00,027,440 | ---- | C] () -- D:\WINDOWS\System32\drivers\secdrv.sys
[2002/01/27 16:22:53 | 00,017,408 | ---- | C] () -- D:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/01/18 19:20:56 | 00,000,000 | ---- | C] () -- D:\WINDOWS\NSREX.INI
[2002/01/06 03:19:03 | 00,043,520 | ---- | C] () -- D:\WINDOWS\System32\CmdLineExt03.dll
[2002/01/01 18:16:56 | 00,028,672 | ---- | C] () -- D:\WINDOWS\System32\PdeSrvps.dll
[2002/01/01 09:24:02 | 00,000,008 | ---- | C] () -- D:\WINDOWS\System32\CtSACKey.sys
[2002/01/01 02:08:12 | 00,000,959 | ---- | C] () -- D:\WINDOWS\EntPack.ini
[2002/01/01 00:17:59 | 00,000,097 | ---- | C] () -- D:\WINDOWS\VPPLAYS.INI
[2001/08/23 06:30:00 | 00,001,161 | ---- | C] () -- D:\WINDOWS\win.ini
[2001/08/23 06:30:00 | 00,000,227 | ---- | C] () -- D:\WINDOWS\system.ini
[1999/01/22 10:46:58 | 00,065,536 | ---- | C] () -- D:\WINDOWS\System32\MSRTEDIT.DLL
< End of report >
________________________________________________--

Thank you.

6
Tech Clinic / Browsing, Downloading Issues
« on: October 23, 2009, 12:27:47 AM »
Following is the OTL Log on start up.  I will post the fresh OTL log after installing Adobe.

All processes killed
========== OTL ==========
Service\Driver McAfeeFramework stopped successfully.
Service\Driver McAfeeFramework deleted successfully.
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
D:\Documents and Settings\user\Desktop\TFC.exe moved successfully.
D:\Documents and Settings\user\Desktop\drweb-cureit.exe moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Documents and Settings\USER\Local Settings\TEMP\7zS2F.tmp\SymNRT.exe deleted successfully.
========== FILES ==========
D:\Documents and Settings\user\Desktop\MCPR.exe moved successfully.
D:\Documents and Settings\user\Desktop\Norton_Removal_Tool.exe moved successfully.
D:\Documents and Settings\user\Desktop\setup_av_free.exe moved successfully.
D:\Documents and Settings\user\Desktop\reset.bat moved successfully.
D:\Documents and Settings\user\Desktop\Win32kDiag(2).exe moved successfully.
D:\WINDOWS\System32\asr_zdpwt moved successfully.
D:\WINDOWS\System32\asr_lboha moved successfully.
D:\Documents and Settings\user\Desktop\fix.reg moved successfully.
D:\WINDOWS\System32\asr_chyud moved successfully.
D:\WINDOWS\System32\asr_ebsre moved successfully.
D:\WINDOWS\System32\asr_fbjgq moved successfully.
D:\WINDOWS\System32\asr_ymjfn moved successfully.
D:\WINDOWS\System32\asr_jqrko moved successfully.
D:\Documents and Settings\user\Desktop\Win32kDiag.exe moved successfully.
D:\WINDOWS\System32\asr_kirhx moved successfully.
D:\WINDOWS\System32\asr_ccsan moved successfully.
D:\WINDOWS\System32\asr_ebxke moved successfully.
D:\WINDOWS\System32\asr_bgann moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes
 
User: user
->Temp folder emptied: 19871202 bytes
File delete failed. D:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 830649 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 89878793 bytes
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. D:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. D:\WINDOWS\temp\Perflib_Perfdata_6f0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 49389395 bytes
 
Total Files Cleaned = 152.61 mb
 
 
OTL by OldTimer - Version 3.0.21.0 log created on 10232009_105020

Files\Folders moved on Reboot...
File\Folder D:\WINDOWS\temp\_avast5_\Webshlock.txt not found!
File\Folder D:\WINDOWS\temp\Perflib_Perfdata_6f0.dat not found!

Registry entries deleted on Reboot...
___________________________________________

Thank you.

7
Tech Clinic / Browsing, Downloading Issues
« on: October 22, 2009, 09:03:51 AM »
To begin, the computer is running much better now.  The "Generic Host Process......." window has not popped up and the internet connection is fine.

I was able to run the Norton Removal tool.

I could not find McAfee VirusScan Enterprise in the Add/Remove Programs, but when I tried to run MCPR.exe, I got a message saying "McAfee Enterprise software detected. annot continue.  Please contact McAfee....."

Finally, I downloaded OTL.exe and clicked "Run Scan".  Following are the two Logs it created:

OTL Extras logfile created on: 10/22/2009 7:21:59 PM - Run 1
OTL by OldTimer - Version 3.0.21.0     Folder = D:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
223.48 Mb Total Physical Memory | 113.43 Mb Available Physical Memory | 50.76% Memory free
547.08 Mb Paging File | 435.42 Mb Available in Paging File | 79.59% Paging File free
Paging file location(s): D:\pagefile.sys 336 672 [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 18.62 Gb Total Space | 15.96 Gb Free Space | 85.71% Space Free | Partition Type: FAT32
Drive D: | 18.63 Gb Total Space | 9.83 Gb Free Space | 52.77% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: AA-EC0D1346D3FA
Current User Name: user
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- D:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- D:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=\"#E56717\"]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "D:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "D:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "D:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "D:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "D:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
 
[color=\"#E56717\"]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[color=\"#E56717\"]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Documents and Settings\USER\Local Settings\TEMP\7zS2F.tmp\SymNRT.exe" = D:\Documents and Settings\USER\Local Settings\TEMP\7zS2F.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- (Symantec Corporation)
 
 
[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0FF18B53-CA57-40BB-B562-21A27B662005}" = 1600
"{1306C737-0AF4-46C7-B282-64E099304712}" = Smart Menus (Windows Live Toolbar)
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{1A2948E0-9445-42BE-9D01-472952F2657F}" = Autodesk Design Review
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(tm) 6 Update 16
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{328420FA-7638-4AB1-81DF-E0FECEFF24E3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{66F324A1-BDC0-11D7-9E5C-00D0B76A8705}" = Creative NOMAD Jukebox Zen Xtra
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB449D5A-7710-47aa-B9F5-352B877C90E6}" = 1600_Help
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3F28364-8B10-45F1-8C2D-0037F4538BBB}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}" = Creative Zen Vision M
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio
"{F4C6CC40-1142-49be-A28C-7BBD36F0B41A}" = 1600Trb
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Avance AC'97 Audio
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FDB226E3-D55D-4922-894F-20CE4646077D}" = Tabbed Browsing (Windows Live Toolbar)
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"avast5" = avast! Free Antivirus
"Creative Jukebox Driver" = Creative Jukebox Driver
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"F-22 Raptor Demo" = F-22 Raptor Demo
"GoogleVideoPlayer" = Google Video Player
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"LimeWire" = LimeWire PRO 4.12.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSNINST" = MSN
"QuickTime" = QuickTime
"QuickTime32" = QuickTime for Windows (32-bit)
"Skype_is1" = Skype 2.5
"SysInfo" = Creative System Information
"VLC media player" = VideoLAN VLC media player 0.8.5
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinZip" = WinZip
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool
"YInstHelper" = Yahoo! Install Manager
 
[color=\"#E56717\"]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent 6.0
"BitTorrent DNA" = BitTorrent DNA
 
[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 10/21/2009 4:51:16 AM | Computer Name = AA-EC0D1346D3FA | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module svchost.exe, version 5.1.2600.2180, fault address 0x00001361.
 
Error - 10/21/2009 5:29:34 AM | Computer Name = AA-EC0D1346D3FA | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001f1cb0.
 
Error - 10/22/2009 3:12:26 AM | Computer Name = AA-EC0D1346D3FA | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module netapi32.dll, version 5.1.2600.2976, fault address 0x00018809.
 
