Possible infection

[_Lee_]

Hello, my pc is acting unusual latelly, but avast!, immunet, winpatrol, malwarebytes or zonealarm detect nothing.
Even fences.exe (program for desktop arrangement is giving me errors).
I posted a thread on a couple suspicious infections a while ago, but it was closed due to the fact I posted a hijackthis log instead of dds.

I would be very thankful If anyone could look threw these logs.

Link to my old post about infections:
http://forums.spybot.info/showthread.php?t=59476



DDS (Ver_10-11-27.01) - NTFSx86
Run by Administrator at 14:51:11,56 on 2010.12.02.
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1257.371.1033.18.510.134 [GMT 2:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Immunet Protect *On-access scanning enabled* (Updated) {F1220F1F-7E2E-48CD-846D-B98C6F85CD37}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Immunet Protect\2.0.17\agent.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Immunet Protect\2.0.17\iptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\AnVir Task Manager Free\AnVir.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE4\OPWARESE4.EXE
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.lv/
uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: TLFind Class: {8692fed1-9267-4624-96b9-3b94946a0524} - c:\program files\tildes birojs 2002\TLFindAddIn.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [AnVir Task Manager Free] "c:\program files\anvir task manager free\AnVir.exe" Minimized
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\WinPatrol.exe -expressboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Immunet Protect] "c:\program files\immunet protect\2.0.17\iptray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\admini~1\startm~1\programs\access~1\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: &Tulkot ar Tildes Datorvārdnīcu - c:\program files\tildes birojs 2002\TDVLauncher.DLL /201
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {11FD30F4-F186-4ebe-A384-E22965FDEC7A} - {8692FED1-9267-4624-96B9-3B94946A0524} - c:\program files\tildes birojs 2002\TLFindAddIn.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265051472109
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\y4ldzwwt.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\y4ldzwwt.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\y4ldzwwt.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\y4ldzwwt.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Extension: LatvieÅu valodas pareizrakstÄ«bas vārdnÄ«ca: lv-LV@dictionaries.addons.mozilla.org - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\y4ldzwwt.default\extensions\lv-LV@dictionaries.addons.mozilla.org
FF - Extension: KeyScrambler: keyscrambler@qfx.software.corporation - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\y4ldzwwt.default\extensions\keyscrambler@qfx.software.corporation
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\y4ldzwwt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\y4ldzwwt.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Extension: Read It Later: isreaditlater@ideashower.com - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\y4ldzwwt.default\extensions\isreaditlater@ideashower.com
FF - Extension: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\y4ldzwwt.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Extension: PitchDark: {c1dffba0-628e-11d9-9669-0800200c9a66} - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\y4ldzwwt.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
FF - Extension: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\y4ldzwwt.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Extension: Compact Menu 2: {57068FBE-1506-42ee-AB02-BD183E7999E4} - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\y4ldzwwt.default\extensions\{57068FBE-1506-42ee-AB02-BD183E7999E4}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-15 165584]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\drivers\ImmunetSelfProtect.sys [2010-11-1 31184]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-12-8 528128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-15 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-15 40384]
R2 ImmunetProtect;Immunet Protect;c:\program files\immunet protect\2.0.17\agent.exe [2010-11-1 756680]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-6-15 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-6-15 493032]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2009-11-5 88176]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-15 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-15 40384]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-11-9 114952]
S3 Application Updater;Application Updater;"c:\program files\application updater\applicationupdater.exe" --> c:\program files\application updater\ApplicationUpdater.exe [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-5 136704]
S3 TipCtrl;TipCtrl;c:\program files\utipu\TipCtrl.exe [2009-2-3 314504]

=============== Created Last 30 ================

2010-11-30 09:05:57 -------- d-----w- C:\own_files
2010-11-13 13:31:10 -------- d-----w- c:\program files\AquaSnap
2010-11-10 17:04:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\InstallMate
2010-11-08 14:35:58 28552 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2010-11-08 14:35:58 28040 ----a-w- c:\windows\system32\mdimon.dll
2010-11-08 14:30:32 -------- d-----w- c:\program files\common files\L&H
2010-11-08 14:29:36 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-11-06 09:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 09:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2010-09-18 09:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 02:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr

============= FINISH: 14:54:55,07 ===============

 

[ken545]

:snwelcome:


Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


Sorry for the delay but the forums are very busy, but I am linked to you now.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click GMER.exe.
  
