Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Comodo anti-virus won't initialise, but malwarebytes says it's clean...
Options
-
26-09-2009 12:48pmI checking out a friends laptop and it seemed sluggish and Avira antivirus wouldn't update.
I ran malwarebytes and it reported 1 item cleaned
C:\WINDOWS\bemark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
There previously wasn't a firewall on the laptop and I thought to put on the Comodo one, which I notice now comes with a free anti-virus.
This is installed and the curious thing about it is that even though it's installed, rebooted, it can't update (has never updated) because it says the anti-virus engine is not initialized. A re-install hasn't changed anything, neither has safe mode, nor another scan with malwarebytes.
I'm a little stuck and wondering if someone could please look over a HJT log and see if says anything. I suspect another infection because the AV won't initialise, but I'm surprised that mwb doesn't find one.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:08, on 26/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\avgagent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Vince\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sites.google.com/a/suas.ie/suas-internal-webpage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Vince\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: CEBdc - https://www.boi-bol.com/jsp/payments/dcApplet.cab
O16 - DPF: CEBdep - https://www.boi-bol.com/jsp/payments/dcDependencies.cab
O16 - DPF: KCrypto for Applets - https://www.ros.ie/applets/kcrypto.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209742671859
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Remote Support Service (AvgAgent) (avgagent) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe (file missing)
O23 - Service: AVG7 Remote Support Service (AvgAgent) (avgagent) - Unknown owner - avgagent.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate1c99b36e1394b5c) (gupdate1c99b36e1394b5c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\WINDOWS\system32\lxdxcoms.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Vince/LOCALS~1/Temp/msohtml1/08/clip_image002.jpg
--
End of file - 8189 bytes0
Comments
-
don't put the logs in code
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2- Ensure all Firefox windows are closed.
- To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
- When prompted to run the scan, click Yes.
- GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
0 -
Thanks very much.
Here's the log -
GooredFix by jpshortstuff (24.09.09.1)
Log created at 13:58 on 26/09/2009 (Vince)
Firefox version 3.0.14 (en-GB)
========== GooredScan ==========
========== GooredLog ==========
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [14:08 19/12/2008]
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [16:58 06/11/2008]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [16:58 06/11/2008]
-=E.O.F=-0 -
hi
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Check the boxes beside LOP Check and Purity Check.
- Under Custom Scan paste this in
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32 - Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
0 -
Thanks very much.
Starting with OTL.txt
OTL logfile created on: 26/09/2009 18:36:13 - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Vince\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
1015.36 Mb Total Physical Memory | 635.22 Mb Available Physical Memory | 62.56% Memory free
1.40 Gb Paging File | 1.13 Gb Available in Paging File | 80.85% Paging File free
Paging file location(s): C:\pagefile.sys 512 512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 20.72 Gb Free Space | 37.08% Space Free | Partition Type: NTFS
Drive | 119.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SUASLAPTOP4
Current User Name: Vince
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\avgagent.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\System32\lxdxcoms.exe ( )
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()
PRC - C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Documents and Settings\Vince\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (AVG7 Remote Support Service (AvgAgent) (avgagent) [Auto | Stopped]) -- File not found
SRV - (avgagent [Auto | Running]) -- C:\WINDOWS\avgagent.exe (GRISOFT, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (btwdins [Disabled | Stopped]) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (cmdAgent [Auto | Running]) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (gupdate1c99b36e1394b5c [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqwmi [On_Demand | Stopped]) -- C:\Program Files\HPQ\Shared\hpqwmi.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (lmab_device [On_Demand | Stopped]) -- C:\WINDOWS\System32\LMabcoms.exe (Lexmark International, Inc.)
SRV - (lxdxCATSCustConnectService [Auto | Stopped]) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe (Lexmark International, Inc.)
SRV - (lxdx_device [Auto | Running]) -- C:\WINDOWS\System32\lxdxcoms.exe ( )
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RampartSvc [On_Demand | Stopped]) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe (SonicWALL, Inc.)
SRV - (SoundMAX Agent Service (default) [Auto | Running]) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (BANTExt [System | Running]) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (BTKRNL [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (cmdGuard [System | Running]) -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys (COMODO)
DRV - (cmdHlp [System | Running]) -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys (COMODO)
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\System32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (eabfiltr [System | Running]) -- C:\WINDOWS\System32\drivers\EABFiltr.sys (Hewlett-Packard Company)
DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\eabusb.sys (Hewlett-Packard Company)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (GTIPCI21 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gtipci21.sys (Texas Instruments)
DRV - (hwdatacard [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (Inspect [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RCFOX [System | Running]) -- C:\WINDOWS\System32\Drivers\RCFOX.sys (SonicWALL, Inc.)