Error - 10/22/2009 9:31:31 AM | Computer Name = AA-EC0D1346D3FA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 10/22/2009 9:31:31 AM | Computer Name = AA-EC0D1346D3FA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
[ System Events ]
Error - 10/21/2009 4:24:32 AM | Computer Name = AA-EC0D1346D3FA | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
 again in 15  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 10/21/2009 4:24:32 AM | Computer Name = AA-EC0D1346D3FA | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 14 minutes.  NtpClient has no source of accurate
 time.
 
Error - 10/21/2009 4:24:33 AM | Computer Name = AA-EC0D1346D3FA | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
 again in 15  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 10/21/2009 4:24:33 AM | Computer Name = AA-EC0D1346D3FA | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 14 minutes.  NtpClient has no source of accurate
 time.
 
Error - 10/21/2009 4:24:33 AM | Computer Name = AA-EC0D1346D3FA | Source = Service Control Manager | ID = 7000
Description = The PfModNT service failed to start due to the following error:   %%2
 
Error - 10/21/2009 4:24:33 AM | Computer Name = AA-EC0D1346D3FA | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
   %%126
 
Error - 10/21/2009 4:26:10 AM | Computer Name = AA-EC0D1346D3FA | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
 again in 15  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 10/21/2009 4:26:10 AM | Computer Name = AA-EC0D1346D3FA | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 14 minutes.  NtpClient has no source of accurate
 time.
 
 
< End of report >
___________________________________________________

OTL logfile created on: 10/22/2009 7:21:59 PM - Run 1
OTL by OldTimer - Version 3.0.21.0     Folder = D:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
223.48 Mb Total Physical Memory | 113.43 Mb Available Physical Memory | 50.76% Memory free
547.08 Mb Paging File | 435.42 Mb Available in Paging File | 79.59% Paging File free
Paging file location(s): D:\pagefile.sys 336 672 [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 18.62 Gb Total Space | 15.96 Gb Free Space | 85.71% Space Free | Partition Type: FAT32
Drive D: | 18.63 Gb Total Space | 9.83 Gb Free Space | 52.77% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: AA-EC0D1346D3FA
Current User Name: user
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2009/10/22 19:20:52 | 00,521,216 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2009/10/15 03:41:36 | 02,555,120 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2009/10/15 03:41:34 | 00,040,384 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2004/10/11 11:20:30 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\wdfmgr.exe
PRC - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- D:\WINDOWS\System32\HPZipm12.exe
PRC - [2004/08/03 19:26:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Explorer.EXE
PRC - [2002/01/01 11:08:40 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\MsPMSPSv.exe
PRC - [1999/12/12 22:31:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\System32\CTSvcCDA.EXE
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2009/10/15 03:41:34 | 00,040,384 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2009/10/15 03:41:34 | 00,040,384 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/10/15 03:41:34 | 00,040,384 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus [Auto | Running])
SRV - [2004/10/11 11:20:30 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- D:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2004/08/06 03:50:00 | 00,102,463 | ---- | M] (Network Associates, Inc.) -- D:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Stopped])
SRV - [2004/08/04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2003/02/20 19:19:38 | 00,032,768 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2002/01/01 11:08:40 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
SRV - [1999/12/12 22:31:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\System32\CTSvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2009/10/15 03:29:22 | 00,046,544 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2009/10/15 03:29:00 | 00,149,328 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/10/15 03:25:34 | 00,023,120 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/10/15 03:25:06 | 00,100,176 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/10/15 03:24:54 | 00,019,024 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/10/15 03:24:38 | 00,027,728 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2005/12/16 11:12:48 | 00,091,263 | R--- | M] (VM) -- D:\WINDOWS\System32\Drivers\usbVM31b.sys -- (ZSMC301b [On_Demand | Stopped])
DRV - [2004/12/14 22:06:52 | 00,051,120 | R--- | M] (HP) -- D:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2004/12/14 22:06:52 | 00,021,744 | R--- | M] (HP) -- D:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2004/12/14 22:06:52 | 00,016,496 | R--- | M] (HP) -- D:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2004/08/03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2004/08/03 22:41:56 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys -- (HSF_DP [On_Demand | Stopped])
DRV - [2004/08/03 22:41:56 | 00,011,868 | ---- | M] (Conexant) -- D:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2004/08/03 22:41:50 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys -- (winachsf [On_Demand | Stopped])
DRV - [2004/08/03 22:41:48 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- D:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys -- (HSFHWBS2 [On_Demand | Stopped])
DRV - [2004/08/03 22:29:52 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- D:\WINDOWS\System32\DRIVERS\s3gnbm.sys -- (S3SavageNB [On_Demand | Stopped])
DRV - [2004/08/03 22:29:52 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- D:\WINDOWS\System32\DRIVERS\s3gnbm.sys -- (S3Psddr [On_Demand | Running])
DRV - [2004/07/17 06:06:38 | 00,027,440 | ---- | M] () -- D:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003/10/23 01:23:00 | 00,016,848 | ---- | M] (Creative Technology Ltd.) -- D:\WINDOWS\System32\DRIVERS\ctpdusb.sys -- (Jukebox3 [On_Demand | Stopped])
DRV - [2002/10/03 00:09:08 | 00,031,424 | R--- | M] (Robert Schlabbach) -- D:\WINDOWS\System32\DRIVERS\RMSPPPOE.SYS -- (RMSPPPOE [On_Demand | Running])
DRV - [2001/11/21 09:23:22 | 00,242,412 | ---- | M] (Avance Logic, Inc.) -- D:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2001/08/23 06:30:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- D:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2001/08/17 14:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
DRV - [2001/08/17 12:12:40 | 00,019,017 | ---- | M] (Realtek Semiconductor Corporation) -- D:\WINDOWS\System32\DRIVERS\RTL8029.SYS -- (rtl8029 [On_Demand | Running])
DRV - [2001/05/04 12:54:52 | 00,003,033 | ---- | M] (VIA Technologies. Inc.) -- D:\WINDOWS\System32\Drivers\VIAPFD.SYS -- (VIAPFD [System | Running])
DRV - [2000/10/25 17:57:24 | 00,003,000 | R--- | M] () -- D:\WINDOWS\system32\SetupNT.sys -- (SetupNT [Auto | Running])
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=\"#E56717\"]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
 
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: D:\Program Files\Java\jre6\lib\deploy\jqs\ff [2002/01/01 11:08:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2006/06/21 13:37:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2006/06/21 13:37:04 | 00,000,000 | ---D | M]
 
[2008/07/02 20:13:18 | 00,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\mozilla\Extensions
[2008/07/02 20:13:18 | 00,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/07/02 20:13:18 | 00,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\7boyuqg7.default\extensions
[2008/07/02 20:12:20 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions
[2008/07/02 20:12:24 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2002/01/01 11:09:32 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/25 01:45:26 | 00,023,544 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/25 01:45:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2007/09/19 15:04:20 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/08/30 03:17:44 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- D:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/01/03 18:19:06 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- D:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/08/25 01:45:28 | 00,065,016 | ---- | M] (mozilla.org) -- D:\Program Files\mozilla firefox\plugins\npnul32.dll
[2002/01/01 11:08:42 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/25 00:15:46 | 00,001,394 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/25 00:15:46 | 00,002,193 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/25 00:15:46 | 00,001,534 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/25 00:15:46 | 00,002,344 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/25 00:15:46 | 00,002,371 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/25 00:15:46 | 00,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/25 00:15:46 | 00,000,792 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo.xml
 