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    
    Click the image to enlarge it
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

 

[_Lee_]

Hello,
no problems with the delay, I can understand that people have other things to do.

I ran the gmer tool you gave a link to before, but I had to power down my pc, because it crashed on file:
C:\WINDOWS\System32\Drivers\aswFsBlk.SYS

I'm sure I did everything as you told before:

• 
  unselected IAT/EAT;
  I have no other drives than "C:\" so that not the problem;
  "Show all" box was already unselected.

And now my pc is slower than usually, I tried system restore- that didn't fix it.

 

[ken545]

That file is part of Avast, you needed to shut down all Anti Virus programs prior to running GMER. GMER is just a scanner, it does not remove anything, reboot your system and things should be ok.

Please download ATF Cleaner by Atribune to your desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.




Please download Malwarebytes from Here or Here

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
  
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

 

[_Lee_]

I disabled all antivirus software (left on only zonealarm and allowed to program run) as you told, but the GMER tool still crashed at the same file.
Ran ATF cleaner and OLT as requested
OLT.txt file had to be split to fit.

 

[_Lee_]

OLT.txt 1

OTL logfile created on: 2010.12.07. 22:29:01 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000426 | Country: Latvia | Language: LVI | Date Format: yyyy.MM.dd.

510,00 Mb Total Physical Memory | 163,00 Mb Available Physical Memory | 32,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 19,50 Gb Free Space | 52,35% Space Free | Partition Type: NTFS

Computer Name: IBM-NETVISTA | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Immunet Protect\2.0.17\iptray.exe (Immunet)
PRC - C:\Program Files\Immunet Protect\2.0.17\agent.exe (Immunet Corporation)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Program Files\AnVir Task Manager Free\AnVir.exe (AnVir Software)
PRC - C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Panda Security)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions (TM))


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\Program Files\AnVir Task Manager Free\AnvirHook631.dll (AnVir Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)
MOD - C:\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll (Nuance Communications, Inc.)
MOD - C:\WINDOWS\Resources\Themes\Zune\zune.msstyles (Microsoft)


========== Win32 Services (SafeList) ==========

SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe File not found
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (scan) -- C:\Program Files\Immunet Protect\tetra\scan.dll (Immunet)
SRV - (ImmunetProtect) -- C:\Program Files\Immunet Protect\2.0.17\agent.exe (Immunet Corporation)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (TipCtrl) -- C:\Program Files\uTIPu\TipCtrl.exe (Utipu inc.)


========== Driver Services (SafeList) ==========

DRV - (ImmunetSelfProtectDriver) -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (Trufos) -- c:\Program Files\Immunet Protect\tetra\trufos.sys ()
DRV - (Profos) -- c:\Program Files\Immunet Protect\tetra\profos.sys ()
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (KeyScrambler) -- C:\WINDOWS\system32\drivers\keyscrambler.sys (QFX Software Corporation)
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.lv/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.7.1.0
FF - prefs.js..extensions.enabledItems: lv-LV@dictionaries.addons.mozilla.org:0.9.3
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.7
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: {57068FBE-1506-42ee-AB02-BD183E7999E4}:4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.6.3
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.11.19 23:14:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010.11.13 12:59:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.12.01 21:41:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.28 18:17:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.21 21:13:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.09.01 17:53:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009.10.05 09:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010.12.06 21:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions
[2010.09.27 06:20:48 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.10.05 17:25:21 | 000,000,000 | ---D | M] (Compact Menu 2) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\{57068FBE-1506-42ee-AB02-BD183E7999E4}
[2010.11.27 20:54:32 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.04.16 07:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\{989e9382-d540-4189-88d1-fc54a949a387}
[2010.11.12 15:33:22 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010.11.04 07:05:41 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.11 06:27:13 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}(2)
[2010.02.19 14:40:07 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.04.16 07:11:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2010.11.18 08:11:30 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.04.06 21:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\CompactMenuCE@Merci.chao
[2010.04.06 21:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\isreaditlater@ideashower.com
[2010.11.28 18:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\keyscrambler@qfx.software.corporation
[2010.09.17 06:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\lv-LV@dictionaries.addons.mozilla.org
[2010.02.18 16:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\Office2007Black@JBBS
[2010.02.18 16:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\redshift_V2@shift-themes.com
[2010.04.16 07:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\extensions\zigboom@hotmail.com
[2010.02.10 12:46:13 | 000,007,689 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y4ldzwwt.default\searchplugins\jixey.xml
[2010.12.06 21:59:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.09.02 15:11:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.02 16:58:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010.08.05 09:35:36 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

