Jump to content

browser problems

odb
 Share

Recommended Posts

odb Newbie

odb

Posted
Posted

hi all

lately i have been having some problems with my pc. it is a few years old and its a HP. not sure about the model and etc at the moment.

any ways the few problems that i am getting are:

 

1. wuacult.exe. when i turn on my pc this exe uses a lot of memory so takes ages to load up. but i always end the process but keeps coming back.

 

2. there is another process which has start to use a lot of memory which i cannot remember the name of at the moment. it is connected to norton i believe and its a ccxp something and uses 100 cpu memory and when i ended i cannot connect to the internet any longer

 

3. certain sites do not load. lately yahoo and certain retails shops are not loading. with yahoo i cannot view any of my mail but loads everything around the mail. also youtube does not function and hard to search for specific videos

 

 

can you please let me know what i can do to resolve these issues.

  • Replies 61
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Plastic Nev Newbie

Plastic Nev

Posted
Posted

Hi and welcome to Free Pc Help.

It looks like you may have some malware on your computer. I have asked the experts to have a look so please be patient till someone sees you.

Nev.

Need help with your computer problems? Then why not join Free PC Help. Register here.

If Free PC Help has helped you then please consider a donation. Click here

 We are all members helping other members. Please return here where you may be able to help someone else.  

After all, no one knows everything and you may have the answer that someone needs.

--------------------------------------------------------------------

I have installed Windows, now how do I install the curtains? 😄

image.png

odb Newbie

odb

Posted
  • Author
Posted
thanx. for your info i have run malewarebytes. picked a few things but the problem is still there obviously.
etavares Newbie

etavares

Posted
Posted

Hi odb,

 

Welcome to Extreme Tech Support - Free PC Help. My name is etavares and I'll be helping you resolve this problem.

 

Please take note:

 

 

  1. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.

 

[*]Please tell us if you have your original Windows CD/DVD available.

[*]If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.

[*]Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.

[*]Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

[*]Use the 'Reply to Thread' and add the new log to this thread.

 

 

We need to see some information about what is happening in your machine. Please perform the following scan:

 

We need to create an OTL report,

  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT
     

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

 

 

 

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

 

Information on A/V control HERE

 

 

We also need a log from the aswMBR.

 

Please first disable any CD emulation programs using the steps found in this topic:

Then, Please download aswMBR ( 511KB ) to your desktop.

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

 

 

In your reply, please post both OTL logs and the aswMBR log. Thanks.

 

 

odb Newbie

odb

Posted
  • Author
Posted

hi etavares

thank you for your help. please find the information requested:

 

1: xp 2002 service pack 3

2: i do not have original cd's

 

 

i am runing the otl scan now and will copy the log shortly

odb Newbie

odb

Posted
  • Author
Posted

the otl log:

 

OTL logfile created on: 14/05/2011 15:19:14 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

511.00 Mb Total Physical Memory | 54.00 Mb Available Physical Memory | 11.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 54.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 71.60 Gb Total Space | 34.68 Gb Free Space | 48.43% Space Free | Partition Type: NTFS

Drive D: | 4.71 Gb Total Space | 1.16 Gb Free Space | 24.72% Space Free | Partition Type: FAT32

Drive K: | 7.45 Gb Total Space | 0.05 Gb Free Space | 0.67% Space Free | Partition Type: FAT32

 

Computer Name: YOUR-Q7FWQX3NCP | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/05/14 15:15:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe

PRC - [2011/05/06 20:21:41 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

PRC - [2011/04/29 19:20:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe

PRC - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

PRC - [2002/11/15 10:41:26 | 000,116,336 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton AntiVirus\Navapsvc.exe

PRC - [2002/11/15 10:29:06 | 000,054,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

PRC - [2002/11/14 19:31:24 | 000,140,992 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Personal Firewall\NISUM.EXE

PRC - [2002/11/14 19:30:06 | 000,034,496 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Personal Firewall\ccPxySvc.exe

PRC - [2002/11/14 07:44:02 | 000,317,128 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011/05/14 15:15:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe

MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2011/05/02 21:06:22 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_3f211bc.dll -- (Akamai)

SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)

SRV - [2002/11/15 10:41:26 | 000,116,336 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- c:\Program Files\Norton AntiVirus\Navapsvc.exe -- (navapsvc)

SRV - [2002/11/15 10:30:02 | 000,100,032 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)

SRV - [2002/11/14 19:31:24 | 000,140,992 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Personal Firewall\NISUM.EXE -- (NISUM)

SRV - [2002/11/14 19:30:06 | 000,034,496 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Personal Firewall\ccPxySvc.exe -- (ccPxySvc)

SRV - [2002/11/14 07:44:02 | 000,317,128 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2010/07/21 09:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100721.002\NAVEX15.SYS -- (NAVEX15)

DRV - [2010/07/21 09:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100721.002\NAVENG.SYS -- (NAVENG)

DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2010/02/26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)

DRV - [2010/02/26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)

DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2004/08/04 06:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)

DRV - [2003/12/08 12:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)

DRV - [2003/12/08 12:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)

