View Full Version : Possible infection
Hello, my pc is acting unusual latelly, but avast!, immunet, winpatrol, malwarebytes or zonealarm detect nothing.
Even fences.exe (program for desktop arrangement is giving me errors).
I posted a thread on a couple suspicious infections a while ago, but it was closed due to the fact I posted a hijackthis log instead of dds.
I would be very thankful If anyone could look threw these logs.
Link to my old post about infections:
http://forums.spybot.info/showthread.php?t=59476
DDS (Ver_10-11-27.01) - NTFSx86
Run by Administrator at 14:51:11,56 on 2010.12.02.
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1257.371.1033.18.510.134 [GMT 2:00]
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Immunet Protect *On-access scanning enabled* (Updated) {F1220F1F-7E2E-48CD-846D-B98C6F85CD37}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Immunet Protect\2.0.17\agent.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Immunet Protect\2.0.17\iptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\AnVir Task Manager Free\AnVir.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE4\OPWARESE4.EXE
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.lv/
uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: TLFind Class: {8692fed1-9267-4624-96b9-3b94946a0524} - c:\program files\tildes birojs 2002\TLFindAddIn.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [AnVir Task Manager Free] "c:\program files\anvir task manager free\AnVir.exe" Minimized
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\WinPatrol.exe -expressboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Immunet Protect] "c:\program files\immunet protect\2.0.17\iptray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\admini~1\startm~1\programs\access~1\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: &Tulkot ar Tildes Datorvārdnīcu - c:\program files\tildes birojs 2002\TDVLauncher.DLL /201
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {11FD30F4-F186-4ebe-A384-E22965FDEC7A} - {8692FED1-9267-4624-96B9-3B94946A0524} - c:\program files\tildes birojs 2002\TLFindAddIn.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265051472109
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\y4ldzwwt.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\y4ldzwwt.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\y4ldzwwt.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\y4ldzwwt.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Extension: LatvieÅu valodas pareizrakstÄ«bas vÄrdnÄ«ca: lv-LV@dictionaries.addons.mozilla.org - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\y4ldzwwt.default\extensions\lv-LV@dictionaries.addons.mozilla.org
FF - Extension: KeyScrambler: keyscrambler@qfx.software.corporation - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\y4ldzwwt.default\extensions\keyscrambler@qfx.software.corporation
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\y4ldzwwt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\y4ldzwwt.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Extension: Read It Later: isreaditlater@ideashower.com - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\y4ldzwwt.default\extensions\isreaditlater@ideashower.com
FF - Extension: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\y4ldzwwt.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Extension: PitchDark: {c1dffba0-628e-11d9-9669-0800200c9a66} - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\y4ldzwwt.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
FF - Extension: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\y4ldzwwt.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Extension: Compact Menu 2: {57068FBE-1506-42ee-AB02-BD183E7999E4} - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\y4ldzwwt.default\extensions\{57068FBE-1506-42ee-AB02-BD183E7999E4}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-15 165584]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\drivers\ImmunetSelfProtect.sys [2010-11-1 31184]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-12-8 528128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-15 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-15 40384]
R2 ImmunetProtect;Immunet Protect;c:\program files\immunet protect\2.0.17\agent.exe [2010-11-1 756680]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-6-15 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-6-15 493032]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2009-11-5 88176]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-15 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-15 40384]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-11-9 114952]
S3 Application Updater;Application Updater;"c:\program files\application updater\applicationupdater.exe" --> c:\program files\application updater\ApplicationUpdater.exe [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-5 136704]
S3 TipCtrl;TipCtrl;c:\program files\utipu\TipCtrl.exe [2009-2-3 314504]
=============== Created Last 30 ================
2010-11-30 09:05:57 -------- d-----w- C:\own_files
2010-11-13 13:31:10 -------- d-----w- c:\program files\AquaSnap
2010-11-10 17:04:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\InstallMate
2010-11-08 14:35:58 28552 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2010-11-08 14:35:58 28040 ----a-w- c:\windows\system32\mdimon.dll
2010-11-08 14:30:32 -------- d-----w- c:\program files\common files\L&H
2010-11-08 14:29:36 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-11-06 09:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 09:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
==================== Find3M ====================
2010-09-18 09:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 02:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
============= FINISH: 14:54:55,07 ===============
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Sorry for the delay but the forums are very busy, but I am linked to you now.
Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double click GMER.exe.
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
Hello,
no problems with the delay, I can understand that people have other things to do.
I ran the gmer tool you gave a link to before, but I had to power down my pc, because it crashed on file:
C:\WINDOWS\System32\Drivers\aswFsBlk.SYS
I'm sure I did everything as you told before:
unselected IAT/EAT;
I have no other drives than "C:\" so that not the problem;
"Show all" box was already unselected.
And now my pc is slower than usually, I tried system restore- that didn't fix it.
That file is part of Avast, you needed to shut down all Anti Virus programs prior to running GMER. GMER is just a scanner, it does not remove anything, reboot your system and things should be ok.