 

[_Lee_]

OLT.txt 2

Deleted

 

[_Lee_]

OLT.txt 3

Deleted

 

[_Lee_]

OLT.txt 4

Deleted

 

[_Lee_]

OLT.txt 5

Deleted

 

[_Lee_]

OLT.txt 6

Deleted

 

[_Lee_]

OLT.txt 7

Deleted

 

[_Lee_]

OLT.txt 8

Deleted

 

[_Lee_]

OLT.txt 9

Deleted

 

[_Lee_]

OLT.txt 10

Deleted

 

[_Lee_]

OLT.txt 11

O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (TLFind Class) - {8692FED1-9267-4624-96B9-3B94946A0524} - C:\Program Files\Tildes Birojs 2002\TLFindAddIn.dll ()
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found.
O2 - BHO: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Immunet Protect] C:\Program Files\Immunet Protect\2.0.17\iptray.exe (Immunet)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AnVir Task Manager Free] C:\Program Files\AnVir Task Manager Free\AnVir.exe (AnVir Software)
O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions (TM))
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Tulkot ar Tildes Datorvārdnīcu - C:\Program Files\Tildes Birojs 2002\TDVLauncher.DLL ()
O9 - Extra Button: Tildes Meklētājs - {11FD30F4-F186-4ebe-A384-E22965FDEC7A} - C:\Program Files\Tildes Birojs 2002\TLFindAddIn.dll ()
O9 - Extra 'Tools' menuitem : Tildes &Meklētājs - {11FD30F4-F186-4ebe-A384-E22965FDEC7A} - C:\Program Files\Tildes Birojs 2002\TLFindAddIn.dll ()
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1265051472109 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.29 11:31:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.12.07 22:09:33 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010.12.07 22:06:55 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2010.12.03 15:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2010.12.02 19:34:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010.12.02 19:30:19 | 002,963,664 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup301.exe
[2010.12.02 19:01:07 | 001,841,456 | ---- | C] (IObit ) -- C:\Documents and Settings\Administrator\Desktop\defragsetup.exe
[2010.12.02 15:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\diagnostics
[2010.12.02 14:48:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.12.02 14:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.12.02 14:47:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\prog
[2010.11.30 11:05:57 | 000,000,000 | ---D | C] -- C:\own_files
[2010.11.26 16:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\makslas_stils
[2010.11.26 16:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\zpd
[2010.11.13 15:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\AquaSnap
[2010.11.10 19:06:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\pazera
[2010.11.10 19:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010.11.08 16:35:58 | 000,028,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
[2010.11.08 16:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2010.11.08 16:29:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010.11.08 16:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.11.08 16:27:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010.11.08 16:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010.11.08 16:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.11.08 16:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010.11.08 16:22:20 | 000,000,000 | RH-D | C] -- C:\MSOCache