DRV - [2003/09/18 13:47:56 | 000,035,552 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SAVRTPEL.SYS -- (SAVRTPEL)

DRV - [2003/09/18 13:47:48 | 000,235,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SAVRT.SYS -- (SAVRT)

DRV - [2003/03/01 14:38:56 | 000,576,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2003/02/27 03:19:50 | 000,260,736 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2002/12/27 19:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)

DRV - [2002/12/25 06:09:48 | 000,030,848 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)

DRV - [2002/11/14 07:46:50 | 000,073,480 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

DRV - [2002/11/07 13:07:14 | 000,233,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)

DRV - [2002/11/07 13:07:10 | 000,015,680 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)

DRV - [2002/11/07 13:06:58 | 000,094,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIDSCo.sys -- (SYMIDSCO)

DRV - [2002/11/07 13:06:54 | 000,039,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS)

DRV - [2002/11/07 13:06:48 | 000,050,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS)

DRV - [2002/11/07 13:06:42 | 000,138,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW)

DRV - [2002/11/07 13:06:38 | 000,011,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS)

DRV - [2002/10/01 09:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

DRV - [2002/09/07 02:24:00 | 000,013,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)

DRV - [2002/07/11 14:39:34 | 000,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

DRV - [2001/08/18 03:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)

DRV - [2001/06/04 22:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb8.hpwis.com/

IE - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb8.hpwis.com/

IE - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-gb8.hpwis.com/

IE - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband

IE - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

 

FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/07/29 23:39:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 19:21:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/03 19:37:25 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/07/29 23:39:06 | 000,000,000 | ---D | M]

 

[2011/03/27 11:45:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2011/03/27 11:44:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) --

[2010/07/11 23:17:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/08/08 21:05:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011/04/29 19:20:44 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

 

O1 HOSTS File: ([2011/05/09 00:38:42 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)

O2 - BHO: (ShoppingReport2) - {258C9770-1713-4021-8D7E-1F184A2BD754} - C:\Program Files\ShoppingReport2\Bin\2.7.34\ShoppingReport.dll (SmartShopper Networks)

O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.

O3 - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)

O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [ccRegVfy] c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe (Symantec Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - C:\Program Files\ShoppingReport2\Bin\2.7.34\ShoppingReport.dll (SmartShopper Networks)

O9 - Extra Button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)

O9 - Extra Button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - C:\Program Files\ShoppingReport2\Bin\2.7.34\ShoppingReport.dll (SmartShopper Networks)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275863542500 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003/01/02 09:43:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 21:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O33 - MountPoints2\{4a13de91-faf2-11df-98b5-000c7635165e}\Shell\AutoRun\command - "" = K:\PC/PPTVIEW.EXE /L "PC/playlist.txt"

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

 

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.0.lnk - C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe - (Panasonic Corporation)

MsConfig - StartUpReg: AlcxMonitor - hkey= - key= - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)

MsConfig - StartUpReg: ATIModeChange - hkey= - key= - File not found

MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found

MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found

MsConfig - StartUpReg: hpsysdrv - hkey= - key= - c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig - StartUpReg: KBD - hkey= - key= - C:\hp\KBD\kbd.exe (Hewlett-Packard Company)

MsConfig - StartUpReg: Microsoft Works Update Detection - hkey= - key= - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)

MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found

MsConfig - StartUpReg: NVIEW - hkey= - key= - File not found

MsConfig - StartUpReg: nwiz - hkey= - key= - File not found

MsConfig - StartUpReg: PS2 - hkey= - key= - File not found

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

MsConfig - StartUpReg: Recguard - hkey= - key= - C:\WINDOWS\SMINST\Recguard.exe ()

MsConfig - StartUpReg: StorageGuard - hkey= - key= - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

 

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)

Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)

Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)

Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)

Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)

Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)

Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)

Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)

Drivers32: VIDC.MJPG - C:\WINDOWS\System32\Pvmjpg20.dll (Pegasus Imaging Corporation)

Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)

Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)

Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)

Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)

Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)

Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)

Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (16902109354000384)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/05/12 23:52:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent

[2011/05/12 23:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Free Registry Cleaner

[2011/05/12 23:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner

[2011/05/12 23:44:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011/05/12 23:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PackageAware

[2011/05/09 00:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo

[2011/05/04 21:41:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan

[2011/05/03 19:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ShoppingReport2

[2011/05/03 19:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\ShoppingReport2

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/05/14 15:11:01 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3771520934-3417903565-3085154701-1003UA.job

[2011/05/14 14:33:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/05/14 14:31:37 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/05/14 14:28:17 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/05/14 14:28:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/05/14 14:28:08 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/14 01:32:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/05/12 23:44:58 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Eusing Free Registry Cleaner.lnk

[2011/05/10 00:11:05 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3771520934-3417903565-3085154701-1003Core.job

[2011/05/09 20:42:11 | 000,026,415 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hejazi.jpg

[2011/05/09 19:17:23 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk

[2011/05/09 19:17:23 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/05/09 00:38:42 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/04/29 22:58:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/04/29 20:01:03 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job

[2011/04/24 02:01:12 | 000,333,332 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Project1.png