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
I disabled all antivirus software (left on only zonealarm and allowed to program run) as you told, but the GMER tool still crashed at the same file.
Ran ATF cleaner and OLT as requested
OLT.txt file had to be split to fit.
OTL logfile created on: 2010.12.07. 22:29:01 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000426 | Country: Latvia | Language: LVI | Date Format: yyyy.MM.dd.
510,00 Mb Total Physical Memory | 163,00 Mb Available Physical Memory | 32,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 19,50 Gb Free Space | 52,35% Space Free | Partition Type: NTFS
Computer Name: IBM-NETVISTA | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Immunet Protect\2.0.17\iptray.exe (Immunet)
PRC - C:\Program Files\Immunet Protect\2.0.17\agent.exe (Immunet Corporation)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Program Files\AnVir Task Manager Free\AnVir.exe (AnVir Software)
PRC - C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Panda Security)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions (TM))
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\Program Files\AnVir Task Manager Free\AnvirHook631.dll (AnVir Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)
MOD - C:\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll (Nuance Communications, Inc.)
MOD - C:\WINDOWS\Resources\Themes\Zune\zune.msstyles (Microsoft)
========== Win32 Services (SafeList) ==========
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe File not found
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (scan) -- C:\Program Files\Immunet Protect\tetra\scan.dll (Immunet)
SRV - (ImmunetProtect) -- C:\Program Files\Immunet Protect\2.0.17\agent.exe (Immunet Corporation)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (TipCtrl) -- C:\Program Files\uTIPu\TipCtrl.exe (Utipu inc.)
========== Driver Services (SafeList) ==========
DRV - (ImmunetSelfProtectDriver) -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (Trufos) -- c:\Program Files\Immunet Protect\tetra\trufos.sys ()
DRV - (Profos) -- c:\Program Files\Immunet Protect\tetra\profos.sys ()
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (KeyScrambler) -- C:\WINDOWS\system32\drivers\keyscrambler.sys (QFX Software Corporation)
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.lv/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.7.1.0
FF - prefs.js..extensions.enabledItems: lv-LV@dictionaries.addons.mozilla.org:0.9.3
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.7
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: {57068FBE-1506-42ee-AB02-BD183E7999E4}:4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.6.3
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.11.19 23:14:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010.11.13 12:59:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.12.01 21:41:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.28 18:17:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.21 21:13:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.09.01 17:53:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2009.10.05 09:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010.12.06 21:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions
[2010.09.27 06:20:48 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.10.05 17:25:21 | 000,000,000 | ---D | M] (Compact Menu 2) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\{57068FBE-1506-42ee-AB02-BD183E7999E4}
[2010.11.27 20:54:32 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.04.16 07:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\{989e9382-d540-4189-88d1-fc54a949a387}
[2010.11.12 15:33:22 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010.11.04 07:05:41 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.11 06:27:13 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}(2)
[2010.02.19 14:40:07 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.04.16 07:11:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2010.11.18 08:11:30 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.04.06 21:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\CompactMenuCE@Merci.chao
[2010.04.06 21:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\isreaditlater@ideashower.com
[2010.11.28 18:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\keyscrambler@qfx.software.corporation
[2010.09.17 06:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\lv-LV@dictionaries.addons.mozilla.org
[2010.02.18 16:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\Office2007Black@JBBS
[2010.02.18 16:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\redshift_V2@shift-themes.com
[2010.04.16 07:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\zigboom@hotmail.com
[2010.02.10 12:46:13 | 000,007,689 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\searchplugins\jixey.xml
[2010.12.06 21:59:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.09.02 15:11:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.02 16:58:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010.08.05 09:35:36 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (TLFind Class) - {8692FED1-9267-4624-96B9-3B94946A0524} - C:\Program Files\Tildes Birojs 2002\TLFindAddIn.dll ()
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found.