DRV - (rcvpn [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rcvpn.sys (SonicWALL, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SMCIRDA [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys (SMSC)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\System32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (w29n51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\w29n51.sys (Intel® Corporation)
DRV - (windrvNT [Auto | Running]) -- C:\WINDOWS\System32\windrvNT.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9090
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sites.google.com/a/suas.ie/suas-internal-webpage/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://sites.google.com/a/suas.ie/suas-internal-webpage/"
FF - prefs.js..extensions.enabledItems: catch_toolbar@catch.fm:1.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9090
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/11/06 17:58:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/18 12:16:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/18 12:16:54 | 00,000,000 | ---D | M]
[2008/12/22 17:57:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\mozilla\Extensions
[2008/12/22 17:57:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/23 19:14:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\mozilla\Firefox\Profiles\lqkxtkxe.default\extensions
[2008/11/25 09:52:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\mozilla\Firefox\Profiles\lqkxtkxe.default\extensions\catch_toolbar@catch.fm
[2009/09/23 19:14:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/18 12:16:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/06 17:58:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/09/18 12:16:49 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/18 12:16:49 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/11/06 17:58:27 | 00,410,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/01/07 18:29:18 | 01,447,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/09/18 12:16:50 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/07/23 21:53:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/23 21:53:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/23 21:53:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/23 21:53:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/23 21:53:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/23 21:53:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/23 21:53:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/30 18:08:08 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/07/30 18:08:09 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 18:08:09 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/07/30 18:08:09 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 18:08:09 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/07/30 18:08:09 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 18:08:09 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 18:08:09 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: (290277 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 9998 more lines...
[I had a look at the hosts file, and all these extra lines have a line above and below them to say that they were inserted by spybot S&D.]
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Vince\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_10.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209742671859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: CEBdc https://www.boi-bol.com/jsp/payments/dcApplet.cab (Reg Error: Key error.)
O16 - DPF: CEBdep https://www.boi-bol.com/jsp/payments/dcDependencies.cab (Reg Error: Key error.)
O16 - DPF: KCrypto for Applets https://www.ros.ie/applets/kcrypto.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Vince/LOCALS~1/Temp/msohtml1/08/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{19f01605-16a5-11dd-a15f-006073e7c56b}\Shell\Open(&O)\command - "" = RECYCLED\appmgmt.exe
O33 - MountPoints2\{2ee519a2-f3fe-11dc-a140-006073e7c56b}\Shell - "" = AutoRun
O33 - MountPoints2\{2ee519a2-f3fe-11dc-a140-006073e7c56b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2ee519a2-f3fe-11dc-a140-006073e7c56b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{2ee519a3-f3fe-11dc-a140-006073e7c56b}\Shell\AutoRun\command - "" = F:\SYSTEM\S-3-7-89-2225458569-9856321456-454423558-8896\explorer.exe -- File not found
O33 - MountPoints2\{2ee519a3-f3fe-11dc-a140-006073e7c56b}\Shell\open\command - "" = F:\SYSTEM\S-3-7-89-2225458569-9856321456-454423558-8896\explorer.exe -- File not found
O33 - MountPoints2\{4e021106-3142-11dd-a172-006073e7c56b}\Shell - "" = AutoRun
O33 - MountPoints2\{4e021106-3142-11dd-a172-006073e7c56b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4e021106-3142-11dd-a172-006073e7c56b}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{b4f8a066-3140-11dd-a171-006073e7c56b}\Shell - "" = AutoRun
O33 - MountPoints2\{b4f8a066-3140-11dd-a171-006073e7c56b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b4f8a066-3140-11dd-a171-006073e7c56b}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{badcc8c7-ef1a-11db-a068-006073e7c56b}\Shell - "" = AutoRun