[2011/04/16 14:35:08 | 000,259,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/04/16 02:41:04 | 000,434,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/04/16 02:41:04 | 000,068,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/05/12 23:44:58 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Eusing Free Registry Cleaner.lnk

[2011/05/09 20:42:19 | 000,026,415 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hejazi.jpg

[2011/04/24 02:01:11 | 000,333,332 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Project1.png

[2011/01/30 18:50:52 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll

[2010/11/01 22:42:46 | 000,047,836 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/09/04 03:04:15 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/06 22:56:24 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2010/08/06 22:56:24 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

[2010/08/06 22:56:24 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

[2010/08/06 22:56:24 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2010/08/06 22:56:24 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2010/08/06 22:56:24 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

[2010/08/06 22:56:24 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2010/08/06 22:56:24 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2010/08/06 22:56:24 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2010/08/06 22:56:24 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat

[2010/08/06 22:56:24 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2010/08/06 22:56:24 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2010/08/06 22:56:24 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2010/08/06 22:56:24 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2010/08/06 22:56:24 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2010/08/06 22:56:24 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat

[2010/08/06 22:56:24 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat

[2010/08/06 22:56:24 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2010/08/06 22:56:24 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2010/06/12 21:14:35 | 000,057,344 | ---- | C] () -- C:\WINDOWS\WNMHINDR.EXE

[2010/06/12 21:14:35 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\NMH040A.DLL

[2010/06/12 14:02:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/06/07 00:19:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2010/06/06 23:38:11 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{D3BB659E-119D-49C0-AF14-6126292918E1}.dat

[2010/06/06 23:38:11 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{C7C32029-BF24-4C40-BAC0-E79142AD897F}.dat

[2010/06/06 23:21:31 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2003/03/20 00:50:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2003/01/02 16:32:39 | 000,000,531 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2003/01/02 16:32:13 | 000,434,138 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2003/01/02 16:32:13 | 000,068,042 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2003/01/02 16:31:53 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2003/01/02 12:53:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2003/01/02 12:53:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll

[2003/01/02 12:41:28 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{FB87616A-9CEE-411F-8EC4-E9C6E419DF82}.dat

[2003/01/02 12:41:28 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{E71BF92A-8764-401B-8F93-576AD165DB73}.dat

[2003/01/02 12:41:22 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SR2.dat

[2003/01/02 10:38:33 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll

[2003/01/02 10:38:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2003/01/02 10:22:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2003/01/02 10:16:05 | 000,184,405 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe

[2003/01/02 10:12:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin

[2003/01/02 10:12:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin

[2003/01/02 10:02:38 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2003/01/02 09:53:19 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll

[2003/01/02 09:53:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll

[2003/01/02 09:53:03 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2003/01/02 09:47:22 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2003/01/02 09:45:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2003/01/02 09:41:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2003/01/02 09:36:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2003/01/02 09:35:36 | 000,259,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2003/01/02 02:43:25 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini

[2003/01/02 02:43:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini

[2003/01/01 10:26:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2003/01/01 09:42:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2003/01/01 09:42:07 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2003/01/01 09:41:36 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2003/01/01 09:13:09 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2003/01/01 09:13:09 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2003/01/01 09:13:05 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2003/01/01 09:12:59 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2003/01/01 09:12:52 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2002/05/24 16:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll

[2002/05/24 16:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll

 

========== LOP Check ==========

 

[2010/06/28 20:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2010/07/29 23:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache

[2010/08/06 23:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic

[2010/06/28 20:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2011/02/19 14:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop

[2011/05/04 23:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan

[2011/01/21 00:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!

[2010/10/09 00:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2003/01/02 10:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust

[2003/01/02 10:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView

[2010/10/09 00:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DC++

[2011/05/09 00:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo

[2003/01/02 10:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust

[2010/12/05 20:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo

[2010/07/29 23:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia

[2010/07/30 00:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite

[2003/01/02 10:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView

[2011/03/26 18:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Serif

[2011/05/03 19:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ShoppingReport2

[2010/08/07 22:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue

[2011/05/14 14:31:37 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\system32\*.sys /90 >

[2011/03/03 14:21:11 | 001,857,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

[2003/01/02 09:35:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2003/01/02 09:35:03 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2003/01/02 09:35:03 | 000,393,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

 

< %SYSTEMDRIVE%\*.* >

[2003/01/02 09:43:53 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010/06/06 23:17:32 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK

[2010/06/07 01:41:25 | 000,000,283 | RHS- | M] () -- C:\boot.ini

[2003/01/20 18:01:00 | 000,245,920 | RHS- | M] () -- C:\cmldr

[2003/01/02 09:43:53 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2011/05/14 14:28:08 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys

[2003/01/02 09:43:53 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2003/01/02 09:43:53 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010/06/07 01:31:15 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2010/06/07 22:45:38 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2011/05/14 14:28:05 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

[2010/06/06 23:24:30 | 000,000,556 | ---- | M] () -- C:\remind.log

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

 

< %systemroot%\*. /mp /s >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 364 bytes -> C:\Documents and Settings\Owner\Desktop\Vietnam 009.Spp:�SummaryInformation

 

< End of report >

odb Newbie

odb

Posted
  • Author
Posted
i don't think i have any CD emulation programmes. is this like a virtual drive or something?
odb Newbie

odb

Posted
  • Author
Posted
i did disable drives anyway and ran the aswMBR. saved the log but its dat file so i cant open it !!!!
odb Newbie

odb

Posted
  • Author
Posted
PS> Did OTL save extras.txt? If so, please also attach that.