O2 - BHO: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Immunet Protect] C:\Program Files\Immunet Protect\2.0.17\iptray.exe (Immunet)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AnVir Task Manager Free] C:\Program Files\AnVir Task Manager Free\AnVir.exe (AnVir Software)
O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions (TM))
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Tulkot ar Tildes Datorvārdnīcu - C:\Program Files\Tildes Birojs 2002\TDVLauncher.DLL ()
O9 - Extra Button: Tildes Meklētājs - {11FD30F4-F186-4ebe-A384-E22965FDEC7A} - C:\Program Files\Tildes Birojs 2002\TLFindAddIn.dll ()
O9 - Extra 'Tools' menuitem : Tildes &Meklētājs - {11FD30F4-F186-4ebe-A384-E22965FDEC7A} - C:\Program Files\Tildes Birojs 2002\TLFindAddIn.dll ()
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265051472109 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.29 11:31:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.12.07 22:09:33 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010.12.07 22:06:55 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2010.12.03 15:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2010.12.02 19:34:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010.12.02 19:30:19 | 002,963,664 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup301.exe
[2010.12.02 19:01:07 | 001,841,456 | ---- | C] (IObit ) -- C:\Documents and Settings\Administrator\Desktop\defragsetup.exe
[2010.12.02 15:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\diagnostics
[2010.12.02 14:48:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.12.02 14:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.12.02 14:47:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\prog
[2010.11.30 11:05:57 | 000,000,000 | ---D | C] -- C:\own_files
[2010.11.26 16:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\makslas_stils
[2010.11.26 16:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\zpd
[2010.11.13 15:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\AquaSnap
[2010.11.10 19:06:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\pazera
[2010.11.10 19:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010.11.08 16:35:58 | 000,028,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
[2010.11.08 16:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2010.11.08 16:29:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010.11.08 16:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.11.08 16:27:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010.11.08 16:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010.11.08 16:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.11.08 16:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010.11.08 16:22:20 | 000,000,000 | RH-D | C] -- C:\MSOCache
========== Files - Modified Within 30 Days ==========
[2010.12.07 22:24:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.12.07 22:23:45 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\PandaUSBVaccine.job
[2010.12.07 22:22:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.12.07 22:12:59 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\www_analize3.doc
[2010.12.07 22:09:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010.12.07 22:06:55 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2010.12.07 22:01:06 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\www_analize2.doc
[2010.12.07 21:13:15 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010.12.07 16:21:20 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010.12.07 15:43:42 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010.12.06 20:26:47 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\www_analize.doc
[2010.12.06 16:00:52 | 000,015,529 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\msg.JPG
[2010.12.03 16:04:16 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.12.02 22:49:20 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010.12.02 19:30:29 | 002,963,664 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup301.exe
[2010.12.02 19:01:13 | 001,841,456 | ---- | M] (IObit ) -- C:\Documents and Settings\Administrator\Desktop\defragsetup.exe
[2010.12.02 14:48:10 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Startup\ERUNT AutoBackup.lnk
[2010.12.02 14:47:48 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.11.29 16:44:59 | 000,059,904 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.28 10:27:01 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Funkciju_izmantoshana_Uzd2.doc
[2010.11.26 07:44:09 | 001,524,095 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Untitled-Scanned-01.jpg
[2010.11.25 22:11:35 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\funkcijas_if_case.doc
[2010.11.24 20:10:14 | 002,239,670 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Untitled-Scanned-02.jpg
[2010.11.24 18:16:16 | 000,060,416 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Funkciju_izmantoshana_Uzd.doc
[2010.11.24 17:56:38 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rgb.doc
[2010.11.21 21:17:33 | 000,607,162 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\untitled.JPG
[2010.11.16 20:03:52 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\zpd.doc
[2010.11.14 18:26:31 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\izmantota_lit.xls
[2010.11.12 16:30:39 | 000,461,864 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.11.12 16:30:39 | 000,078,192 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.11.11 14:41:50 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Forms.doc
[2010.11.09 22:26:17 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\kalkulators.doc
[2010.11.09 18:10:40 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\~$ogramesana.doc
[2010.11.08 18:47:50 | 000,342,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.11.08 16:36:22 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010.11.08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
========== Files Created - No Company Name ==========
[2010.12.07 22:14:31 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2010.12.07 22:12:58 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\www_analize3.doc
[2010.12.07 15:43:38 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010.12.06 23:31:14 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\www_analize2.doc
[2010.12.06 19:31:43 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\www_analize.doc
[2010.12.06 16:00:52 | 000,015,529 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\msg.JPG
[2010.12.03 16:04:16 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.12.02 19:02:57 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010.12.02 14:48:10 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Startup\ERUNT AutoBackup.lnk
[2010.12.02 14:47:48 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010.11.26 16:33:23 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Funkciju_izmantoshana_Uzd2.doc
[2010.11.25 16:39:51 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\funkcijas_if_case.doc
[2010.11.25 08:34:38 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Forms.doc
[2010.11.24 20:10:10 | 002,239,670 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Untitled-Scanned-02.jpg
[2010.11.24 20:10:01 | 001,524,095 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Untitled-Scanned-01.jpg
[2010.11.24 17:54:02 | 000,060,416 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Funkciju_izmantoshana_Uzd.doc
[2010.11.21 21:17:33 | 000,607,162 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\untitled.JPG
[2010.11.17 18:32:07 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rgb.doc
[2010.11.13 14:34:14 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\izmantota_lit.xls
[2010.11.13 14:32:58 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\zpd.doc
[2010.11.09 18:10:40 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\~$ogramesana.doc
[2010.11.08 18:17:00 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\kalkulators.doc