O33 - MountPoints2\{badcc8c7-ef1a-11db-a068-006073e7c56b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{badcc8c7-ef1a-11db-a068-006073e7c56b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{cba10048-bad1-11dd-a20b-006073ed7d28}\Shell - "" = AutoRun
O33 - MountPoints2\{cba10048-bad1-11dd-a20b-006073ed7d28}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dbf550d2-f3f7-11dc-a13f-006073e7c56b}\Shell - "" = AutoRun
O33 - MountPoints2\{dbf550d2-f3f7-11dc-a13f-006073e7c56b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dbf550d2-f3f7-11dc-a13f-006073e7c56b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
MsConfig - Services: "iPod Service"
MsConfig - Services: "gusvc"
MsConfig - Services: "btwdins"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk - C:\PROGRA~1\INTERV~1\DVDCHE~1\DVDCheck.exe - File not found
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe File not found
MsConfig - StartUpReg: hpWirelessAssistant - hkey= - key= - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: UpdateManager - hkey= - key= - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2009/09/26 18:32:46 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vince\Desktop\OTL.exe
[2009/09/26 13:58:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Vince\Desktop\GooredFix Backups
[2009/09/26 13:57:00 | 00,069,192 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Vince\Desktop\GooredFix.exe
[2009/09/26 11:35:42 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\Vince\Desktop\HijackThis.lnk
[2009/09/26 11:35:42 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/24 19:13:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Vince\My Documents\Eoins Website
[2009/09/24 19:07:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Vince\Application Data\FileZilla
[2009/09/22 20:51:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Vince\My Documents\My Skype Content
[2009/09/22 20:36:33 | 00,061,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/09/22 20:28:54 | 00,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2009/09/22 20:27:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2009/09/22 20:27:48 | 00,179,792 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/09/22 20:27:48 | 00,132,296 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/09/22 20:27:48 | 00,087,104 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/09/22 20:27:48 | 00,025,160 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/09/22 20:27:44 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/09/22 20:18:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Vince\Application Data\AVG8
[2009/09/20 20:58:04 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Vince\Desktop\Camden Markets.doc
[2009/09/19 14:27:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Vince\Desktop\Rossa Images
[2009/09/19 13:32:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Vince\Application Data\Skype
[2009/09/19 09:58:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Vince\Application Data\Mp3tag
[2009/09/19 09:57:57 | 00,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mp3tag.lnk
[2009/09/19 09:57:54 | 00,000,000 | ---D | C] -- C:\Program Files\Mp3tag
[2009/09/14 22:44:44 | 58,394,528 | ---- | C] () -- C:\Documents and Settings\Vince\Desktop\autoparty.wav
[2009/09/14 22:44:40 | 46,274,280 | ---- | C] () -- C:\Documents and Settings\Vince\Desktop\one 2.wav
[2009/09/14 22:44:37 | 46,274,280 | ---- | C] () -- C:\Documents and Settings\Vince\Desktop\one.wav
[2009/09/14 22:44:34 | 52,599,320 | ---- | C] () -- C:\Documents and Settings\Vince\Desktop\close your eyes.wav
[2009/09/10 19:46:21 | 00,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MediaMonkey.lnk
[2009/09/10 19:46:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Vince\Local Settings\Application Data\MediaMonkey
[2009/09/10 19:46:07 | 00,000,000 | ---D | C] -- C:\Program Files\MediaMonkey
[2009/09/10 19:45:13 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/10 19:45:06 | 07,574,760 | ---- | C] (Ventis Media Inc. ) -- C:\Documents and Settings\Vince\Desktop\MediaMonkey_3.1.1.1261.exe
[2009/09/02 23:12:20 | 00,006,200 | ---- | C] () -- C:\WINDOWS\System32\INT13EXT.VXD
[2009/09/02 23:12:19 | 00,001,561 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Inspector File Recovery.lnk
[2009/09/02 23:12:19 | 00,000,000 | ---D | C] -- C:\Program Files\PC Inspector File Recovery
[2009/09/02 23:10:48 | 06,113,439 | ---- | C] (InstallShield Software Corporation) -- C:\Documents and Settings\Vince\Desktop\pci_filerecovery.exe
[2009/08/30 10:28:48 | 00,172,032 | ---- | C] () -- C:\Documents and Settings\Vince\Desktop\25 10_08_09 SUAS INVOICE - normal file size.doc
[2009/08/30 10:03:19 | 00,172,032 | ---- | C] () -- C:\Documents and Settings\Vince\Desktop\25 10_08_09 SUAS INVOICE.doc
[2009/08/29 14:45:12 | 13,942,45120 | ---- | C] () -- C:\Documents and Settings\Vince\Desktop\Gandhi (Collector's Edition) 1982.avi
[2009/05/25 22:22:57 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdxvs.dll
[2009/05/25 22:22:56 | 00,360,448 | ---- | C] () -- C:\WINDOWS\System32\lxdxcoin.dll