 

shall i run again?i closed it

odb Newbie

odb

Posted
  • Author
Posted

aswMBR log:

 

15:45:51.968 OS Version: Windows 5.1.2600 Service Pack 3

15:45:51.968 Number of processors: 1 586 0x207

15:45:51.968 ComputerName: YOUR-Q7FWQX3NCP UserName: Owner

15:45:52.703 Initialize success

15:46:07.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

15:46:07.218 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 78167MB BusType: 3

15:46:09.234 Disk 0 MBR read successfully

15:46:09.234 Disk 0 MBR scan

15:46:09.234 Disk 0 unknown MBR code

15:46:11.250 Disk 0 scanning sectors +160060320

15:46:11.265 Disk 0 scanning C:\WINDOWS\system32\drivers

15:46:19.578 Service scanning

15:46:20.968 Disk 0 trace - called modules:

15:46:20.968 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

15:46:20.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f67ab8]

15:46:20.968 3 CLASSPNP.SYS[f8735fd7] -> nt!IofCallDriver -> \Device\0000005f[0x82fd0f18]

15:46:20.968 5 ACPI.sys[f86ac620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f84940]

15:46:20.968 Scan finished successfully

15:46:38.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"

15:46:38.562 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

odb Newbie

odb

Posted
  • Author
Posted

OTL logfile created on: 14/05/2011 16:00:28 - Run 2

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

511.00 Mb Total Physical Memory | 73.00 Mb Available Physical Memory | 14.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 71.60 Gb Total Space | 34.65 Gb Free Space | 48.39% Space Free | Partition Type: NTFS

Drive D: | 4.71 Gb Total Space | 1.16 Gb Free Space | 24.72% Space Free | Partition Type: FAT32

Drive K: | 7.45 Gb Total Space | 0.05 Gb Free Space | 0.67% Space Free | Partition Type: FAT32

 

Computer Name: YOUR-Q7FWQX3NCP | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/05/14 15:15:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe

PRC - [2011/05/06 20:21:41 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

PRC - [2011/04/29 19:20:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe

PRC - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

PRC - [2002/11/15 10:41:26 | 000,116,336 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton AntiVirus\Navapsvc.exe

PRC - [2002/11/15 10:29:06 | 000,054,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

PRC - [2002/11/14 19:31:24 | 000,140,992 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Personal Firewall\NISUM.EXE

PRC - [2002/11/14 19:30:06 | 000,034,496 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Personal Firewall\ccPxySvc.exe

PRC - [2002/11/14 07:44:02 | 000,317,128 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011/05/14 15:15:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe

MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2011/05/02 21:06:22 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_3f211bc.dll -- (Akamai)

SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)

SRV - [2002/11/15 10:41:26 | 000,116,336 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- c:\Program Files\Norton AntiVirus\Navapsvc.exe -- (navapsvc)

SRV - [2002/11/15 10:30:02 | 000,100,032 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)

SRV - [2002/11/14 19:31:24 | 000,140,992 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Personal Firewall\NISUM.EXE -- (NISUM)

SRV - [2002/11/14 19:30:06 | 000,034,496 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Personal Firewall\ccPxySvc.exe -- (ccPxySvc)

SRV - [2002/11/14 07:44:02 | 000,317,128 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2010/07/21 09:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100721.002\NAVEX15.SYS -- (NAVEX15)

DRV - [2010/07/21 09:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100721.002\NAVENG.SYS -- (NAVENG)

DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2010/02/26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)

DRV - [2010/02/26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)

DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2004/08/04 06:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)

DRV - [2003/12/08 12:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)

DRV - [2003/12/08 12:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)

DRV - [2003/09/18 13:47:56 | 000,035,552 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SAVRTPEL.SYS -- (SAVRTPEL)

DRV - [2003/09/18 13:47:48 | 000,235,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SAVRT.SYS -- (SAVRT)

DRV - [2003/03/01 14:38:56 | 000,576,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2003/02/27 03:19:50 | 000,260,736 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2002/12/27 19:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)

DRV - [2002/12/25 06:09:48 | 000,030,848 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)

DRV - [2002/11/14 07:46:50 | 000,073,480 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

DRV - [2002/11/07 13:07:14 | 000,233,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)

DRV - [2002/11/07 13:07:10 | 000,015,680 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)

DRV - [2002/11/07 13:06:58 | 000,094,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIDSCo.sys -- (SYMIDSCO)

DRV - [2002/11/07 13:06:54 | 000,039,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS)

DRV - [2002/11/07 13:06:48 | 000,050,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS)

DRV - [2002/11/07 13:06:42 | 000,138,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW)

DRV - [2002/11/07 13:06:38 | 000,011,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS)