[2010.11.08 16:36:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.03.28 16:02:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\flag.ini
[2010.01.26 16:14:28 | 000,000,178 | ---- | C] () -- C:\WINDOWS\EQ3D.ini
[2010.01.25 15:42:47 | 000,119,296 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2010.01.25 15:42:47 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2010.01.25 15:42:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dxinputdll.dll
[2009.12.21 22:36:46 | 000,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2009.11.23 15:51:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\settings.ini
[2009.11.23 15:50:44 | 000,000,060 | ---- | C] () -- C:\WINDOWS\excel5.ini
[2009.11.18 16:39:15 | 000,000,207 | ---- | C] () -- C:\WINDOWS\youtube2mp3.ini
[2009.11.16 19:09:35 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\syoepk_lib0.dll
[2009.10.22 16:29:24 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009.10.19 13:43:26 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009.10.04 16:48:29 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.02 12:50:35 | 000,168,208 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll1
[2009.09.29 14:21:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.09.29 11:51:58 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.09.29 11:51:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009.09.29 11:51:56 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.09.29 11:51:56 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.09.29 11:51:55 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.09.29 11:51:52 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.02.05 12:28:20 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\setup.txt
[2007.09.27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007.09.27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007.09.27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005.02.05 22:46:00 | 000,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
[2004.09.16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004.09.16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2003.01.07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2009.10.19 13:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
[2010.01.25 17:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CBS Interactive
[2010.08.31 19:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CheckPoint
[2009.10.12 16:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\COWON
[2010.10.14 19:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2010.02.18 19:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IcoFX
[2010.09.10 11:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Immunet
[2010.01.10 11:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2010.01.25 15:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\KALiNKOsoft
[2009.11.11 16:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Laconic Software
[2010.02.05 16:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2010.09.22 20:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++
[2009.09.29 12:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2010.12.03 15:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2009.10.19 13:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft
[2009.12.08 20:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Stardock
[2009.11.11 18:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2009.12.03 17:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010.02.02 08:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010.02.02 08:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2010.09.29 15:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol
[2010.02.16 17:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009.10.19 13:38:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010.02.18 18:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IconTweaker
[2009.12.18 16:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010.11.10 19:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2009.12.18 16:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010.02.05 16:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010.04.12 12:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010.02.05 15:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009.10.19 13:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010.01.23 21:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010.02.04 19:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.10.28 12:21:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
[2010.12.07 22:23:45 | 000,000,510 | ---- | M] () -- C:\WINDOWS\Tasks\PandaUSBVaccine.job
[2010.12.07 21:13:15 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 128 bytes -> C:\WINDOWS\System32\zlib.dll:�SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\WINDOWS\System32\zlib.dll:�DocumentSummaryInformation
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTL Extras logfile created on: 2010.12.07. 22:29:01 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000426 | Country: Latvia | Language: LVI | Date Format: yyyy.MM.dd.
510,00 Mb Total Physical Memory | 163,00 Mb Available Physical Memory | 32,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 19,50 Gb Free Space | 52,35% Space Free | Partition Type: NTFS
Computer Name: IBM-NETVISTA | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004098A1-0362-4C42-A1C3-CAD436CFF4A1}" = YouTube Downloader Toolbar v1.0
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series" = Canon MP140 series
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{4876620D-206A-49CD-932B-9BFBED83D55D}" = Latvian (Apostrofs v0.3; komats)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{4CE6B3C4-D8E2-4A5D-BEF5-5B69AF843B0C}" = PC Connectivity Solution
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7784A172-61F1-445E-8368-601607E0DD22}" = MP3 Player Utilities 3.70
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AAA8CA88-8A22-43D1-867F-ABD7944C9815}" = Intel(R) Network Connections 14.3.0.0
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C6194F20-5684-4D79-9F60-3F132C4F2880}" = AquaSnap
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D88C3E7C-1DA6-4AD7-97FC-75BC8705B266}" = runtime
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E32B4F2B-5CED-45F1-8B94-55394553F1F0}" = Tildes Birojs 2002
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"1-Click YouTube Downloader_is1" = 1-Click YouTube Downloader 4.0
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnVir Task Manager Free" = AnVir Task Manager Free
"avast5" = avast! Free Antivirus
"Canon MP140 series User Registration" = Canon MP140 series User Registration
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Easy-LayoutPrint" = Canon Utilities Easy-LayoutPrint
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ERUNT_is1" = ERUNT 1.1j
"Fences" = Fences
"Free Fire Screensaver" = Free Fire Screensaver
"HijackThis" = HijackThis 2.0.2
"IcoFX_is1" = IcoFX 1.6.4
"IconTweaker" = IconTweaker
"ie8" = Windows Internet Explorer 8
"Immunet Protect" = Immunet Protect
"IrfanView" = IrfanView (remove only)
"KeyScrambler" = KeyScrambler
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.1.0
"Lossless JPEG Rotator_is1" = Lossless JPEG Rotator 1.01
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MP Navigator 3.1" = Canon MP Navigator 3.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"ObjectDock" = ObjectDock
"qt7lite_is1" = QT Lite 2.8.0
"Recuva" = Recuva
"Revo Uninstaller" = Revo Uninstaller 1.87
"SimCity 3000" = SimCity 3000
"Smart Defrag_is1" = Smart Defrag
"Speccy" = Speccy
"TipCam" = TipCam 2.2
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinPatrol" = WinPatrol
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"ZoneAlarm Pro" = ZoneAlarm Pro
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
"WinDirStat" = WinDirStat 1.1.2
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2010.11.01. 16:23:21 | Computer Name = IBM-NETVISTA | Source = Application Error | ID = 1001
Description = Fault bucket -2137488337.