========== Files - Modified Within 30 Days ==========

[2010.12.07 22:24:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.12.07 22:23:45 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\PandaUSBVaccine.job
[2010.12.07 22:22:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.12.07 22:12:59 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\www_analize3.doc
[2010.12.07 22:09:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010.12.07 22:06:55 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2010.12.07 22:01:06 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\www_analize2.doc
[2010.12.07 21:13:15 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010.12.07 16:21:20 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010.12.07 15:43:42 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010.12.06 20:26:47 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\www_analize.doc
[2010.12.06 16:00:52 | 000,015,529 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\msg.JPG
[2010.12.03 16:04:16 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.12.02 22:49:20 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010.12.02 19:30:29 | 002,963,664 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup301.exe
[2010.12.02 19:01:13 | 001,841,456 | ---- | M] (IObit ) -- C:\Documents and Settings\Administrator\Desktop\defragsetup.exe
[2010.12.02 14:48:10 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Startup\ERUNT AutoBackup.lnk
[2010.12.02 14:47:48 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.11.29 16:44:59 | 000,059,904 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.28 10:27:01 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Funkciju_izmantoshana_Uzd2.doc
[2010.11.26 07:44:09 | 001,524,095 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Untitled-Scanned-01.jpg
[2010.11.25 22:11:35 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\funkcijas_if_case.doc
[2010.11.24 20:10:14 | 002,239,670 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Untitled-Scanned-02.jpg
[2010.11.24 18:16:16 | 000,060,416 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Funkciju_izmantoshana_Uzd.doc
[2010.11.24 17:56:38 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rgb.doc
[2010.11.21 21:17:33 | 000,607,162 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\untitled.JPG
[2010.11.16 20:03:52 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\zpd.doc
[2010.11.14 18:26:31 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\izmantota_lit.xls
[2010.11.12 16:30:39 | 000,461,864 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.11.12 16:30:39 | 000,078,192 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.11.11 14:41:50 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Forms.doc
[2010.11.09 22:26:17 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\kalkulators.doc
[2010.11.09 18:10:40 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\~$ogramesana.doc
[2010.11.08 18:47:50 | 000,342,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.11.08 16:36:22 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010.11.08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe

========== Files Created - No Company Name ==========

[2010.12.07 22:14:31 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2010.12.07 22:12:58 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\www_analize3.doc
[2010.12.07 15:43:38 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010.12.06 23:31:14 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\www_analize2.doc
[2010.12.06 19:31:43 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\www_analize.doc
[2010.12.06 16:00:52 | 000,015,529 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\msg.JPG
[2010.12.03 16:04:16 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.12.02 19:02:57 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010.12.02 14:48:10 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Startup\ERUNT AutoBackup.lnk
[2010.12.02 14:47:48 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010.11.26 16:33:23 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Funkciju_izmantoshana_Uzd2.doc
[2010.11.25 16:39:51 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\funkcijas_if_case.doc
[2010.11.25 08:34:38 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Forms.doc
[2010.11.24 20:10:10 | 002,239,670 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Untitled-Scanned-02.jpg
[2010.11.24 20:10:01 | 001,524,095 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Untitled-Scanned-01.jpg
[2010.11.24 17:54:02 | 000,060,416 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Funkciju_izmantoshana_Uzd.doc
[2010.11.21 21:17:33 | 000,607,162 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\untitled.JPG
[2010.11.17 18:32:07 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rgb.doc
[2010.11.13 14:34:14 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\izmantota_lit.xls
[2010.11.13 14:32:58 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\zpd.doc
[2010.11.09 18:10:40 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\~$ogramesana.doc
[2010.11.08 18:17:00 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\kalkulators.doc
[2010.11.08 16:36:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.03.28 16:02:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\flag.ini
[2010.01.26 16:14:28 | 000,000,178 | ---- | C] () -- C:\WINDOWS\EQ3D.ini
[2010.01.25 15:42:47 | 000,119,296 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2010.01.25 15:42:47 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2010.01.25 15:42:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dxinputdll.dll
[2009.12.21 22:36:46 | 000,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2009.11.23 15:51:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\settings.ini
[2009.11.23 15:50:44 | 000,000,060 | ---- | C] () -- C:\WINDOWS\excel5.ini
[2009.11.18 16:39:15 | 000,000,207 | ---- | C] () -- C:\WINDOWS\youtube2mp3.ini
[2009.11.16 19:09:35 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\syoepk_lib0.dll
[2009.10.22 16:29:24 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009.10.19 13:43:26 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009.10.04 16:48:29 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.02 12:50:35 | 000,168,208 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll1
[2009.09.29 14:21:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.09.29 11:51:58 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.09.29 11:51:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009.09.29 11:51:56 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.09.29 11:51:56 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.09.29 11:51:55 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.09.29 11:51:52 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.02.05 12:28:20 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\setup.txt
[2007.09.27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007.09.27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007.09.27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005.02.05 22:46:00 | 000,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
[2004.09.16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004.09.16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2003.01.07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009.10.19 13:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
[2010.01.25 17:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CBS Interactive
[2010.08.31 19:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CheckPoint
[2009.10.12 16:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\COWON
[2010.10.14 19:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2010.02.18 19:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IcoFX
[2010.09.10 11:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Immunet
[2010.01.10 11:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2010.01.25 15:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\KALiNKOsoft
[2009.11.11 16:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Laconic Software
[2010.02.05 16:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2010.09.22 20:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++
[2009.09.29 12:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2010.12.03 15:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2009.10.19 13:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft
[2009.12.08 20:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Stardock
[2009.11.11 18:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2009.12.03 17:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010.02.02 08:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010.02.02 08:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2010.09.29 15:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol
[2010.02.16 17:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009.10.19 13:38:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010.02.18 18:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IconTweaker
[2009.12.18 16:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010.11.10 19:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2009.12.18 16:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010.02.05 16:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010.04.12 12:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010.02.05 15:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009.10.19 13:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010.01.23 21:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010.02.04 19:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.10.28 12:21:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
[2010.12.07 22:23:45 | 000,000,510 | ---- | M] () -- C:\WINDOWS\Tasks\PandaUSBVaccine.job
[2010.12.07 21:13:15 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\WINDOWS\System32\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\WINDOWS\System32\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