O1 HOSTS File: (27 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] D:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - D:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: &Yahoo! Search - D:\Program Files\Yahoo!\Common [2002/01/01 02:37:36 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Open in new background tab - D:\Program Files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - D:\Program Files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - D:\Program Files\Yahoo!\Common [2002/01/01 02:37:36 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - D:\Program Files\Yahoo!\Common [2002/01/01 02:37:36 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - D:\Program Files\Yahoo!\Common [2002/01/01 02:37:36 | 00,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1202570621154 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1202570594275 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll -  File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/24 00:50:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - D:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2009/10/22 13:23:14 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/10/14 22:22:24 | 00,000,000 | ---D | C] -- D:\Documents and Settings\user\Application Data\MozillaControl
[2009/10/22 13:23:14 | 00,000,000 | ---D | C] -- D:\Program Files\Alwil Software
[2009/10/22 19:20:35 | 00,521,216 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\OTL.exe
[2009/10/22 18:58:55 | 00,793,200 | ---- | C] (Symantec Corporation) -- D:\Documents and Settings\user\Desktop\Norton_Removal_Tool.exe
[2009/10/22 13:24:48 | 00,019,024 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/10/22 13:24:47 | 00,149,328 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2009/10/22 13:24:46 | 00,023,120 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2009/10/22 13:24:43 | 00,046,544 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2009/10/22 13:24:39 | 00,100,176 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2009/10/22 13:24:39 | 00,094,544 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2009/10/22 13:24:38 | 00,027,728 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2009/10/22 13:23:46 | 00,149,600 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\aswBoot.exe
[2009/10/22 12:59:29 | 00,000,000 | ---D | C] -- D:\WINDOWS\temp
[2009/10/19 13:20:37 | 00,271,872 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\TFC.exe
[2009/10/18 14:09:36 | 00,000,000 | ---D | C] -- D:\Recycled
[2009/10/16 13:28:26 | 17,909,056 | ---- | C] (Doctor Web, Ltd.) -- D:\Documents and Settings\user\Desktop\drweb-cureit.exe
[2009/10/14 19:54:15 | 00,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe
[2009/10/14 19:54:15 | 00,161,792 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe
[2009/10/14 19:54:15 | 00,136,704 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe
[2009/10/14 19:54:15 | 00,031,232 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe
[2009/10/14 19:54:06 | 00,000,000 | ---D | C] -- D:\WINDOWS\ERDNT
[2009/10/14 19:53:26 | 00,000,000 | ---D | C] -- D:\Qoobox
[1998/12/08 18:53:54 | 00,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- D:\Program Files\Common Files\IRAREG.DLL
[1998/12/08 18:53:54 | 00,099,840 | ---- | C] (Symantec Corp.) -- D:\Program Files\Common Files\IRAABOUT.DLL
[1998/12/08 18:53:54 | 00,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- D:\Program Files\Common Files\IRAMDMTR.DLL
[1998/12/08 18:53:54 | 00,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- D:\Program Files\Common Files\IRALPTTR.DLL
[1998/12/08 18:53:54 | 00,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- D:\Program Files\Common Files\IRAWEBTR.DLL
[1998/12/08 18:53:54 | 00,017,920 | ---- | C] (Symantec Corp.) -- D:\Program Files\Common Files\IRASRIAL.DLL
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[2009/10/22 19:20:52 | 00,521,216 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\OTL.exe
[2009/10/22 19:13:46 | 00,608,344 | ---- | M] () -- D:\Documents and Settings\user\Desktop\MCPR.exe
[2009/10/22 19:09:36 | 00,000,256 | ---- | M] () -- D:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/10/22 19:07:52 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2009/10/22 19:07:40 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2009/10/22 19:07:38 | 23,440,9984 | -HS- | M] () -- D:\hiberfil.sys
[2009/10/22 19:07:36 | 00,000,196 | ---- | M] () -- D:\WINDOWS\System32\drivers\ALCICH.DAT
[2009/10/22 18:59:08 | 00,793,200 | ---- | M] (Symantec Corporation) -- D:\Documents and Settings\user\Desktop\Norton_Removal_Tool.exe
[2009/10/22 18:27:54 | 00,001,161 | ---- | M] () -- D:\WINDOWS\win.ini
[2009/10/22 18:27:54 | 00,000,227 | ---- | M] () -- D:\WINDOWS\system.ini
[2009/10/22 15:06:54 | 04,668,928 | ---- | M] () -- D:\Documents and Settings\user\Desktop\911AerialPhotos.pps
[2009/10/22 13:24:52 | 00,001,607 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2009/10/22 13:24:42 | 00,002,626 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT
[2009/10/22 13:07:14 | 00,000,000 | ---- | M] () -- D:\Documents and Settings\user\Desktop\setup_av_free.exe
[2009/10/22 12:47:32 | 00,000,020 | ---- | M] () -- D:\Documents and Settings\user\Desktop\reset.bat
[2009/10/21 14:44:04 | 00,666,658 | ---- | M] () -- D:\Documents and Settings\user\Desktop\drbr.zip
[2009/10/21 13:59:18 | 03,351,153 | R--- | M] () -- D:\Documents and Settings\user\Desktop\ComboFix.exe
[2009/10/21 13:06:22 | 00,047,104 | ---- | M] () -- D:\Documents and Settings\user\Desktop\Win32kDiag(2).exe
[2009/10/21 12:57:30 | 00,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2009/10/19 21:36:14 | 00,000,081 | ---- | M] () -- D:\WINDOWS\System32\asr_zdpwt
[2009/10/19 20:01:38 | 00,000,081 | ---- | M] () -- D:\WINDOWS\System32\asr_lboha
[2009/10/19 13:20:38 | 00,271,872 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\TFC.exe
[2009/10/19 12:59:46 | 00,000,138 | ---- | M] () -- D:\Documents and Settings\user\Desktop\fix.reg
[2009/10/19 12:58:24 | 00,000,081 | ---- | M] () -- D:\WINDOWS\System32\asr_chyud
[2009/10/18 13:55:52 | 00,000,081 | ---- | M] () -- D:\WINDOWS\System32\asr_ebsre
[2009/10/18 13:55:32 | 00,000,081 | ---- | M] () -- D:\WINDOWS\System32\asr_fbjgq
[2009/10/18 13:49:42 | 00,000,081 | ---- | M] () -- D:\WINDOWS\System32\asr_ymjfn
[2009/10/18 13:30:20 | 00,000,081 | ---- | M] () -- D:\WINDOWS\System32\asr_jqrko
[2009/10/17 00:25:00 | 00,047,104 | ---- | M] () -- D:\Documents and Settings\user\Desktop\Win32kDiag.exe
[2009/10/16 13:33:00 | 17,909,056 | ---- | M] (Doctor Web, Ltd.) -- D:\Documents and Settings\user\Desktop\drweb-cureit.exe
[2009/10/15 10:33:14 | 00,000,081 | ---- | M] () -- D:\WINDOWS\System32\asr_kirhx
[2009/10/15 03:41:22 | 00,149,600 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\aswBoot.exe
[2009/10/15 03:29:22 | 00,046,544 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2009/10/15 03:29:00 | 00,149,328 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2009/10/15 03:25:34 | 00,023,120 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2009/10/15 03:25:06 | 00,100,176 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2009/10/15 03:25:02 | 00,094,544 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2009/10/15 03:24:54 | 00,019,024 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/10/15 03:24:38 | 00,027,728 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2009/10/14 22:21:44 | 00,000,081 | ---- | M] () -- D:\WINDOWS\System32\asr_ccsan
[2009/10/14 20:48:26 | 00,000,081 | ---- | M] () -- D:\WINDOWS\System32\asr_ebxke
[2009/10/14 20:44:20 | 00,000,081 | ---- | M] () -- D:\WINDOWS\System32\asr_bgann
[2009/10/11 08:10:10 | 00,236,544 | ---- | M] () -- D:\WINDOWS\PEV.exe
 