Error - 2010.11.01. 16:23:54 | Computer Name = IBM-NETVISTA | Source = Application Error | ID = 1000
Description = Faulting application casetup32.exe, version 2.0.17.31, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x00011780.
Error - 2010.11.13. 13:40:45 | Computer Name = IBM-NETVISTA | Source = ESENT | ID = 490
Description = svchost (868) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).
Error - 2010.11.14. 12:04:05 | Computer Name = IBM-NETVISTA | Source = ESENT | ID = 490
Description = svchost (868) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).
Error - 2010.11.14. 12:04:06 | Computer Name = IBM-NETVISTA | Source = ESENT | ID = 439
Description = Catalog Database (868) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb. Error
-1032.
Error - 2010.11.14. 12:04:06 | Computer Name = IBM-NETVISTA | Source = ESENT | ID = 470
Description = Catalog Database (868) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
is partially attached. Attachment stage: 1. Error: -1032.
Error - 2010.11.14. 15:42:51 | Computer Name = IBM-NETVISTA | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.
Error - 2010.11.18. 12:45:38 | Computer Name = IBM-NETVISTA | Source = Application Hang | ID = 1002
Description = Hanging application MDICTION.DEX, version 2.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 2010.11.18. 12:46:30 | Computer Name = IBM-NETVISTA | Source = Application Hang | ID = 1001
Description = Fault bucket 16633019.
Error - 2010.11.22. 1:12:54 | Computer Name = IBM-NETVISTA | Source = ESENT | ID = 490
Description = svchost (924) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).
[ System Events ]
Error - 2010.11.29. 9:35:53 | Computer Name = IBM-NETVISTA | Source = DCOM | ID = 10010
Description = The server {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} did not register
with DCOM within the required timeout.
Error - 2010.11.30. 9:07:13 | Computer Name = IBM-NETVISTA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.
Error - 2010.11.30. 9:07:19 | Computer Name = IBM-NETVISTA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.
Error - 2010.12.01. 9:19:42 | Computer Name = IBM-NETVISTA | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the McAfee SiteAdvisor Service service.
Error - 2010.12.07. 9:46:53 | Computer Name = IBM-NETVISTA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
Error - 2010.12.07. 9:46:56 | Computer Name = IBM-NETVISTA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
Error - 2010.12.07. 9:47:03 | Computer Name = IBM-NETVISTA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
Error - 2010.12.07. 9:47:05 | Computer Name = IBM-NETVISTA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
Error - 2010.12.07. 9:47:14 | Computer Name = IBM-NETVISTA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
Error - 2010.12.07. 9:47:14 | Computer Name = IBM-NETVISTA | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
< End of report >
One more question- was the hosts file suppose to look like that?
I dont know what that was all about so I deleted it. Any other scans we run, anything like that comes up DO NOT POST IT.
Run Malwarebytes and post the log
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5270
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2010.12.08. 17:58:47
mbam-log-2010-12-08 (17-58-47).txt
Scan type: Full scan (A:\|C:\|D:\|)
Objects scanned: 171335
Time elapsed: 1 hour(s), 5 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
---
This PC is still slower than usual (especially on startup) after running the gmer tool, and it has been several reboots and shutdowns since then.
Also I had a look at the original hosts file (didn't even think of modifying anything):
http://www.bildites.lv/images/d1tay72dmrba2l2ahof0.jpg
I remembered that when I had spybot s&d installed on this pc, it had something to do with modifying the hosts file. But spybot s&d is uninstalled for a while now.
Spybot just adds bad sites to block on the hosts file, but you would have had to do that yourself. I dont need to see your hosts file.
You should not have two antivirus programs running, this will slow down your system, your call but you need to uninstall one of them
Immunet Protect
Avast5
These also may be slowing down your system
AnVir.exe
Panda USB Vaccine
GMER would have not damaged your system, its just a scanner, it does not remove anything. You may have a rootkit infection but hard to tell since I cant see the report.
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
The two programms aren't both antivirus programms- Immunet Protect is a additional type of program more like an antispyware, from all the articles I've read. it should not interfere with avast.
AnVir and Panda USB Vaccine have been running on this pc for nearly a year, so I'm sure enough none of those programs is causing this.
I know that gmer is a scanner, but I cannot think of anything else that might have caused this performance loss- I didn't install or run anything else new this week.
I'll have to be away for a few days, so I'll scan and post the eset log on monday, I hope it's not a problem.