DRV - [2002/10/01 09:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

DRV - [2002/09/07 02:24:00 | 000,013,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)

DRV - [2002/07/11 14:39:34 | 000,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

DRV - [2001/08/18 03:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)

DRV - [2001/06/04 22:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb8.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb8.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-gb8.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

 

FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/07/29 23:39:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 19:21:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/03 19:37:25 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/07/29 23:39:06 | 000,000,000 | ---D | M]

 

[2011/03/27 11:45:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2011/03/27 11:44:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) --

[2010/07/11 23:17:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/08/08 21:05:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011/04/29 19:20:44 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

 

O1 HOSTS File: ([2011/05/09 00:38:42 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)

O2 - BHO: (ShoppingReport2) - {258C9770-1713-4021-8D7E-1F184A2BD754} - C:\Program Files\ShoppingReport2\Bin\2.7.34\ShoppingReport.dll (SmartShopper Networks)

O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)

O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [ccRegVfy] c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe (Symantec Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - C:\Program Files\ShoppingReport2\Bin\2.7.34\ShoppingReport.dll (SmartShopper Networks)

O9 - Extra Button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)

O9 - Extra Button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - C:\Program Files\ShoppingReport2\Bin\2.7.34\ShoppingReport.dll (SmartShopper Networks)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275863542500 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003/01/02 09:43:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 21:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O33 - MountPoints2\{4a13de91-faf2-11df-98b5-000c7635165e}\Shell\AutoRun\command - "" = K:\PC/PPTVIEW.EXE /L "PC/playlist.txt"

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/05/12 23:52:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent

[2011/05/12 23:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Free Registry Cleaner

[2011/05/12 23:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner

[2011/05/12 23:44:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011/05/12 23:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PackageAware

[2011/05/09 00:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo

[2011/05/04 21:41:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan

[2011/05/03 19:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ShoppingReport2

[2011/05/03 19:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\ShoppingReport2

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/05/14 15:46:38 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat

[2011/05/14 15:44:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable

[2011/05/14 15:33:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/05/14 15:11:01 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3771520934-3417903565-3085154701-1003UA.job

[2011/05/14 14:31:37 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/05/14 14:28:17 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/05/14 14:28:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/05/14 14:28:08 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/14 01:32:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/05/12 23:44:58 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Eusing Free Registry Cleaner.lnk

[2011/05/10 00:11:05 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3771520934-3417903565-3085154701-1003Core.job

[2011/05/09 20:42:11 | 000,026,415 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hejazi.jpg

[2011/05/09 19:17:23 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk

[2011/05/09 19:17:23 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/05/09 00:38:42 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/04/29 22:58:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/04/29 20:01:03 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job

[2011/04/24 02:01:12 | 000,333,332 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Project1.png

[2011/04/16 14:35:08 | 000,259,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/04/16 02:41:04 | 000,434,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/04/16 02:41:04 | 000,068,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/05/14 15:46:38 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat

[2011/05/14 15:44:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable

[2011/05/12 23:44:58 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Eusing Free Registry Cleaner.lnk

[2011/05/09 20:42:19 | 000,026,415 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hejazi.jpg

[2011/04/24 02:01:11 | 000,333,332 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Project1.png

[2011/01/30 18:50:52 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll

[2010/11/01 22:42:46 | 000,047,836 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/09/04 03:04:15 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/06 22:56:24 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2010/08/06 22:56:24 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

[2010/08/06 22:56:24 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

[2010/08/06 22:56:24 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2010/08/06 22:56:24 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2010/08/06 22:56:24 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

[2010/08/06 22:56:24 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2010/08/06 22:56:24 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2010/08/06 22:56:24 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2010/08/06 22:56:24 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat

[2010/08/06 22:56:24 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2010/08/06 22:56:24 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2010/08/06 22:56:24 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2010/08/06 22:56:24 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2010/08/06 22:56:24 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2010/08/06 22:56:24 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat

[2010/08/06 22:56:24 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat

[2010/08/06 22:56:24 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2010/08/06 22:56:24 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2010/06/12 21:14:35 | 000,057,344 | ---- | C] () -- C:\WINDOWS\WNMHINDR.EXE

[2010/06/12 21:14:35 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\NMH040A.DLL

[2010/06/12 14:02:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/06/07 00:19:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2010/06/06 23:38:11 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{D3BB659E-119D-49C0-AF14-6126292918E1}.dat

[2010/06/06 23:38:11 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{C7C32029-BF24-4C40-BAC0-E79142AD897F}.dat

[2010/06/06 23:21:31 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2003/03/20 00:50:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2003/01/02 16:32:39 | 000,000,531 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2003/01/02 16:32:13 | 000,434,138 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2003/01/02 16:32:13 | 000,068,042 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2003/01/02 16:31:53 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2003/01/02 12:53:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2003/01/02 12:53:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll

[2003/01/02 12:41:28 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{FB87616A-9CEE-411F-8EC4-E9C6E419DF82}.dat

[2003/01/02 12:41:28 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{E71BF92A-8764-401B-8F93-576AD165DB73}.dat

[2003/01/02 12:41:22 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SR2.dat