[2009/05/25 22:22:23 | 00,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdxdrs.dll
[2009/05/25 22:22:23 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdxcaps.dll
[2009/05/25 22:22:23 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdxcnv4.dll
[2009/05/25 22:21:55 | 01,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxserv.dll
[2009/05/25 22:21:55 | 00,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxusb1.dll
[2009/05/25 22:21:55 | 00,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxpmui.dll
[2009/05/25 22:21:55 | 00,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxlmpm.dll
[2009/05/25 22:21:55 | 00,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDXhcp.dll
[2009/05/25 22:21:55 | 00,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxinpa.dll
[2009/05/25 22:21:55 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDXinst.dll
[2009/05/25 22:21:55 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxiesc.dll
[2009/05/25 22:21:55 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxprox.dll
[2009/05/25 22:21:54 | 00,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomc.dll
[2009/05/25 22:21:54 | 00,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxhbn3.dll
[2009/05/25 22:21:54 | 00,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomm.dll
[2009/05/25 22:21:54 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdxgrd.dll
[2009/01/15 11:18:54 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/05/08 11:11:36 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2007/05/03 10:47:05 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\suppdll.dll
[2007/05/03 10:47:05 | 00,035,363 | ---- | C] () -- C:\WINDOWS\System32\windrvNT.sys
[2007/03/08 15:02:03 | 00,000,080 | ---- | C] () -- C:\WINDOWS\avgagent.ini
[2006/09/29 12:42:33 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/09/06 11:04:19 | 00,000,479 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/06/10 02:46:23 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/10 01:46:48 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2006/06/09 21:59:09 | 00,001,345 | ---- | C] () -- C:\WINDOWS\LMAAT2DD.ini
[2005/09/29 11:50:24 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/29 15:16:12 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/08/07 14:19:16 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 14:12:40 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 14:03:10 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/07 06:53:36 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/06/01 10:39:56 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/15 22:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 17:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== Files - Modified Within 30 Days ==========
[1 C:\*.tmp files]
[5 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/09/26 18:32:50 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vince\Desktop\OTL.exe
[2009/09/26 18:26:00 | 00,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-719119060-2452408960-2207782838-1006UA.job
[2009/09/26 18:04:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/26 18:04:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/26 13:57:00 | 00,069,192 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Vince\Desktop\GooredFix.exe
[2009/09/26 11:35:42 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\Vince\Desktop\HijackThis.lnk
[2009/09/25 20:38:40 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/25 20:37:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/25 20:37:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/25 20:37:44 | 00,061,472 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/09/24 22:26:00 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-719119060-2452408960-2207782838-1006Core.job
[2009/09/24 18:17:23 | 00,757,780 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/24 18:17:23 | 00,284,986 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/24 18:17:23 | 00,002,858 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/24 18:11:40 | 01,930,896 | -H-- | M] () -- C:\Documents and Settings\Vince\Local Settings\Application Data\IconCache.db
[2009/09/23 21:27:10 | 00,016,803 | ---- | M] () -- C:\WINDOWS\avgagent.dmp
[2009/09/22 20:52:36 | 00,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/09/22 20:52:35 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/09/22 20:52:34 | 00,132,296 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/09/22 20:52:34 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/09/22 20:28:54 | 00,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2009/09/20 20:58:05 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Vince\Desktop\Camden Markets.doc
[2009/09/19 09:57:57 | 00,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mp3tag.lnk
[2009/09/14 20:42:08 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/10 19:46:21 | 00,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MediaMonkey.lnk
[2009/09/10 19:45:07 | 07,574,760 | ---- | M] (Ventis Media Inc. ) -- C:\Documents and Settings\Vince\Desktop\MediaMonkey_3.1.1.1261.exe
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/04 00:33:12 | 46,274,280 | ---- | M] () -- C:\Documents and Settings\Vince\Desktop\one 2.wav