That will be fine, I will keep this thread open for you.
Another option is to do a System Restore to restore your computer prior to running GMER
http://support.microsoft.com/kb/306084
Well I did a scan with eset- It didn't find anything...
And System Restore was the first thing I tried when noticed this performance loss.
Also I had a look at the CPU usage percentage, it seems like about 5-70% CPU is missing somewhere from time to time.
It can be clearly seen in Anvir readings:
http://www.bildites.lv/images/nrpqih11w1e5osph21r.jpg
I had a look in the task manager too, to make sure this isn't a Anvir glitch, and I saw the same readings.
I am not seeing anything bad in the scans, try this one and see if it finds anything in the form of a rootkit
Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
Extract the file and run it.
Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)
Please post the content of the TDSSKiller log
2010/12/11 17:52:25.0625 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/11 17:52:25.0625 ================================================================================
2010/12/11 17:52:25.0625 SystemInfo:
2010/12/11 17:52:25.0625
2010/12/11 17:52:25.0625 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/11 17:52:25.0625 Product type: Workstation
2010/12/11 17:52:25.0625 ComputerName: IBM-NETVISTA
2010/12/11 17:52:25.0625 UserName: Administrator
2010/12/11 17:52:25.0625 Windows directory: C:\WINDOWS
2010/12/11 17:52:25.0625 System windows directory: C:\WINDOWS
2010/12/11 17:52:25.0625 Processor architecture: Intel x86
2010/12/11 17:52:25.0625 Number of processors: 1
2010/12/11 17:52:25.0625 Page size: 0x1000
2010/12/11 17:52:25.0625 Boot type: Normal boot
2010/12/11 17:52:25.0625 ================================================================================
2010/12/11 17:52:27.0515 Initialize success
2010/12/11 17:52:37.0484 ================================================================================
2010/12/11 17:52:37.0484 Scan started
2010/12/11 17:52:37.0484 Mode: Manual;
2010/12/11 17:52:37.0484 ================================================================================
2010/12/11 17:52:38.0703 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/12/11 17:52:39.0796 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/11 17:52:40.0296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/11 17:52:40.0953 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/12/11 17:52:41.0406 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/11 17:52:41.0906 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/11 17:52:44.0578 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/12/11 17:52:45.0015 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/12/11 17:52:45.0562 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/12/11 17:52:46.0046 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/12/11 17:52:46.0562 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/12/11 17:52:46.0921 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/11 17:52:47.0312 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/11 17:52:47.0937 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/11 17:52:48.0359 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/11 17:52:48.0812 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/11 17:52:49.0156 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/11 17:52:49.0812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/11 17:52:50.0171 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/11 17:52:50.0609 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/11 17:52:52.0593 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/11 17:52:53.0312 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/11 17:52:54.0093 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/11 17:52:54.0484 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/11 17:52:55.0015 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/11 17:52:55.0765 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/11 17:52:56.0171 E1000 (c42009e37e377ae55968768e521e05c3) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2010/12/11 17:52:56.0609 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2010/12/11 17:52:57.0062 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/11 17:52:57.0500 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/11 17:52:57.0937 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/11 17:52:58.0468 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/11 17:52:58.0890 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/11 17:52:59.0359 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/11 17:52:59.0703 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/11 17:53:00.0265 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/11 17:53:00.0687 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/11 17:53:01.0421 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/11 17:53:02.0578 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/11 17:53:03.0406 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/12/11 17:53:04.0125 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/11 17:53:04.0625 ImmunetSelfProtectDriver (ab1fa3bf16c3ed39388ca8d77ad03774) C:\WINDOWS\system32\DRIVERS\ImmunetSelfProtect.sys
2010/12/11 17:53:05.0546 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/11 17:53:06.0359 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/11 17:53:06.0843 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/11 17:53:07.0265 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/11 17:53:07.0687 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/11 17:53:08.0078 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/11 17:53:08.0687 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/11 17:53:09.0187 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/11 17:53:09.0734 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/11 17:53:09.0906 ISWKL (f2804916d52acb5e9141aa731fb01765) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2010/12/11 17:53:10.0328 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/11 17:53:10.0734 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/11 17:53:11.0093 KeyScrambler (75c3aca076eba5a676e3552085545f21) C:\WINDOWS\system32\drivers\keyscrambler.sys
2010/12/11 17:53:11.0906 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/11 17:53:12.0515 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/11 17:53:13.0453 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/11 17:53:13.0937 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/11 17:53:14.0437 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/11 17:53:14.0875 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/11 17:53:15.0406 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/11 17:53:16.0156 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/11 17:53:16.0953 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/11 17:53:17.0671 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/11 17:53:18.0125 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/11 17:53:18.0500 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/11 17:53:18.0921 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/11 17:53:19.0312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/11 17:53:19.0843 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/11 17:53:20.0359 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/11 17:53:20.0859 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/11 17:53:21.0218 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/11 17:53:21.0765 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/11 17:53:22.0203 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/11 17:53:22.0625 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/11 17:53:23.0125 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/11 17:53:24.0218 nmwcd (357ddb51e03cae598c096d95497373d0) C:\WINDOWS\system32\drivers\ccdcmb.sys