[2003/01/02 10:38:33 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll

[2003/01/02 10:38:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2003/01/02 10:22:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2003/01/02 10:16:05 | 000,184,405 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe

[2003/01/02 10:12:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin

[2003/01/02 10:12:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin

[2003/01/02 10:02:38 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2003/01/02 09:53:19 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll

[2003/01/02 09:53:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll

[2003/01/02 09:53:03 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2003/01/02 09:47:22 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2003/01/02 09:45:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2003/01/02 09:41:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2003/01/02 09:36:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2003/01/02 09:35:36 | 000,259,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2003/01/02 02:43:25 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini

[2003/01/02 02:43:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini

[2003/01/01 10:26:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2003/01/01 09:42:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2003/01/01 09:42:07 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2003/01/01 09:41:36 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2003/01/01 09:13:09 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2003/01/01 09:13:09 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2003/01/01 09:13:05 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2003/01/01 09:12:59 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2003/01/01 09:12:52 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2002/05/24 16:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll

[2002/05/24 16:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll

 

========== LOP Check ==========

 

[2010/06/28 20:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2010/07/29 23:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache

[2010/08/06 23:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic

[2010/06/28 20:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2011/02/19 14:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop

[2011/05/04 23:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan

[2011/01/21 00:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!

[2010/10/09 00:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/10/09 00:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DC++

[2011/05/09 00:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo

[2003/01/02 10:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust

[2010/12/05 20:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo

[2010/07/29 23:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia

[2010/07/30 00:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite

[2003/01/02 10:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView

[2011/03/26 18:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Serif

[2011/05/03 19:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ShoppingReport2

[2010/08/07 22:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue

[2011/05/14 14:31:37 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 364 bytes -> C:\Documents and Settings\Owner\Desktop\Vietnam 009.Spp:�SummaryInformation

 

 

this is the only report/log

etavares Newbie

etavares

Posted
Posted

Hello, odb.

 

Did you change the Extra Registry option to "use safelist" like I asked before scanning? After running OTL once, it defaults to OFF which keeps the Extras log from opening. It will open minimized as well, so you'll need to go to the taskbar and open the file. In the meanwhile, please also run MBAM:

 

 

 

Online Poker Warning

Your logs show that you have online poker programs installed on your computer. I know that you may use these (this) game(s) on a regular basis but I think it's important to note that often these kind of programmes are installed with other unwanted software, namely spyware or adware. Due to this I strongly suggest that you uninstall these programmes if you do not use them anymore or did not install these programmes yourself on purpose. There are so many online poker games out there these days that it is close to impossible to keep track of whether a programme is infected or not. Should you have installed this online poker game on purpose and wish to continue using this, you may ignore this. Should you decide to uninstall the programme, then you can do so by following the below steps:

 

You can remove this via Add/Remove programs.

 

Registry Cleaner Warning

 

 

I also see that you have a registry cleaner installed (in your case Eusing Free Registry Cleaner). I do not recommend using registry cleaners. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

 

See here for more information:

http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578entry1326578

 

 

 

 

 

 

 

 

 

 

 

 

 

Step 1

 

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 1

alternate download link 2

 

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware

     

    [*]Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

 

etavares

 

 

odb Newbie

odb

Posted
  • Author
Posted

i had installed this already. it does not update for some reason

the log from the scan:

 

 

Malwarebytes' Anti-Malware 1.50.1.1100

http://www.malwarebytes.org

 

Database version: 5363

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

14/05/2011 18:17:51

mbam-log-2011-05-14 (18-17-50).txt

 

Scan type: Quick scan

Objects scanned: 138062

Time elapsed: 6 minute(s), 4 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 18

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 6

Files Infected: 3

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.Hotbar) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Value: {DB38E21A-0133-419d-92AD-ECDFD5244D6D} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Value: {EB620C54-E229-4942-87CE-E717109FC8C6} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Value: {EB620C54-E229-4942-87CE-E717109FC8C6} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Value: {DB38E21A-0133-419d-92AD-ECDFD5244D6D} -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

c:\documents and settings\Owner\application data\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\shoppingreport2\cs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\shoppingreport2\cs\dwld (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\program files\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\program files\shoppingreport2\Bin (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\program files\shoppingreport2\Bin\2.7.34 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

 

Files Infected:

c:\program files\shoppingreport2\Bin\2.7.34\shoppingreport.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\shoppingreport2\cs\Config.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

c:\program files\shoppingreport2\Uninst.exe (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

odb Newbie

odb

Posted
  • Author
Posted
i have removed about 20 items. problems still there. with yahoo and youtube and etc !!!!!
etavares Newbie

etavares

Posted
Posted

Hello, odb.

 

The malware is keeping it from updating. We'll move to something a bit more comprehensive. Let me know you you still have problems with those websites after this.