[2009/09/04 00:21:14 | 46,274,280 | ---- | M] () -- C:\Documents and Settings\Vince\Desktop\one.wav
[2009/09/03 20:31:53 | 00,051,200 | ---- | M] () -- C:\Documents and Settings\Vince\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/02 23:12:19 | 00,001,561 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Inspector File Recovery.lnk
[2009/09/02 23:11:22 | 06,113,439 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\Vince\Desktop\pci_filerecovery.exe
[2009/08/30 10:28:48 | 00,172,032 | ---- | M] () -- C:\Documents and Settings\Vince\Desktop\25 10_08_09 SUAS INVOICE - normal file size.doc
[2009/08/30 10:03:20 | 00,172,032 | ---- | M] () -- C:\Documents and Settings\Vince\Desktop\25 10_08_09 SUAS INVOICE.doc
[2009/08/28 22:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
========== LOP Check ==========
[2009/09/22 20:34:59 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/07/23 21:54:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/12/22 11:54:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/03/24 12:17:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2007/07/25 16:45:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GRETECH
[2007/05/17 19:40:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2005/09/29 11:22:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/01/22 11:00:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbsPlus
[2009/09/24 19:07:01 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Vince\Application Data
[2008/12/22 13:14:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\Auslogics
[2009/03/24 12:16:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\AVS4YOU
[2009/09/24 19:35:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\FileZilla
[2008/05/13 09:37:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\GMoveProject
[2008/03/05 16:05:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\GRETECH
[2008/05/08 18:10:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\InterVideo
[2009/05/27 15:20:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\Kingston
[2008/09/25 16:10:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\KompoZer
[2008/03/28 10:44:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\Leadertech
[2009/09/19 10:00:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\Mp3tag
[2009/07/18 21:28:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\TeamViewer
[2009/01/22 11:00:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\ThumbsPlus
[2009/05/27 16:00:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\U3
[2008/05/13 17:22:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\VoipCheapCom
[2004/08/04 09:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/26 18:04:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/09/26 18:04:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/09/24 22:26:00 | 00,000,926 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-719119060-2452408960-2207782838-1006Core.job
[2009/09/26 18:26:00 | 00,000,978 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-719119060-2452408960-2207782838-1006UA.job
[2009/09/25 20:37:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
< End of report >0 -
OTL Extras logfile created on: 26/09/2009 18:36:13 - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Vince\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
1015.36 Mb Total Physical Memory | 635.22 Mb Available Physical Memory | 62.56% Memory free
1.40 Gb Paging File | 1.13 Gb Available in Paging File | 80.85% Paging File free
Paging file location(s): C:\pagefile.sys 512 512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 20.72 Gb Free Space | 37.08% Space Free | Partition Type: NTFS
Drive | 119.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SUASLAPTOP4
Current User Name: Vince
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] --
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Lock folder with Folder Lock] -- C:\Program Files\Folder Lock\Folder Lock.exe %1 (NewSoftwares.net Inc.)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"6150:TCP" = 6150:TCP:*:Enabled:avgagent.exe
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"9090:TCP" = 9090:TCP:*:Enabled:TINYPROXY
"53:TCP" = 53:TCP:*:Enabled:TINYPROXY
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:McAfee Managed Services Agent -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\LMabcoms.exe" = C:\WINDOWS\system32\LMabcoms.exe:*:Enabled:Lexmark Enhanced TCP/IP -- (Lexmark International, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\avgagent.exe" = C:\WINDOWS\avgagent.exe:*:Enabled:avgagent.exe -- (GRISOFT, s.r.o.)
"C:\Program Files\VoipCheapCom\VoipCheapCom.exe" = C:\Program Files\VoipCheapCom\VoipCheapCom.exe:*:Enabled:VoipCheapCom -- (VoipCheapCom)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\tinyproxy\tinyproxy.exe" = C:\Program Files\tinyproxy\tinyproxy.exe:*:Enabled:TINYPROXY -- File not found
"C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe" = C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe:*:Enabled:SonicWALL Global VPN Client -- (SonicWALL, Inc.)