[color=\"#E56717\"]========== Files - No Company Name ==========[/color]
[2009/10/22 19:13:39 | 00,608,344 | ---- | C] () -- D:\Documents and Settings\user\Desktop\MCPR.exe
[2009/10/22 15:05:31 | 04,668,928 | ---- | C] () -- D:\Documents and Settings\user\Desktop\911AerialPhotos.pps
[2009/10/22 13:24:50 | 00,001,607 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2009/10/22 13:07:13 | 00,000,000 | ---- | C] () -- D:\Documents and Settings\user\Desktop\setup_av_free.exe
[2009/10/22 12:47:30 | 00,000,020 | ---- | C] () -- D:\Documents and Settings\user\Desktop\reset.bat
[2009/10/21 14:43:52 | 00,666,658 | ---- | C] () -- D:\Documents and Settings\user\Desktop\drbr.zip
[2009/10/21 13:59:00 | 03,351,153 | R--- | C] () -- D:\Documents and Settings\user\Desktop\ComboFix.exe
[2009/10/21 13:06:25 | 00,047,104 | ---- | C] () -- D:\Documents and Settings\user\Desktop\Win32kDiag(2).exe
[2009/10/19 21:36:13 | 00,000,081 | ---- | C] () -- D:\WINDOWS\System32\asr_zdpwt
[2009/10/19 20:01:37 | 00,000,081 | ---- | C] () -- D:\WINDOWS\System32\asr_lboha
[2009/10/19 12:59:44 | 00,000,138 | ---- | C] () -- D:\Documents and Settings\user\Desktop\fix.reg
[2009/10/19 12:58:23 | 00,000,081 | ---- | C] () -- D:\WINDOWS\System32\asr_chyud
[2009/10/18 13:55:51 | 00,000,081 | ---- | C] () -- D:\WINDOWS\System32\asr_ebsre
[2009/10/18 13:55:31 | 00,000,081 | ---- | C] () -- D:\WINDOWS\System32\asr_fbjgq
[2009/10/18 13:49:40 | 00,000,081 | ---- | C] () -- D:\WINDOWS\System32\asr_ymjfn
[2009/10/18 13:30:19 | 00,000,081 | ---- | C] () -- D:\WINDOWS\System32\asr_jqrko
[2009/10/17 00:25:03 | 00,047,104 | ---- | C] () -- D:\Documents and Settings\user\Desktop\Win32kDiag.exe
[2009/10/15 10:33:12 | 00,000,081 | ---- | C] () -- D:\WINDOWS\System32\asr_kirhx
[2009/10/14 22:21:43 | 00,000,081 | ---- | C] () -- D:\WINDOWS\System32\asr_ccsan
[2009/10/14 20:48:24 | 00,000,081 | ---- | C] () -- D:\WINDOWS\System32\asr_ebxke
[2009/10/14 20:44:18 | 00,000,081 | ---- | C] () -- D:\WINDOWS\System32\asr_bgann
[2009/10/14 19:54:15 | 00,236,544 | ---- | C] () -- D:\WINDOWS\PEV.exe
[2009/10/14 19:54:15 | 00,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe
[2009/10/14 19:54:15 | 00,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe
[2009/10/14 19:54:15 | 00,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe
[2007/08/09 14:42:45 | 00,000,261 | ---- | C] () -- D:\WINDOWS\WPE PRO.INI
[2006/08/25 20:37:29 | 00,024,576 | R--- | C] () -- D:\WINDOWS\System32\RunSetup.dll
[2006/08/10 16:51:07 | 00,005,222 | ---- | C] () -- D:\Documents and Settings\user\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/08/10 16:51:07 | 00,000,206 | ---- | C] () -- D:\WINDOWS\HPGdiPlus.ini
[2005/11/23 15:51:52 | 00,000,127 | ---- | C] () -- D:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2005/11/23 15:27:21 | 00,000,820 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/10/24 21:51:23 | 00,271,264 | ---- | C] () -- D:\WINDOWS\VBRUN100.DLL
[2005/10/24 21:46:59 | 00,134,464 | ---- | C] () -- D:\WINDOWS\GLCV20DR.DLL
[2005/10/24 21:46:54 | 00,011,616 | ---- | C] () -- D:\WINDOWS\GLFS20DR.DLL
[2005/10/24 21:43:55 | 00,000,235 | ---- | C] () -- D:\WINDOWS\QTW.INI
[2005/10/24 21:42:43 | 00,000,110 | ---- | C] () -- D:\WINDOWS\KPCMS.INI
[2005/10/24 21:41:58 | 00,000,036 | ---- | C] () -- D:\WINDOWS\progman.ini
[2005/10/24 21:41:54 | 00,000,715 | ---- | C] () -- D:\WINDOWS\CARDSHOP.INI
[2005/10/24 21:38:05 | 00,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2005/10/24 21:38:05 | 00,000,063 | ---- | C] () -- D:\WINDOWS\mdm.ini
[2005/10/24 20:10:17 | 00,000,164 | ---- | C] () -- D:\WINDOWS\avrack.ini
[2005/10/24 20:00:42 | 04,839,974 | -H-- | C] () -- D:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2005/10/24 20:00:15 | 00,003,000 | R--- | C] () -- D:\WINDOWS\System32\SetupNT.sys
[2005/10/24 19:59:18 | 00,036,648 | ---- | C] () -- D:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/10/24 19:57:11 | 00,000,062 | -HS- | C] () -- D:\Documents and Settings\user\Application Data\desktop.ini
[2005/10/24 19:24:09 | 00,000,062 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/03 19:26:44 | 00,081,920 | ---- | C] () -- D:\WINDOWS\System32\ieencode.dll
[2004/07/17 06:06:38 | 00,027,440 | ---- | C] () -- D:\WINDOWS\System32\drivers\secdrv.sys
[2002/01/27 16:22:53 | 00,017,408 | ---- | C] () -- D:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/01/18 19:20:56 | 00,000,000 | ---- | C] () -- D:\WINDOWS\NSREX.INI
[2002/01/06 03:19:03 | 00,043,520 | ---- | C] () -- D:\WINDOWS\System32\CmdLineExt03.dll
[2002/01/01 18:16:56 | 00,028,672 | ---- | C] () -- D:\WINDOWS\System32\PdeSrvps.dll
[2002/01/01 09:24:02 | 00,000,008 | ---- | C] () -- D:\WINDOWS\System32\CtSACKey.sys
[2002/01/01 02:08:12 | 00,000,959 | ---- | C] () -- D:\WINDOWS\EntPack.ini
[2002/01/01 00:17:59 | 00,000,097 | ---- | C] () -- D:\WINDOWS\VPPLAYS.INI
[2001/08/23 06:30:00 | 00,001,161 | ---- | C] () -- D:\WINDOWS\win.ini
[2001/08/23 06:30:00 | 00,000,227 | ---- | C] () -- D:\WINDOWS\system.ini
[1999/01/22 10:46:58 | 00,065,536 | ---- | C] () -- D:\WINDOWS\System32\MSRTEDIT.DLL
< End of report >
__________________________________________________________-
Thank you.

8
Tech Clinic / Browsing, Downloading Issues
« on: October 22, 2009, 04:07:42 AM »
Downloaded and ran Avast.  Had to Ignore one item as it could not be repaired, moved to chest or deleted.  The rest I was able to Move to Chest.

Avast Log:

10/22/2009 13:30
Scan of all local drives

File C:\WINDOWS\SYSTEM\RASPPPOE.EXE is infected by Win32:Trojan-gen, Moved to chest
File C:\System Volume Information\_restore{B6D9DB89-3E45-45EF-BC98-EBD679773278}\RP11\A0016403.EXE is infected by Win32:Trojan-gen, Moved to chest
File D:\WINDOWS\system32\RASPPPOE.EXE is infected by Win32:Trojan-gen, Moved to chest
File D:\Program Files\Microsoft Office\Office\OUTLOOK.EXE is infected by Win32:Spyware-gen [Spy], Moved to chest
File D:\Program Files\HP\Digital Imaging\bin\hpqirs08.exe is infected by Win32:Spyware-gen [Spy], Moved to chest
File D:\System Volume Information\_restore{B6D9DB89-3E45-45EF-BC98-EBD679773278}\RP6\A0006147.msi|>Cabs.w1.cab|>csscan.exe is infected by Win32:Spyware-gen [Spy], Move to chest: Error 0xC0000002 {Not Implemented}, Delete: Error 42111 {The operation is not supported for this type of archive.}, Repair: Error 42060 {The file was not repaired.}
File D:\System Volume Information\_restore{B6D9DB89-3E45-45EF-BC98-EBD679773278}\RP6\A0006211.rbf is infected by Win32:Spyware-gen [Spy], Moved to chest
File D:\System Volume Information\_restore{B6D9DB89-3E45-45EF-BC98-EBD679773278}\RP11\A0016404.EXE is infected by Win32:Trojan-gen, Moved to chest
File D:\System Volume Information\_restore{B6D9DB89-3E45-45EF-BC98-EBD679773278}\RP11\A0016405.EXE is infected by Win32:Spyware-gen [Spy], Moved to chest
File D:\System Volume Information\_restore{B6D9DB89-3E45-45EF-BC98-EBD679773278}\RP11\A0016406.exe is infected by Win32:Spyware-gen [Spy], Moved to chest
File D:\Backup of old c\My Documents\cable4net\RASPPPOE.EXE is infected by Win32:Trojan-gen, Moved to chest
File D:\Backup of old c\data of c\My Documents\cable4net\RASPPPOE.EXE is infected by Win32:Trojan-gen, Moved to chest
File D:\Backup of old d\Documents and Settings\S K Jolly\Local Settings\Temporary Internet Files\Content.IE5\WXMB01QR\optimized_pics[1].zip|>optimized_pics\108_0899_r1.jpg Error 42125 {ZIP archive is corrupted.}
Number of searched folders: 4955
Number of tested files: 211579
Number of infected files: 12
__________________________________________
Thanks.