< End of report >

 

[_Lee_]

Extras.txt

OTL Extras logfile created on: 2010.12.07. 22:29:01 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000426 | Country: Latvia | Language: LVI | Date Format: yyyy.MM.dd.

510,00 Mb Total Physical Memory | 163,00 Mb Available Physical Memory | 32,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 19,50 Gb Free Space | 52,35% Space Free | Partition Type: NTFS

Computer Name: IBM-NETVISTA | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004098A1-0362-4C42-A1C3-CAD436CFF4A1}" = YouTube Downloader Toolbar v1.0
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series" = Canon MP140 series
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{4876620D-206A-49CD-932B-9BFBED83D55D}" = Latvian (Apostrofs v0.3; komats)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{4CE6B3C4-D8E2-4A5D-BEF5-5B69AF843B0C}" = PC Connectivity Solution
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7784A172-61F1-445E-8368-601607E0DD22}" = MP3 Player Utilities 3.70
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AAA8CA88-8A22-43D1-867F-ABD7944C9815}" = Intel(R) Network Connections 14.3.0.0
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C6194F20-5684-4D79-9F60-3F132C4F2880}" = AquaSnap
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D88C3E7C-1DA6-4AD7-97FC-75BC8705B266}" = runtime
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E32B4F2B-5CED-45F1-8B94-55394553F1F0}" = Tildes Birojs 2002
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"1-Click YouTube Downloader_is1" = 1-Click YouTube Downloader 4.0
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnVir Task Manager Free" = AnVir Task Manager Free
"avast5" = avast! Free Antivirus
"Canon MP140 series User Registration" = Canon MP140 series User Registration
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Easy-LayoutPrint" = Canon Utilities Easy-LayoutPrint
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ERUNT_is1" = ERUNT 1.1j
"Fences" = Fences
"Free Fire Screensaver" = Free Fire Screensaver
"HijackThis" = HijackThis 2.0.2
"IcoFX_is1" = IcoFX 1.6.4
"IconTweaker" = IconTweaker
"ie8" = Windows Internet Explorer 8
"Immunet Protect" = Immunet Protect
"IrfanView" = IrfanView (remove only)
"KeyScrambler" = KeyScrambler
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.1.0
"Lossless JPEG Rotator_is1" = Lossless JPEG Rotator 1.01
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MP Navigator 3.1" = Canon MP Navigator 3.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"ObjectDock" = ObjectDock
"qt7lite_is1" = QT Lite 2.8.0
"Recuva" = Recuva
"Revo Uninstaller" = Revo Uninstaller 1.87
"SimCity 3000" = SimCity 3000
"Smart Defrag_is1" = Smart Defrag
"Speccy" = Speccy
"TipCam" = TipCam 2.2
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinPatrol" = WinPatrol
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"ZoneAlarm Pro" = ZoneAlarm Pro
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010.11.01. 16:23:21 | Computer Name = IBM-NETVISTA | Source = Application Error | ID = 1001
Description = Fault bucket -2137488337.