"C:\WINDOWS\system32\lxdxcoms.exe" = C:\WINDOWS\system32\lxdxcoms.exe:*:Enabled:3600-4600 Series Server -- ( )
"C:\WINDOWS\system32\lxdxcfg.exe" = C:\WINDOWS\system32\lxdxcfg.exe:*:Enabled:Printer Communication System -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe" = C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe" = C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Vince\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Vince\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Vince\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Vince\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Vodafone 3G Broadband Modem
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 B2
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}" = SonicWALL Global VPN Client
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{913B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{BBC783B7-8725-3B1C-B49A-BA7F09391251}" = Google Talk Plugin
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 A2
"{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1" = AusLogics Registry Defrag
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F17FE8C5-193F-48B6-8EE2-BE8CCEE3E6FB}" = SonicWALL Global VPN Client
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Audacity_is1" = Audacity 1.2.6
"AVS Audio Editor_is1" = AVS Audio Editor version 4.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"CCleaner" = CCleaner (remove only)
"COMODO Internet Security" = COMODO Internet Security
"FileZilla Client" = FileZilla Client 3.2.6.1
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller
"Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series
"Lexmark_HostCD" = Lexmark Software Uninstall
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"Mp3tag" = Mp3tag v2.44
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"Skype_is1" = Skype 2.5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 4" = TeamViewer 4
"ThumbsPlus7" = ThumbsPlus version 7 SP2
"VoipCheapCom_is1" = VoipCheapCom
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22/09/2009 15:38:51 | Computer Name = SUASLAPTOP4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 22/09/2009 15:38:53 | Computer Name = SUASLAPTOP4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 22/09/2009 15:38:53 | Computer Name = SUASLAPTOP4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 22/09/2009 15:39:12 | Computer Name = SUASLAPTOP4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.
Error - 22/09/2009 15:39:18 | Computer Name = SUASLAPTOP4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 23/09/2009 14:35:31 | Computer Name = SUASLAPTOP4 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8307.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 23/09/2009 16:32:22 | Computer Name = SUASLAPTOP4 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.
Error - 23/09/2009 16:32:22 | Computer Name = SUASLAPTOP4 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.
Error - 24/09/2009 13:17:20 | Computer Name = SUASLAPTOP4 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.
Error - 24/09/2009 13:17:20 | Computer Name = SUASLAPTOP4 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.
[ System Events ]
Error - 24/09/2009 13:13:24 | Computer Name = SUASLAPTOP4 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ClntMgmt.sys
Error - 25/09/2009 15:38:22 | Computer Name = SUASLAPTOP4 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdxCATSCustConnectService
service to connect.
Error - 25/09/2009 15:38:22 | Computer Name = SUASLAPTOP4 | Source = Service Control Manager | ID = 7000
Description = The lxdxCATSCustConnectService service failed to start due to the
following error: %%1053
Error - 25/09/2009 15:38:31 | Computer Name = SUASLAPTOP4 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ClntMgmt.sys
Error - 26/09/2009 05:47:02 | Computer Name = SUASLAPTOP4 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 26/09/2009 05:47:02 | Computer Name = SUASLAPTOP4 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 26/09/2009 05:47:04 | Computer Name = SUASLAPTOP4 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 26/09/2009 05:47:04 | Computer Name = SUASLAPTOP4 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 26/09/2009 05:47:17 | Computer Name = SUASLAPTOP4 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 26/09/2009 05:47:17 | Computer Name = SUASLAPTOP4 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
< End of report >0 -
Advertisement
-
hi