9
Tech Clinic / Browsing, Downloading Issues
« on: October 22, 2009, 02:44:17 AM »
Thank you for all your help until now.  I know the time zones are a problem, but I am ready to make myself available at a time convenient for you.  I am 9 hours ahead of New York time.

Following is the ComboFix Log:

ComboFix 09-10-20.03 - user 10/22/2009 12:53.5.1 - FAT32x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.223.89 [GMT 5.5:30]
Running from: d:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\user\Desktop\CFScript.txt

FILE ::
"d:\windows\system32\man8.exe"
"d:\windows\system32\rss.exe"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\FOUND.028
d:\found.028\FILE0000.CHK
d:\found.028\FILE0001.CHK
d:\found.028\FILE0002.CHK
d:\found.028\FILE0003.CHK
d:\found.028\FILE0004.CHK
d:\found.028\FILE0005.CHK
d:\found.028\FILE0006.CHK
d:\found.028\FILE0007.CHK
d:\found.028\FILE0008.CHK
d:\found.028\FILE0009.CHK
d:\found.028\FILE0010.CHK
d:\found.028\FILE0011.CHK
d:\found.028\FILE0012.CHK
d:\found.028\FILE0013.CHK
d:\found.028\FILE0014.CHK
d:\found.028\FILE0015.CHK
d:\found.028\FILE0016.CHK
d:\found.028\FILE0017.CHK
d:\found.028\FILE0018.CHK
d:\found.028\FILE0019.CHK
d:\found.028\FILE0020.CHK
d:\found.028\FILE0021.CHK
d:\found.028\FILE0022.CHK
d:\found.028\FILE0023.CHK
d:\found.028\FILE0024.CHK
d:\found.028\FILE0025.CHK
d:\found.028\FILE0026.CHK
d:\found.028\FILE0027.CHK
d:\found.028\FILE0028.CHK
d:\found.028\FILE0029.CHK
d:\found.028\FILE0030.CHK
d:\found.028\FILE0031.CHK
d:\found.028\FILE0032.CHK
d:\found.028\FILE0033.CHK
d:\found.028\FILE0034.CHK
d:\found.028\FILE0035.CHK
d:\found.028\FILE0036.CHK
d:\found.028\FILE0037.CHK
d:\found.028\FILE0038.CHK
d:\found.028\FILE0039.CHK
d:\found.028\FILE0040.CHK
d:\found.028\FILE0041.CHK
d:\found.028\FILE0042.CHK
d:\found.028\FILE0043.CHK
d:\found.028\FILE0044.CHK
d:\found.028\FILE0045.CHK
d:\found.028\FILE0046.CHK
d:\found.028\FILE0047.CHK
d:\found.028\FILE0048.CHK
d:\found.028\FILE0049.CHK
d:\found.028\FILE0050.CHK
d:\found.028\FILE0051.CHK
d:\found.028\FILE0052.CHK
d:\found.028\FILE0053.CHK
d:\found.028\FILE0054.CHK
d:\found.028\FILE0055.CHK
d:\found.028\FILE0056.CHK
d:\found.028\FILE0057.CHK
d:\found.028\FILE0058.CHK
d:\found.028\FILE0059.CHK
d:\found.028\FILE0060.CHK
d:\found.028\FILE0061.CHK
d:\found.028\FILE0062.CHK
d:\found.028\FILE0063.CHK
d:\found.028\FILE0064.CHK
d:\found.028\FILE0065.CHK
d:\found.028\FILE0066.CHK
d:\found.028\FILE0067.CHK
d:\found.028\FILE0068.CHK
d:\found.028\FILE0069.CHK
d:\found.028\FILE0070.CHK
d:\found.028\FILE0071.CHK
d:\found.028\FILE0072.CHK
d:\found.028\FILE0073.CHK
d:\found.028\FILE0074.CHK
d:\found.028\FILE0075.CHK
d:\found.028\FILE0076.CHK
d:\found.028\FILE0077.CHK
d:\found.028\FILE0078.CHK
d:\found.028\FILE0079.CHK
d:\windows\system32\man8.exe

.
(((((((((((((((((((((((((   Files Created from 2009-09-22 to 2009-10-22  )))))))))))))))))))))))))))))))
.

2009-10-16 08:05 . 2009-10-16 08:05    --------    d-----w-    d:\documents and settings\user\DoctorWeb
2009-10-14 16:52 . 2009-10-14 16:52    --------    d-----w-    d:\documents and settings\user\Application Data\MozillaControl

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-22 07:30 . 2002-01-06 23:31    196    ----a-w-    d:\windows\system32\drivers\ALCICH.DAT
2009-09-10 09:24 . 2001-12-31 20:46    38224    ----a-w-    d:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 09:23 . 2001-12-31 20:46    19160    ----a-w-    d:\windows\system32\drivers\mbam.sys
1998-12-08 13:23 . 1998-12-08 13:23    99840    ----a-w-    d:\program files\Common Files\IRAABOUT.DLL
1998-12-08 13:23 . 1998-12-08 13:23    70144    ----a-w-    d:\program files\Common Files\IRAMDMTR.DLL
1998-12-08 13:23 . 1998-12-08 13:23    48640    ----a-w-    d:\program files\Common Files\IRALPTTR.DLL
1998-12-08 13:23 . 1998-12-08 13:23    31744    ----a-w-    d:\program files\Common Files\IRAWEBTR.DLL
1998-12-08 13:23 . 1998-12-08 13:23    186368    ----a-w-    d:\program files\Common Files\IRAREG.DLL
1998-12-08 13:23 . 1998-12-08 13:23    17920    ----a-w-    d:\program files\Common Files\IRASRIAL.DLL
.

(((((((((((((((((((((((((((((   SnapShot@2009-10-14_14.38.48   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 15:24 . 2009-07-11 15:24    65536              d:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    49152              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    49152              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    61440              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    61440              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    61440              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    57344              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    65536              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    45056              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    40960              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-11 19:37 . 2009-07-11 19:37    57856              d:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-11 19:49 . 2009-07-11 19:49    69632              d:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-11 14:11 . 2009-07-11 14:11    97280              d:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-10-22 07:31 . 2009-10-22 07:31    16384              d:\windows\temp\Perflib_Perfdata_61c.dat
+ 2009-07-11 19:42 . 2009-07-11 19:42    632656              d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-11 19:39 . 2009-07-11 19:39    554832              d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-11 19:38 . 2009-07-11 19:38    479232              d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2009-10-19 14:07 . 2009-10-19 14:07    424448              d:\windows\Installer\163814.msi
+ 2009-07-11 15:16 . 2009-07-11 15:16    1093120              d:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-11 15:16 . 2009-07-11 15:16    1105920              d:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2002-01-01 149280]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=d:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=d:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=d:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=d:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=d:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=d:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);d:\windows\system32\drivers\RMSPPPOE.SYS [1/1/2002 12:09 AM 31424]
.
Contents of the 'Scheduled Tasks' folder