2010/12/11 17:53:24.0718 nmwcdc (7cd443f9d36c80e152fadb274089577a) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010/12/11 17:53:25.0125 nmwcdnsu (02120406f27f5895dfce4c640e6ee237) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2010/12/11 17:53:25.0546 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/11 17:53:26.0437 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/11 17:53:27.0046 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/11 17:53:27.0328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/11 17:53:27.0671 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/11 17:53:28.0203 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/11 17:53:28.0593 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/11 17:53:28.0968 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/11 17:53:29.0265 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/12/11 17:53:29.0625 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/11 17:53:30.0250 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/12/11 17:53:30.0593 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/11 17:53:32.0906 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/11 17:53:33.0093 Profos (1bfe86c679a43994e36e623fb6898cdb) c:\program files\immunet protect\tetra\profos.sys
2010/12/11 17:53:33.0437 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/11 17:53:33.0796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/11 17:53:34.0203 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/11 17:53:36.0015 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/11 17:53:36.0375 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/11 17:53:36.0765 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/11 17:53:37.0281 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/11 17:53:37.0734 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/11 17:53:38.0187 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/11 17:53:38.0640 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/11 17:53:39.0171 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/11 17:53:39.0703 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/11 17:53:40.0203 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/11 17:53:40.0531 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/11 17:53:40.0875 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/11 17:53:41.0265 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/11 17:53:42.0218 smwdm (9b8aeed0dc8198efb83d06baf2fab2e2) C:\WINDOWS\system32\drivers\smwdm.sys
2010/12/11 17:53:43.0046 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/11 17:53:43.0453 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/11 17:53:43.0937 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/11 17:53:44.0625 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/11 17:53:44.0968 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/11 17:53:46.0562 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/11 17:53:47.0218 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/11 17:53:47.0687 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/11 17:53:48.0062 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/11 17:53:48.0390 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/11 17:53:49.0156 Trufos (2d81f753af1093877572d8a0b680f924) c:\program files\immunet protect\tetra\trufos.sys
2010/12/11 17:53:49.0562 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/11 17:53:50.0390 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/11 17:53:50.0968 upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2010/12/11 17:53:51.0406 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/11 17:53:51.0734 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/11 17:53:52.0109 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/11 17:53:52.0453 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/11 17:53:52.0796 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/11 17:53:53.0203 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2010/12/11 17:53:53.0578 UsbserFilt (5c17e6a11aa8be53f79fd364ba19f0ce) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2010/12/11 17:53:53.0937 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/11 17:53:54.0265 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/11 17:53:54.0593 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/11 17:53:55.0203 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/11 17:53:55.0812 vsdatant (7f10c6c385a03f40b07d682bfaa07e2f) C:\WINDOWS\system32\vsdatant.sys
2010/12/11 17:53:56.0562 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/11 17:53:57.0281 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/12/11 17:53:58.0171 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/11 17:53:58.0703 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/11 17:53:59.0171 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/11 17:53:59.0546 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/11 17:54:00.0000 ================================================================================
2010/12/11 17:54:00.0000 Scan finished
2010/12/11 17:54:00.0000 ================================================================================
again in found nothing...
I have no idea where my CPU percentage is despairing,
could this be the fault of a partial hardware failure?
Well, lets run one more program. You mentioned in your original post about TDSS and the last scan did not find it but I am concerned about Sality.
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
I am a little worried about running combofix, so just in case can I get some information about this restore boot mode?
When you run Combofix it will check to see if there is a recovery console installed and if there is not it will prompt you to install it, its a good idea to do so.
If your infected with Sality than there is no fix, but lets see what CF finds and removes
I tried to run combofix, but shut it down because several odd things occurred-
1) programms pev.exe, PEV.cfxxe, iexplore.exe crashed down several times (microsoft error report messages appeared)
2) this pc started beeping on combofix messages, i think it's called a bios signal or something like that
3) I was sure that I shout down avast and immunet, but combofix gave me warnings that they are both on...
tell me what to do- run combofix again and ignore everything or something else?
p.s. what do you think about this?
http://free.avg.com/us-en/win32-sality
is it worth scanning?
Sality and Virut are in the same family, they are unrepairable
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html
But running that AVG program may show if its present. Go ahead and run it and post the log and if no sality than we will work to get CF running
Kaspersky may show if its present also, run both scanners
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply .
AVG found nothing...
I tried to scan with kaspersky, after it failed to start I had a look in the homepage as was written in the warning message and found the following info:
"Kaspersky Online Scanner
The current Kaspersky Online Scanner is unavailable - we apologize for the inconvenience."
The link worked for me, are you using Internet Explorer ?