Run OTL- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL O33 - MountPoints2\{19f01605-16a5-11dd-a15f-006073e7c56b}\Shell\Open(&O)\command - "" = RECYCLED\appmgmt.exe O33 - MountPoints2\{2ee519a2-f3fe-11dc-a140-006073e7c56b}\Shell - "" = AutoRun O33 - MountPoints2\{2ee519a2-f3fe-11dc-a140-006073e7c56b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2ee519a2-f3fe-11dc-a140-006073e7c56b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{2ee519a3-f3fe-11dc-a140-006073e7c56b}\Shell\AutoRun\command - "" = F:\SYSTEM\S-3-7-89-2225458569-9856321456-454423558-8896\explorer.exe -- File not found O33 - MountPoints2\{2ee519a3-f3fe-11dc-a140-006073e7c56b}\Shell\open\command - "" = F:\SYSTEM\S-3-7-89-2225458569-9856321456-454423558-8896\explorer.exe -- File not found O33 - MountPoints2\{4e021106-3142-11dd-a172-006073e7c56b}\Shell - "" = AutoRun O33 - MountPoints2\{4e021106-3142-11dd-a172-006073e7c56b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4e021106-3142-11dd-a172-006073e7c56b}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{b4f8a066-3140-11dd-a171-006073e7c56b}\Shell - "" = AutoRun O33 - MountPoints2\{b4f8a066-3140-11dd-a171-006073e7c56b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b4f8a066-3140-11dd-a171-006073e7c56b}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{badcc8c7-ef1a-11db-a068-006073e7c56b}\Shell - "" = AutoRun O33 - MountPoints2\{badcc8c7-ef1a-11db-a068-006073e7c56b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{badcc8c7-ef1a-11db-a068-006073e7c56b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{cba10048-bad1-11dd-a20b-006073ed7d28}\Shell - "" = AutoRun O33 - MountPoints2\{cba10048-bad1-11dd-a20b-006073ed7d28}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{dbf550d2-f3f7-11dc-a13f-006073e7c56b}\Shell - "" = AutoRun O33 - MountPoints2\{dbf550d2-f3f7-11dc-a13f-006073e7c56b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{dbf550d2-f3f7-11dc-a13f-006073e7c56b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found [2009/09/26 13:58:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Vince\Desktop\GooredFix Backups [2009/09/26 13:57:00 | 00,069,192 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Vince\Desktop\GooredFix.exe :Services :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\tinyproxy\tinyproxy.exe"=- :Files :Commands [purity] [emptytemp] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.0 - Under the Custom Scans/Fixes box at the bottom, paste in the following
-
Just food for thought. Comodo makes a good firewall, BUT the AV included is severly lacking.0
-
@ASJ Thanks for this. I haven't been able to get to the computer until now and I'm just going through the instructions now, cheers.Just food for thought. Comodo makes a good firewall, BUT the AV included is severly lacking.
Good to know, thanks. Maybe I'll just use their firewall and install a different A/V after this process.
Perhaps the problem I'm having is with the Comodo A/V after all and there might not be an infection.
I really appreciate the help with investigating it though.
So far, I've followed the OTL instructions in the post above and on reboot there was a problem in that the laptop could no longer connect to the wireless network. Even though it appears to be connected, when I try to browse it says 'resolving host....' and then can't connect. Works fine when plugged into the router with a cable though.
I'll continue with the instructions and report back with the log and on the above issue.
cheers0 -
Combofix log:
ComboFix 09-09-28.01 - Vince 29/09/2009 22:28.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1015.536 [GMT 1:00]
Running from: c:\documents and settings\Vince\Desktop\ComboFix.exe
AV: COMODO Antivirus *On-access scanning enabled* (Outdated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1708537768-602609370-725345543-500
c:\recycler\S-1-5-21-2904479229-2175686988-744735450-500
c:\windows\Installer\1bdb1b7.msp
c:\windows\Installer\WinRMSrv.msi
.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.
2009-09-29 20:53 . 2009-09-29 20:53
d
w- C:\_OTL
2009-09-26 20:36 . 2009-09-26 20:36
d
w- c:\program files\IrfanView
2009-09-26 10:35 . 2009-09-26 10:35
d
w- c:\program files\Trend Micro
2009-09-24 18:07 . 2009-09-28 12:01
d
w- c:\documents and settings\Vince\Application Data\FileZilla
2009-09-22 19:36 . 2009-09-29 20:55 61472 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-09-22 19:27 . 2009-09-22 19:37
d
w- c:\documents and settings\All Users\Application Data\Comodo
2009-09-22 19:27 . 2009-09-22 19:52 179792 ----a-w- c:\windows\system32\guard32.dll
2009-09-22 19:27 . 2009-09-22 19:52 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-09-22 19:27 . 2009-09-22 19:52 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-09-22 19:27 . 2009-09-22 19:52 132296 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-09-22 19:27 . 2009-09-22 19:27
d
w- c:\program files\COMODO
2009-09-22 19:18 . 2009-09-22 19:18
d
w- c:\documents and settings\Vince\Application Data\AVG8
2009-09-19 12:32 . 2009-09-22 19:52
d
w- c:\documents and settings\Vince\Application Data\Skype
2009-09-19 08:58 . 2009-09-19 09:00
d
w- c:\documents and settings\Vince\Application Data\Mp3tag
2009-09-19 08:57 . 2009-09-19 08:57
d
w- c:\program files\Mp3tag
2009-09-10 18:46 . 2009-09-19 21:02
d
w- c:\documents and settings\Vince\Local Settings\Application Data\MediaMonkey
2009-09-10 18:46 . 2009-09-10 18:46
d
w- c:\program files\MediaMonkey
2009-09-10 18:45 . 2009-06-21 21:44 153088
w- c:\windows\system32\dllcache\triedit.dll