2009-10-21 d:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- d:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 10:24]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &Windows Live Search - d:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///d:\program files\Yahoo!\Common/ycsrch.htm
IE: Open in new background tab - d:\program files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui/229?bd5c537a7d664a57afed0ed06658bb63
IE: Open in new foreground tab - d:\program files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui/230?bd5c537a7d664a57afed0ed06658bb63
IE: Yahoo! &Dictionary - file:///d:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///d:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///d:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - d:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\7boyuqg7.default\
FF - plugin: d:\program files\BitTorrent_DNA\npbtdna.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-22 13:01
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\CTSvcCDA.EXE
d:\program files\Java\jre6\bin\jqs.exe
d:\windows\system32\HPZipm12.exe
d:\windows\system32\wdfmgr.exe
d:\windows\system32\MsPMSPSv.exe
d:\combofix\CF12168.exe
d:\windows\system32\wscntfy.exe
d:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-22 13:04 - machine was rebooted
ComboFix-quarantined-files.txt  2009-10-22 07:34
ComboFix2.txt  2009-10-21 08:48
ComboFix3.txt  2009-10-15 04:59

Pre-Run: 10,824,990,720 bytes free
Post-Run: 10,795,417,600 bytes free

- - End Of File - - 40438964F219F9D51AC7D68EE2AC5154
_______________________________________

Will reply again after the Avast download.  Thanks.

10
Tech Clinic / Browsing, Downloading Issues
« on: October 21, 2009, 04:14:40 AM »
Win32 Log:

Running from: D:\Documents and Settings\user\desktop\win32kdiag.exe

Log file at : D:\Documents and Settings\user\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'D:\WINDOWS'...





Finished!

_________________________________________________

ComboFix Log:

ComboFix 09-10-20.03 - user 10/21/2009 14:05.4.1 - FAT32x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.223.58 [GMT 5.5:30]
Running from: d:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\user\Desktop\CFScript.txt
 * Created a new restore point

FILE ::
"d:\windows\system32\rss.exe"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\Fonts\unwise_.exe
d:\windows\Installer\91fb3.msi
d:\windows\system32\rss.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_HOSTS_CONTROLLER
-------\Service_Windows Hosts Controller


(((((((((((((((((((((((((   Files Created from 2009-09-21 to 2009-10-21  )))))))))))))))))))))))))))))))
.

2009-10-19 16:06 . 2009-10-19 16:06    141454    ----a-w-    d:\windows\system32\man8.exe
2009-10-16 08:05 . 2009-10-16 08:05    --------    d-----w-    d:\documents and settings\user\DoctorWeb
2009-10-14 16:52 . 2009-10-14 16:52    --------    d-----w-    d:\documents and settings\user\Application Data\MozillaControl
2009-10-12 14:35 . 2009-10-12 14:35    --------    d-----w-    D:\FOUND.028

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 08:44 . 2002-01-06 23:31    196    ----a-w-    d:\windows\system32\drivers\ALCICH.DAT
2009-09-10 09:24 . 2001-12-31 20:46    38224    ----a-w-    d:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 09:23 . 2001-12-31 20:46    19160    ----a-w-    d:\windows\system32\drivers\mbam.sys
1998-12-08 13:23 . 1998-12-08 13:23    99840    ----a-w-    d:\program files\Common Files\IRAABOUT.DLL
1998-12-08 13:23 . 1998-12-08 13:23    70144    ----a-w-    d:\program files\Common Files\IRAMDMTR.DLL
1998-12-08 13:23 . 1998-12-08 13:23    48640    ----a-w-    d:\program files\Common Files\IRALPTTR.DLL
1998-12-08 13:23 . 1998-12-08 13:23    31744    ----a-w-    d:\program files\Common Files\IRAWEBTR.DLL
1998-12-08 13:23 . 1998-12-08 13:23    186368    ----a-w-    d:\program files\Common Files\IRAREG.DLL
1998-12-08 13:23 . 1998-12-08 13:23    17920    ----a-w-    d:\program files\Common Files\IRASRIAL.DLL
.

(((((((((((((((((((((((((((((   SnapShot@2009-10-14_14.38.48   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 15:24 . 2009-07-11 15:24    65536              d:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    49152              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    49152              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    61440              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    61440              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    61440              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    57344              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    65536              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    45056              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-11 15:02 . 2009-07-11 15:02    40960              d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-11 19:37 . 2009-07-11 19:37    57856              d:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-11 19:49 . 2009-07-11 19:49    69632              d:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-11 14:11 . 2009-07-11 14:11    97280              d:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-10-21 08:44 . 2009-10-21 08:44    16384              d:\windows\temp\Perflib_Perfdata_610.dat
+ 2009-07-11 19:42 . 2009-07-11 19:42    632656              d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-11 19:39 . 2009-07-11 19:39    554832              d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-11 19:38 . 2009-07-11 19:38    479232              d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2009-10-19 14:07 . 2009-10-19 14:07    424448              d:\windows\Installer\163814.msi
+ 2009-07-11 15:16 . 2009-07-11 15:16    1093120              d:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-11 15:16 . 2009-07-11 15:16    1105920              d:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2002-01-01 149280]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=d:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=d:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=d:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=d:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=d:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=d:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"d:\\Program Files\\Messenger\\MSMSGS.EXE"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:TCP"= 9999:TCP:PORT1
"1013:TCP"= 1013:TCP:BS
"55322:TCP"= 55322:TCP:FD
"9991:TCP"= 9991:TCP:PORT2
"58311:TCP"= 58311:TCP:FD
"56500:TCP"= 56500:TCP:FD
"36203:TCP"= 36203:TCP:FD
"60715:TCP"= 60715:TCP:FD
"50170:TCP"= 50170:TCP:FD
"53233:TCP"= 53233:TCP:FD
"30525:TCP"= 30525:TCP:FD
"19776:TCP"= 19776:TCP:FD
"53896:TCP"= 53896:TCP:FD
"9892:TCP"= 9892:TCP:FD
"54642:TCP"= 54642:TCP:FD
"44109:TCP"= 44109:TCP:FD
"18930:TCP"= 18930:TCP:FD
"6076:TCP"= 6076:TCP:FD
"47678:TCP"= 47678:TCP:FD
"31557:TCP"= 31557:TCP:FD
"2507:TCP"= 2507:TCP:FD
"55466:TCP"= 55466:TCP:FD
"54018:TCP"= 54018:TCP:FD
"26120:TCP"= 26120:TCP:FD
"29260:TCP"= 29260:TCP:FD
"3114:TCP"= 3114:TCP:FD
"37109:TCP"= 37109:TCP:FD
"19100:TCP"= 19100:TCP:FD
"37711:TCP"= 37711:TCP:FD
"52812:TCP"= 52812:TCP:FD
"51418:TCP"= 51418:TCP:FD
"20930:TCP"= 20930:TCP:FD
"15127:TCP"= 15127:TCP:FD
"19720:TCP"= 19720:TCP:FD
"20501:TCP"= 20501:TCP:FD
"25095:TCP"= 25095:TCP:FD

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);d:\windows\system32\drivers\RMSPPPOE.SYS [1/1/2002 12:09 AM 31424]
.
Contents of the 'Scheduled Tasks' folder

2009-10-21 d:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- d:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 10:24]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &Windows Live Search - d:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///d:\program files\Yahoo!\Common/ycsrch.htm
IE: Open in new background tab - d:\program files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui/229?bd5c537a7d664a57afed0ed06658bb63
IE: Open in new foreground tab - d:\program files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui/230?bd5c537a7d664a57afed0ed06658bb63
IE: Yahoo! &Dictionary - file:///d:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///d:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///d:\program files\Yahoo!\Common/ycsms.htm
TCP: {B3EDBC60-91DF-486C-9929-938433EAA145} = 218.248.255.194 218.248.255.162
FF - ProfilePath - d:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\7boyuqg7.default\
FF - plugin: d:\program files\BitTorrent_DNA\npbtdna.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 14:15
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\CTSvcCDA.EXE
d:\program files\Java\jre6\bin\jqs.exe
d:\windows\system32\HPZipm12.exe
d:\windows\system32\wdfmgr.exe
d:\windows\system32\MsPMSPSv.exe
d:\combofix\CF14133.exe
d:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-21 14:18 - machine was rebooted
ComboFix-quarantined-files.txt  2009-10-21 08:48
ComboFix2.txt  2009-10-15 04:59

Pre-Run: 10,667,196,416 bytes free
Post-Run: 10,837,688,320 bytes free

- - End Of File - - 151FC958EC28F9E22478209C88AC2D73
__________________________________________________

Updated MBAM and ran it.