 

Next, please download ComboFix from one of these locations:

 

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe

 


  •  
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
     
  • Double click on etavaresCF.exe & follow the prompts.
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

 

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://img.photobucket.com/albums/v706/ried7/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

 

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

 

etavares

 

 

odb Newbie

odb

Posted
  • Author
Posted

here is the log:

 

ComboFix 11-05-13.03 - Owner 14/05/2011 21:05:38.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.192 [GMT 1:00]

Running from: c:\documents and settings\Owner\Desktop\etavaresCF.exe

AV: Norton AntiVirus *Disabled/Outdated* {B5510F6F-87E1-47F7-A411-360BC453007C}

FW: Norton Personal Firewall *Enabled* {E641AC2D-955F-4A05-ABE7-F9C534ABDB46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Owner\WINDOWS

c:\windows\system32\config\systemprofile\WINDOWS

.

.

((((((((((((((((((((((((( Files Created from 2011-04-14 to 2011-05-14 )))))))))))))))))))))))))))))))

.

.

2011-05-14 00:38 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D826BD50-5BBC-4104-94EA-6744701E1268}\mpengine.dll

2011-05-12 22:44 . 2011-05-14 20:04 -------- d-----w- c:\program files\Eusing Free Registry Cleaner

2011-05-12 22:29 . 2011-05-12 22:29 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PackageAware

2011-05-08 23:38 . 2011-05-08 23:38 -------- d-----w- c:\documents and settings\Owner\Application Data\GetRightToGo

2011-05-04 20:41 . 2011-05-04 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-11 07:04 . 2010-09-28 00:58 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-03-07 05:33 . 2003-01-02 08:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2003-01-02 15:32 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2003-01-02 15:32 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2006-06-23 10:33 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2003-01-02 15:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06 . 2003-01-02 15:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2003-01-01 08:12 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2003-01-01 08:13 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2010-06-07 19:37 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2003-01-01 08:41 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-04-29 18:20 . 2011-03-27 10:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-11-15 59072]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2002-11-15 54976]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.0.lnk]

backup=c:\windows\pss\PHOTOfunSTUDIO 5.0.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]

2004-09-07 12:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]

2001-09-05 07:24 28672 ----a-w- c:\windows\system32\Ati2mdxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2003-02-28 20:00 315392 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2003-03-12 00:11 114688 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

1998-05-07 23:04 52736 ----a-w- c:\windows\system\hpsysdrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 01:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

2003-02-12 03:02 61440 ----a-w- c:\hp\KBD\kbd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

2002-07-25 04:20 28672 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2003-03-04 01:44 4595712 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]

2003-03-04 01:44 831557 ----a-w- c:\windows\system32\nview.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2003-03-04 01:44 323584 ----a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]

2002-10-16 23:57 81920 ----a-w- c:\windows\system32\ps2.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2002-09-14 04:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]

2003-02-13 15:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\DC++\\DCPlusPlus.exe"=

"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2557:TCP"= 2557:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [02/01/2003 16:32 14336]

R2 ccPxySvc;Symantec Proxy Service;c:\program files\Norton Personal Firewall\ccPxySvc.exe [14/11/2002 19:30 34496]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/07/2010 22:09 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/07/2010 22:09 136176]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [29/07/2010 23:37 137344]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [29/07/2010 23:37 8320]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

.

2011-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-12 22:56]

.

2011-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-12 22:56]

.

2011-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3771520934-3417903565-3085154701-1003Core.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-07 19:51]

.

2011-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3771520934-3417903565-3085154701-1003UA.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-07 19:51]

.

2011-05-14 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

.

2011-04-29 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job

- c:\progra~1\NORTON~1\NAVW32.exe [2002-11-15 09:31]

.

2010-06-06 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-01-02 23:04]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.tiscali.co.uk/broadband

uDefault_Search_URL = hxxp://srch-gb8.hpwis.com/

mSearch Bar = hxxp://srch-gb8.hpwis.com/

uInternet Connection Wizard,ShellNext = hxxp://gb8.hpwis.com/

uInternet Settings,ProxyOverride = *.local

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\b8irfl4w.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-14 21:15

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3892)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-05-14 21:20:39

ComboFix-quarantined-files.txt 2011-05-14 20:20

.

Pre-Run: 36,745,601,024 bytes free

Post-Run: 36,824,449,024 bytes free

.

- - End Of File - - B22538CF4281A1D0F2E1B0434ED444FC

odb Newbie

odb

Posted
  • Author
Posted
my yahoo stil not showing..also same problem with youtube still. even with a different browser such as firefox its not working
etavares Newbie

etavares

Posted
Posted

Hello, odb.

 

Ok, it may be your router. Do you have a modem/router (e.g. one box) or a modem and a router (two boxes between the wall and your computer)? Do you have any other computers connected to the same router? Do they have the same issue?

 

 

1. Close any open browsers.

 

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

 

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

 

DDS::
uDefault_Search_URL = hxxp://srch-gb8.hpwis.com/
mSearch Bar = hxxp://srch-gb8.hpwis.com/
uInternet Connection Wizard,ShellNext = hxxp://gb8.hpwis.com/
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

 

Save this as CFScript.txt, in the same location as ComboFix.exe

 

 

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

 

Refering to the picture above, drag CFScript into ComboFix.exe

 

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

 

etavares

 

 

RandyL Newbie

RandyL

Posted
Posted

Please excuse me as I am likely to have overlooked the obvious as this is a long thread.