Here is another link
http://www.kaspersky.com/kos/eng/partner/default/pages/default/check.html?n=1292161006881
I'm using Firefox.
No, the link works- the program installs and seems to download the definitions, but the fails to start. Afterward gives a prompt to close the window and re-open the application from Kaspersky home page.
Have a look in the Kaspersky homepage:
http://www.kaspersky.com/virusscanner
Lee,
We're between a rock and hard place. Trying to determine if your issues are hardware, windows or malware related. So far i am not seeing any malware except what you posted in your original post. Its kind of hard to determine whats going on when you cant run any of the scans I ask for.
Just as a precaution, run this program.
Please download Flash_Disinfector.exe (http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe) by sUBs and save it to your desktop:
Double-click Flash_Disinfector.exe to run it.
Follow any prompts that may appear.
Wait until the program has finished scanning, then please exit the program.
The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.
Please restart your computer.
Then lets give Combofix another try
Use CTRL. ALT. DEL to get to task manager and end task on the following
findstr
sed
grep.
nircmd.exe
nircmd.cfexe
swsc.cfexe
* .. or any other process that has the .cfexe extension except for CFxxx.cfexe
If ComboFix is still 'hung', then kill process on CFxxx.cfexe as well and then retry running it again
well... I did as you wrote and still no successful results.
I managed to get combofix to run till installing microsoft recovery console (got it installed), afer that the program started to continue (prompt said scan for malware) and got stuck after displaying in the program window:
"T was unexpected at this time."
And I had the same problem with immunet- I am sure It was both disabled and shut down, I didn't even find a immunet process in the task manager, but combofix still alarmed that it is running.
Try this Lee
Now physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.
Go to http://www.techsupportforum.com/sectools/tetonbob/StartBtn.gif -> Run -> copy/paste in the following single line command & click OK
"%userprofile%\desktop\combofix.exe" /killall
http://www.techsupportforum.com/sectools/tetonbob/killall.JPG
Click OK and this will start ComboFix in a special way.
When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply along with a fresh HJT log.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
* After you have saved the logs, restart your system to re-enable all the programs that were disabled during the running of ComboFix.
* Reconnect to the internet
* Post the following logs/Reports:
ComboFix.txt
same again, but this time It didn't alarm me about any anti-viruses running.
still got stuck on the same line:
http://www.bildites.lv/images/o96ztpnzwbvdo5g1e5e.jpg
Lee,
Have you tried running it in Safemode.
To Enter Safemode
Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)
If still a no go, drag Combofix to the trash and download a fresh copy but rename it like this.
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif
http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
I booted into safe mode with networking by using msconfig and tried to run combo-fix file,
but it got stuck on loading (even earlier than in normal mode).
Lee,
Drag CF to the trash and grab a fresh copy, rename it prior to downloading it.
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif
http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Then try to run it and if still wont run then do this and give it another try.
Open NOTEPAD.exe and copy/paste the text in the codebox below:
(don't forget to copy and paste REGEDIT4)
REGEDIT4
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Eventlog]
"Start"=dword:00000004
Save this as fix.reg Choose to "Save type as - All Files"
Double click on fix.reg & allow it to merge into the registry
Reboot the machine once this is done and run combofix again.
did everything as was said in the instructions,
but got same message as in post #41
http://forums.spybot.info/showpost.php?p=391005&postcount=41
Something on your system is preventing CF from running.
Please download rkill (Courtesy of Bleepingcomputer.com).
There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
Note: You only need to get one of the tools to run, not all of them.
1. rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
2. rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
3. rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
4. WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
5. uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)
Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.
Run rkill repeatedly until it's able to do it's job. This may take a few tries.
You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.
Then try CF again, if it still wont run then another option is to completely uninstall both this programs
avast!, immunet
can rkill run while antiviruses are enabled?
Wouldn't hurt to disable them
I ran 2 of those rkill programms (antiviruses disabled and unluged internet cable), seemed to work, but combofix still gets stuck.
On monday I'll uninstall avast and immunet and will try again.
P.S. Log from rkill (while the program was running there was messages about some programms that can't be shout down, or requested downtime to be terminated in a unusual way, I don't remember exactly):
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 010.12.16. at 20:22:51.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
Rkill completed on 010.12.16. at 20:23:08.
OK Lee,
Lets see what uninstalling both those programs will do.
I haven't tried uninstalling antiviruses yet- I will a little later.
But I found a old bootable antivirus disc and tried to run it-
It is BitDefender Knoppix (Linux based)
and again It crashes...
I have no idea how is it possible that even this tool crashes :confused:
Well, lets wait until you uninstall those Security programs and run Combofix, if there is something serious malwarewise CF may fix it , if it finds nothing than it may be hardware or windows related.
After trying to scan with Bitdefender I'm sure enough that it is hardware related.
Thank you for all you help, but looks like I'm going to have to take this PC to a mechanic.
Thanks again and happy holidays!
Lee
OK Lee, thanks for letting me know.
Ken :)