MBAM Log:

Malwarebytes' Anti-Malware 1.41
Database version: 3004
Windows 5.1.2600 Service Pack 2

10/21/2009 2:29:32 PM
mbam-log-2009-10-21 (14-29-32).txt

Scan type: Quick Scan
Objects scanned: 101068
Time elapsed: 5 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
____________________________________

Thank you.

11
Tech Clinic / Browsing, Downloading Issues
« on: October 20, 2009, 02:01:20 AM »
I am attaching the AVG log link on RapidShare.  I was able to download AVG, but there was an error in installing it.  So, no, I was not able to install it.

  http://rapidshare.com/files/295369455/avg9inst.log.html

  MD5: C245F8A3B232F50E0312DF90DB0B0039
 
 Thank you.

12
Tech Clinic / Browsing, Downloading Issues
« on: October 19, 2009, 09:28:09 AM »
Downloaded AVG, but while installing, it said there was an error.  It created a log file which I saved, but is a pretty big file (7.9 Mb).  Please let me know if you want me to put it on Rapidshare.  Thank you.

13
Tech Clinic / Browsing, Downloading Issues
« on: October 19, 2009, 08:56:10 AM »
After downloading nearly 85% of AVG (at about 33 kbps), the "Generic Host...Win 32 Services...." windoe came up and interrupted the process.  I will try again after a few hours when I may get better download speeds.

14
Tech Clinic / Browsing, Downloading Issues
« on: October 19, 2009, 08:03:02 AM »
I was able to Update Malware Bytes and Scan.  The Win 32 Svcs window showed up inbetween though.  Had to restart my computer and will try AVG next.

MBAM Log:

Malwarebytes' Anti-Malware 1.41
Database version: 2985
Windows 5.1.2600 Service Pack 2

10/19/2009 6:15:51 PM
mbam-log-2009-10-19 (18-15-51).txt

Scan type: Quick Scan
Objects scanned: 100848
Time elapsed: 7 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\windows hosts controller (Worm.Archive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\windows hosts controller (Worm.Archive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windows hosts controller (Worm.Archive) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\intime (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\reup (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WaitToKillServiceT (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\unwise_.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\unwise_.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\d:\windows\fonts\unwise_.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
D:\WINDOWS\Fonts\unwise_.exe (Worm.Archive) -> Delete on reboot.

15
Tech Clinic / Browsing, Downloading Issues
« on: October 19, 2009, 07:26:21 AM »
The problem still persisting is that the “Generic Hosts Process for Win 32 Services………” message pops up and disables the internet connection.  The internet connection icon says that it is still connected, but I can’t download anything after this window shows up.  So I am posting replies in bits and pieces within the time before this window pops up.

   

   

  I also cannot post the Virustotal log, but here is the link:

   

  http://www.virustotal.com/analisis/d593b8a...4d38-1255595597

16
Tech Clinic / Browsing, Downloading Issues
« on: October 18, 2009, 03:47:27 AM »
Re-downloaded and ran ComboFix.  Upon restart, while the blue Combofix window was open, got a pop-up message saying that the Recycle bin of Drive D was corrupted.  Clicked Yes to clean it up.  Following is the ComboFix log:

ComboFix 09-10-16.09 - user 10/18/2009 13:31.3.1 - FAT32x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.223.103 [GMT 5.5:30]
Running from: d:\documents and settings\user\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_HOSTS_CONTROLLER


(((((((((((((((((((((((((   Files Created from 2009-09-18 to 2009-10-18  )))))))))))))))))))))))))))))))
.

2009-10-16 08:05 . 2009-10-16 08:05    --------    d-----w-    d:\documents and settings\user\DoctorWeb
2009-10-14 16:52 . 2009-10-14 16:52    --------    d-----w-    d:\documents and settings\user\Application Data\MozillaControl
2009-10-14 15:02 . 2009-10-14 15:03    1050713    ----a-w-    d:\windows\system32\rss.exe
2009-10-12 14:35 . 2009-10-12 14:35    --------    d-----w-    D:\FOUND.028

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-18 08:09 . 2002-01-06 23:31    196    ----a-w-    d:\windows\system32\drivers\ALCICH.DAT
2009-09-10 09:24 . 2001-12-31 20:46    38224    ----a-w-    d:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 09:23 . 2001-12-31 20:46    19160    ----a-w-    d:\windows\system32\drivers\mbam.sys
1998-12-08 13:23 . 1998-12-08 13:23    99840    ----a-w-    d:\program files\Common Files\IRAABOUT.DLL
1998-12-08 13:23 . 1998-12-08 13:23    70144    ----a-w-    d:\program files\Common Files\IRAMDMTR.DLL
1998-12-08 13:23 . 1998-12-08 13:23    48640    ----a-w-    d:\program files\Common Files\IRALPTTR.DLL
1998-12-08 13:23 . 1998-12-08 13:23    31744    ----a-w-    d:\program files\Common Files\IRAWEBTR.DLL
1998-12-08 13:23 . 1998-12-08 13:23    186368    ----a-w-    d:\program files\Common Files\IRAREG.DLL
1998-12-08 13:23 . 1998-12-08 13:23    17920    ----a-w-    d:\program files\Common Files\IRASRIAL.DLL
.

(((((((((((((((((((((((((((((   SnapShot@2009-10-14_14.38.48   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-18 08:09 . 2009-10-18 08:09    16384              d:\windows\temp\Perflib_Perfdata_54c.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2002-01-01 149280]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=d:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=d:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=d:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=d:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=d:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=d:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"d:\\Program Files\\Messenger\\MSMSGS.EXE"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:TCP"= 9999:TCP:PORT1
"1013:TCP"= 1013:TCP:BS
"55322:TCP"= 55322:TCP:FD
"9991:TCP"= 9991:TCP:PORT2
"58311:TCP"= 58311:TCP:FD
"56500:TCP"= 56500:TCP:FD
"36203:TCP"= 36203:TCP:FD
"60715:TCP"= 60715:TCP:FD
"50170:TCP"= 50170:TCP:FD
"53233:TCP"= 53233:TCP:FD
"30525:TCP"= 30525:TCP:FD
"19776:TCP"= 19776:TCP:FD
"53896:TCP"= 53896:TCP:FD
"9892:TCP"= 9892:TCP:FD

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);d:\windows\system32\drivers\RMSPPPOE.SYS [1/1/2002 12:09 AM 31424]
.
Contents of the 'Scheduled Tasks' folder

2009-10-16 d:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- d:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 10:24]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &Windows Live Search - d:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///d:\program files\Yahoo!\Common/ycsrch.htm
IE: Open in new background tab - d:\program files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui/229?bd5c537a7d664a57afed0ed06658bb63
IE: Open in new foreground tab - d:\program files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui/230?bd5c537a7d664a57afed0ed06658bb63
IE: Yahoo! &Dictionary - file:///d:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///d:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///d:\program files\Yahoo!\Common/ycsms.htm
TCP: {B3EDBC60-91DF-486C-9929-938433EAA145} = 218.248.255.194 218.248.255.162
FF - ProfilePath - d:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\7boyuqg7.default\
FF - plugin: d:\program files\BitTorrent_DNA\npbtdna.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-18 13:40
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
d:\windows\SYSTEM32\CTSVCCDA.EXE
d:\program files\JAVA\JRE6\BIN\JQS.EXE
d:\windows\SYSTEM32\HPZIPM12.EXE
d:\windows\SYSTEM32\WDFMGR.EXE
d:\windows\SYSTEM32\MSPMSPSV.EXE
.
**************************************************************************
.
Completion time: 2009-10-18 13:44 - machine was rebooted
ComboFix-quarantined-files.txt  2009-10-18 08:14
ComboFix2.txt  2009-10-15 04:59

Pre-Run: 11,011,719,168 bytes free
Post-Run: 11,020,206,080 bytes free

138

17
Tech Clinic / Browsing, Downloading Issues
« on: October 16, 2009, 02:14:21 PM »
When I ran Dr.WebCureIt the first time, we had a power cut here in the middle of the Complete Scan.  In the current memory scan, it found a virus and deleted it, but I don't remember the name.  After we got the power, I ran Dr.WebCureIt again, and also Win32kDiag.  Following is the log from the second scan.