 

If it's just Yahoo and Youtube that does not show maybe it's a firewall issue as Norton can be pretty agressive.

 

I was just wondering if temporarily disabling all of the Norton features would help in resolving this issue per etavares guidance.

 

Please do not do anything unless instructed to do so by etavares. This is just me wondering.

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

odb Newbie

odb

Posted
  • Author
Posted

i have one router (belkin) connection 1 pc and i pick up my ps3 on it. i do lose a lot of connection when im on psn.

 

also i think it may have something to do with my anti virus too. my norton is old and i have not renewed it. i use to use the free avg when i had a serious virus which led me to re install windows. i am looking to buy a new laptop or pc but for now i need to sort out this issue !!

 

the other process that uses 99% of memory at times is: ccpxysvc.exe

odb Newbie

odb

Posted
  • Author
Posted

the log:

 

 

ComboFix 11-05-14.01 - Owner 15/05/2011 13:29:24.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.306 [GMT 1:00]

Running from: c:\documents and settings\Owner\Desktop\etavaresCF.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

AV: Norton AntiVirus *Disabled/Outdated* {B5510F6F-87E1-47F7-A411-360BC453007C}

FW: Norton Personal Firewall *Enabled* {E641AC2D-955F-4A05-ABE7-F9C534ABDB46}

.

.

((((((((((((((((((((((((( Files Created from 2011-04-15 to 2011-05-15 )))))))))))))))))))))))))))))))

.

.

2011-05-14 00:38 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D826BD50-5BBC-4104-94EA-6744701E1268}\mpengine.dll

2011-05-12 22:44 . 2011-05-14 20:04 -------- d-----w- c:\program files\Eusing Free Registry Cleaner

2011-05-12 22:29 . 2011-05-12 22:29 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PackageAware

2011-05-08 23:38 . 2011-05-08 23:38 -------- d-----w- c:\documents and settings\Owner\Application Data\GetRightToGo

2011-05-04 20:41 . 2011-05-04 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-11 07:04 . 2010-09-28 00:58 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-03-07 05:33 . 2003-01-02 08:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2003-01-02 15:32 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2003-01-02 15:32 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2006-06-23 10:33 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2003-01-02 15:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06 . 2003-01-02 15:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2003-01-01 08:12 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2003-01-01 08:13 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2010-06-07 19:37 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2003-01-01 08:41 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-04-29 18:20 . 2011-03-27 10:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-05-14_20.15.38 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-05-15 11:46 . 2011-05-15 11:46 16384 c:\windows\Temp\Perflib_Perfdata_5c0.dat

+ 2011-05-15 11:47 . 2011-05-15 11:47 16384 c:\windows\Temp\Perflib_Perfdata_524.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-11-15 59072]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2002-11-15 54976]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.0.lnk]

backup=c:\windows\pss\PHOTOfunSTUDIO 5.0.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]

2004-09-07 12:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]

2001-09-05 07:24 28672 ----a-w- c:\windows\system32\Ati2mdxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2003-02-28 20:00 315392 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2003-03-12 00:11 114688 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

1998-05-07 23:04 52736 ----a-w- c:\windows\system\hpsysdrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 01:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

2003-02-12 03:02 61440 ----a-w- c:\hp\KBD\kbd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

2002-07-25 04:20 28672 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2003-03-04 01:44 4595712 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]

2003-03-04 01:44 831557 ----a-w- c:\windows\system32\nview.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2003-03-04 01:44 323584 ----a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]

2002-10-16 23:57 81920 ----a-w- c:\windows\system32\ps2.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2002-09-14 04:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]

2003-02-13 15:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\DC++\\DCPlusPlus.exe"=

"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1493:TCP"= 1493:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [02/01/2003 16:32 14336]

R2 ccPxySvc;Symantec Proxy Service;c:\program files\Norton Personal Firewall\ccPxySvc.exe [14/11/2002 19:30 34496]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/07/2010 22:09 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/07/2010 22:09 136176]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [29/07/2010 23:37 137344]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [29/07/2010 23:37 8320]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

.

2011-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-12 22:56]

.

2011-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-12 22:56]

.

2011-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3771520934-3417903565-3085154701-1003Core.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-07 19:51]

.

2011-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3771520934-3417903565-3085154701-1003UA.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-07 19:51]

.

2011-05-15 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

.

2011-04-29 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job

- c:\progra~1\NORTON~1\NAVW32.exe [2002-11-15 09:31]

.

2010-06-06 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-01-02 23:04]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.tiscali.co.uk/broadband

uInternet Settings,ProxyOverride = *.local

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\b8irfl4w.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-15 13:36

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(4004)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-05-15 13:40:55

ComboFix-quarantined-files.txt 2011-05-15 12:40

ComboFix2.txt 2011-05-14 20:20

.

Pre-Run: 36,821,848,064 bytes free

Post-Run: 36,812,349,440 bytes free

.

- - End Of File - - 887F641C7AEA05B27E0F29E16E126430

odb Newbie

odb

Posted
  • Author
Posted
how can i attach a file from my desktop here to show what happens with yahoo?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...