2009-09-02 22:12 . 2009-09-02 22:12
d
w- c:\program files\PC Inspector File Recovery
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-19 13:23 . 2008-02-21 18:06
d
w- c:\program files\Picasa2
2009-09-19 12:31 . 2008-05-12 11:26
d
w- c:\program files\VoipCheapCom
2009-09-19 11:16 . 2008-12-08 11:57
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-09-14 20:37 . 2009-04-06 12:21
d
w- c:\program files\Microsoft Silverlight
2009-09-10 13:54 . 2008-12-08 11:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2008-12-08 11:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-02 22:12 . 2005-09-29 10:30
d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 09:01 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2004-08-04 08:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 11:16 . 2009-07-23 20:51 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-09 11:16 . 2009-07-23 20:51 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-07-03 17:09 . 2004-08-04 08:00 915456 ----a-w- c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"Google Update"="c:\documents and settings\Vince\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-13 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-11-03 680616]
"EzPrint"="c:\program files\Lexmark 3600-4600 Series\ezprint.exe" [2008-11-03 107176]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-09-22 1799952]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-08-24 88363]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"btwdins"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LMabcoms.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\avgagent.exe"=
"c:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe"=
"c:\\WINDOWS\\system32\\lxdxcoms.exe"=
"c:\\WINDOWS\\system32\\lxdxcfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Vince\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Vince\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6150:TCP"= 6150:TCP:avgagent.exe
"9090:TCP"= 9090:TCP:TINYPROXY
"53:TCP"= 53:TCP:TINYPROXY
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [22/09/2009 20:27 132296]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [22/09/2009 20:27 25160]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [10/02/2009 18:39 91136]
R2 avgagent;AVG7 Remote Support Service (AvgAgent);avgagent.exe /srvfsys --> avgagent.exe [?]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [10/06/2006 01:46 80384]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [10/02/2009 18:38 23180]
S2 AVG7 Remote Support Service (AvgAgent) (avgagent) ;AVG7 Remote Support Service (AvgAgent) (avgagent) ;c:\program files\tinyproxy\tinyproxy.exe --> c:\program files\tinyproxy\tinyproxy.exe [?]
S2 gupdate1c99b36e1394b5c;Google Update Service (gupdate1c99b36e1394b5c);c:\program files\Google\Update\GoogleUpdate.exe [02/03/2009 14:00 133104]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [25/05/2009 22:22 98984]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 13:00]
2009-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 13:00]
2009-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-719119060-2452408960-2207782838-1006Core.job
- c:\documents and settings\Vince\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-13 21:21]
2009-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-719119060-2452408960-2207782838-1006UA.job
- c:\documents and settings\Vince\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-13 21:21]
.
.
Supplementary Scan
.
uStart Page = hxxp://sites.google.com/a/suas.ie/suas-internal-webpage/
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: CEBdc - hxxps://www.boi-bol.com/jsp/payments/dcApplet.cab
DPF: CEBdep - hxxps://www.boi-bol.com/jsp/payments/dcDependencies.cab
DPF: KCrypto for Applets - hxxps://www.ros.ie/applets/kcrypto.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Vince\Application Data\Mozilla\Firefox\Profiles\lqkxtkxe.default\
FF - prefs.js: browser.startup.homepage - hxxp://sites.google.com/a/suas.ie/suas-internal-webpage/
FF - plugin: c:\documents and settings\Vince\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Vince\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 22:33
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(1576)
c:\windows\system32\guard32.dll
- - - - - - - > 'lsass.exe'(1632)
c:\windows\system32\guard32.dll
.
Completion time: 2009-09-29 22:35
ComboFix-quarantined-files.txt 2009-09-29 21:35
Pre-Run: 24,032,546,816 bytes free
Post-Run: 23,983,435,776 bytes free
173 --- E O F --- 2009-09-14 19:450 -
looking good
I'd try re-install Comodo
Download TFC to your desktop- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Go to Kaspersky website and perform an online antivirus scan.- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Archives
Mail databases
[*]Once the scan is complete, it will display the results. Click on View Scan Report.
[*]You will see a list of infected items there. Click on Save Report As....
[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.0 -
Advertisement
Advertisement