Dr.WebCureIt Log

A0006383.DLL;D:\System Volume Information\_restore{B6D9DB89-3E45-45EF-BC98-EBD679773278}\RP7;Win32.HLLW.Autoruner.5555;Deleted.;
A0007625.exe;D:\System Volume Information\_restore{B6D9DB89-3E45-45EF-BC98-EBD679773278}\RP7;Win32.HLLW.Piabot.4;Deleted.;
A0008643.exe;D:\System Volume Information\_restore{B6D9DB89-3E45-45EF-BC98-EBD679773278}\RP7;Win32.HLLW.Piabot.4;Deleted.;
WrapperOuter1154.EXE;D:\Backup of old c\My Documents\My Pictures;Adware.VirtualBouncer;;
WrapperOuter1154.EXE;D:\Backup of old c\data of c\My Documents\My Pictures;Adware.VirtualBouncer;;
casinonet.exe\data010;D:\Backup of old d\Documents and Settings\S K Jolly\Local Settings\Temp\casinonet.exe;Program.PrcView.3725;;
casinonet.exe;D:\Backup of old d\Documents and Settings\S K Jolly\Local Settings\Temp;Archive contains infected objects;Moved.;
VCD_PLAY.EXE.Vir;D:\quarantine;Win32.Parite.2;Cured.;
VCD_PLAY.EXE.Vir.0;D:\quarantine;Win32.Parite.2;Cured.;
xuejsmf.dll.vir;D:\Qoobox\Quarantine\D\WINDOWS\system32;Win32.HLLW.Autoruner.5555;Deleted.;


Win32kDiag Log:
Running from: D:\Documents and Settings\user\Desktop\Win32kDiag.exe

Log file at : D:\Documents and Settings\user\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'D:\WINDOWS'...





Finished!

_________________________________

Thanks.

18
Tech Clinic / Browsing, Downloading Issues
« on: October 15, 2009, 12:44:01 AM »
I lose my internet connection a few minutes after starting my computer.  I have to restart the computer to get the connection back.

19
Tech Clinic / Browsing, Downloading Issues
« on: October 15, 2009, 12:13:02 AM »
ComboFix Log:

ComboFix 09-10-13.04 - user 10/15/2009 10:16.2.1 - FAT32x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.223.97 [GMT 5.5:30]
Running from: d:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\user\Desktop\CFScript.txt

FILE ::
"d:\windows\system32\01.tmp"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\All Users\WindowsLive.exe
d:\documents and settings\user\Application Data\WindowsLive.exe
d:\windows\Fonts\unwise_.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_HOSTS_CONTROLLER
-------\Service_Windows Hosts Controller


(((((((((((((((((((((((((   Files Created from 2009-09-15 to 2009-10-15  )))))))))))))))))))))))))))))))
.

2009-10-14 16:52 . 2009-10-14 16:52    --------    d-----w-    d:\documents and settings\user\Application Data\MozillaControl
2009-10-14 16:52 . 2009-10-14 16:52    141454    ----a-w-    d:\windows\system32\man8.exe
2009-10-14 15:02 . 2009-10-14 15:03    1050713    ----a-w-    d:\windows\system32\rss.exe
2009-10-12 14:35 . 2009-10-12 14:35    --------    d-----w-    D:\FOUND.028

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-15 04:54 . 2002-01-06 23:31    196    ----a-w-    d:\windows\system32\drivers\ALCICH.DAT
2009-09-10 09:24 . 2001-12-31 20:46    38224    ----a-w-    d:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 09:23 . 2001-12-31 20:46    19160    ----a-w-    d:\windows\system32\drivers\mbam.sys
1998-12-08 13:23 . 1998-12-08 13:23    99840    ----a-w-    d:\program files\Common Files\IRAABOUT.DLL
1998-12-08 13:23 . 1998-12-08 13:23    70144    ----a-w-    d:\program files\Common Files\IRAMDMTR.DLL
1998-12-08 13:23 . 1998-12-08 13:23    48640    ----a-w-    d:\program files\Common Files\IRALPTTR.DLL
1998-12-08 13:23 . 1998-12-08 13:23    31744    ----a-w-    d:\program files\Common Files\IRAWEBTR.DLL
1998-12-08 13:23 . 1998-12-08 13:23    186368    ----a-w-    d:\program files\Common Files\IRAREG.DLL
1998-12-08 13:23 . 1998-12-08 13:23    17920    ----a-w-    d:\program files\Common Files\IRASRIAL.DLL
.

(((((((((((((((((((((((((((((   SnapShot@2009-10-14_14.38.48   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-15 04:55 . 2009-10-15 04:55    16384              d:\windows\temp\Perflib_Perfdata_548.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2002-01-01 149280]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=d:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=d:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=d:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=d:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=d:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=d:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"d:\\Program Files\\Messenger\\MSMSGS.EXE"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:TCP"= 9999:TCP:PORT1
"1013:TCP"= 1013:TCP:BS
"55322:TCP"= 55322:TCP:FD
"9991:TCP"= 9991:TCP:PORT2
"58311:TCP"= 58311:TCP:FD
"56500:TCP"= 56500:TCP:FD
"36203:TCP"= 36203:TCP:FD
"60715:TCP"= 60715:TCP:FD

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);d:\windows\system32\drivers\RMSPPPOE.SYS [1/1/2002 12:09 AM 31424]
.
Contents of the 'Scheduled Tasks' folder

2009-10-15 d:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- d:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 10:24]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &Windows Live Search - d:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///d:\program files\Yahoo!\Common/ycsrch.htm
IE: Open in new background tab - d:\program files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui/229?bd5c537a7d664a57afed0ed06658bb63
IE: Open in new foreground tab - d:\program files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui/230?bd5c537a7d664a57afed0ed06658bb63
IE: Yahoo! &Dictionary - file:///d:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///d:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///d:\program files\Yahoo!\Common/ycsms.htm
TCP: {B3EDBC60-91DF-486C-9929-938433EAA145} = 218.248.255.194 218.248.255.162
FF - ProfilePath - d:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\7boyuqg7.default\
FF - plugin: d:\program files\BitTorrent_DNA\npbtdna.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Windows Live - d:\documents and settings\All Users\WindowsLive.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-15 10:25
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
d:\windows\SYSTEM32\CTSVCCDA.EXE
d:\program files\JAVA\JRE6\BIN\JQS.EXE
d:\windows\SYSTEM32\HPZIPM12.EXE
d:\windows\SYSTEM32\WDFMGR.EXE
d:\windows\SYSTEM32\MSPMSPSV.EXE
.
**************************************************************************
.
Completion time: 2009-10-15 10:28 - machine was rebooted
ComboFix-quarantined-files.txt  2009-10-15 04:58

Pre-Run: 11,133,091,840 bytes free
Post-Run: 11,115,757,568 bytes free

149


Thanks.  Today, small windows have started opening up.  One of these said "Operation timed out when attemting to contact linkbee.com"

20
Tech Clinic / Browsing, Downloading Issues
« on: October 14, 2009, 05:14:35 PM »
Also, since I ran ComboFix, I get the message "Generic Host Process for Win 32 Services has encountered problems and needs to close" every time about 15 minutes after I start the computer and everything slows down.  I also lose my internet connection.

Pages: [1] 2 3