Error - 2010.11.01. 16:23:54 | Computer Name = IBM-NETVISTA | Source = Application Error | ID = 1000
Description = Faulting application casetup32.exe, version 2.0.17.31, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x00011780.

Error - 2010.11.13. 13:40:45 | Computer Name = IBM-NETVISTA | Source = ESENT | ID = 490
Description = svchost (868) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 2010.11.14. 12:04:05 | Computer Name = IBM-NETVISTA | Source = ESENT | ID = 490
Description = svchost (868) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 2010.11.14. 12:04:06 | Computer Name = IBM-NETVISTA | Source = ESENT | ID = 439
Description = Catalog Database (868) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb. Error
-1032.

Error - 2010.11.14. 12:04:06 | Computer Name = IBM-NETVISTA | Source = ESENT | ID = 470
Description = Catalog Database (868) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
is partially attached. Attachment stage: 1. Error: -1032.

Error - 2010.11.14. 15:42:51 | Computer Name = IBM-NETVISTA | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 2010.11.18. 12:45:38 | Computer Name = IBM-NETVISTA | Source = Application Hang | ID = 1002
Description = Hanging application MDICTION.DEX, version 2.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2010.11.18. 12:46:30 | Computer Name = IBM-NETVISTA | Source = Application Hang | ID = 1001
Description = Fault bucket 16633019.

Error - 2010.11.22. 1:12:54 | Computer Name = IBM-NETVISTA | Source = ESENT | ID = 490
Description = svchost (924) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

[ System Events ]
Error - 2010.11.29. 9:35:53 | Computer Name = IBM-NETVISTA | Source = DCOM | ID = 10010
Description = The server {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} did not register
with DCOM within the required timeout.

Error - 2010.11.30. 9:07:13 | Computer Name = IBM-NETVISTA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 2010.11.30. 9:07:19 | Computer Name = IBM-NETVISTA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 2010.12.01. 9:19:42 | Computer Name = IBM-NETVISTA | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the McAfee SiteAdvisor Service service.

Error - 2010.12.07. 9:46:53 | Computer Name = IBM-NETVISTA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2010.12.07. 9:46:56 | Computer Name = IBM-NETVISTA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2010.12.07. 9:47:03 | Computer Name = IBM-NETVISTA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2010.12.07. 9:47:05 | Computer Name = IBM-NETVISTA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2010.12.07. 9:47:14 | Computer Name = IBM-NETVISTA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2010.12.07. 9:47:14 | Computer Name = IBM-NETVISTA | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.


< End of report >

 

[_Lee_]

One more question- was the hosts file suppose to look like that?

 

[ken545]

I dont know what that was all about so I deleted it. Any other scans we run, anything like that comes up DO NOT POST IT.

Run Malwarebytes and post the log

 

[_Lee_]

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5270

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010.12.08. 17:58:47
mbam-log-2010-12-08 (17-58-47).txt

Scan type: Full scan (A:\|C:\|D:\|)
Objects scanned: 171335
Time elapsed: 1 hour(s), 5 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


---

This PC is still slower than usual (especially on startup) after running the gmer tool, and it has been several reboots and shutdowns since then.

Also I had a look at the original hosts file (didn't even think of modifying anything):