Solved generic host process for win32 has encountered a problem

deangmoxon · 2010/11/13

[Resolved] generic host process for win32 has encountered a problem

Old 2 Hours Ago #1
deangmoxon
Member

Profile:
Join Date: Nov 2010
Posts: 1
Computer Experience:
intermediate
deangmoxon Reputation Level

generic host process for win32 has encountered a problem
i think i have a virus but... i keep getting a window popping up that says generic host process for win 32 services has encountered a problem and needs to close.we are sorry for the inconvenience. i also get a blank google home page popping up also form time to time. i can ignore the "generic host process for win 32 services has encountered a problem" window but eventually another one will pop up( looking like safe mode) and the task bar will go grey and the sound will be disabled(it is disabled in the control panel under sounds and audio devices and cannot be changed unless the computer gets restarted.
it feels like a virus but i have run avg , malwarebytes and windows security essentials to no avail. anyone know what to do ??? i need the sound back at the very least and it is f-ing annoying!!!

PeteC · 2010/11/13

Please read this as indicated at the head of the forum and post the logs requested in this thread.

deangmoxon · 2010/11/13

sorry i dunno computers as well a alla you lot
what did i do wrong
i thot i posted in the right spot

broni · 2010/11/13

As Pete said, follow instructions from here: http://www.windowsbbs.com/malware-virus-removal/announcements.html

deangmoxon · 2010/11/15

the logs requested appear to be too large to send because when i try to send them(mbam gmer mbrcheck dds 1 & 2) windows says there is a problem loading the page
i followed the instructions but cannot send the logs . help

deangmoxon · 2010/11/15

request for malware logs

dean g moxon

show details 10:01 AM (2 hours ago)

Database version: 5120

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

11/15/2010 9:07:33 AM
mbam-log-2010-11-15 (09-07-33).txt

Scan type: Quick scan
Objects scanned: 129723
Time elapsed: 12 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Rootkit quick scan 2010-11-15 09:30:39
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0
IC25N030ATMR04-0 rev.MOAOAD0A
Running: stucgxh6.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pwtdqpog.sys

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0

sector 00 (MBR): rootkit-like behavior; TDL4
<-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0

sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0

sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0

sectors 58604864 (+255): rootkit-like
behavior;

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0

866F0292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1

866F0292
Device \Driver\atapi -> DriverStartIo
\Device\Ide\IdeDeviceP1T0L0-e
866F0292

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0

SynTP.sys (Synaptics Touchpad
Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1

SynTP.sys (Synaptics Touchpad
Driver/Synaptics, Inc.)

Device \Device\Ide\IdeDeviceP0T0L0-3 ->
\??\IDE#DiskIC25N030ATMR04-0________________________MOAOAD0A#5&5fd921d&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
device not found

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 120):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0x866DD000 \WINDOWS\system32\KDCOM.DLL
0xF7C43000 \WINDOWS\system32\BOOTVID.dll
0xF77E0000 ACPI.sys
0xF7D2F000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF77CF000 pci.sys
0xF782F000 isapnp.sys
0xF7C47000 compbatt.sys
0xF7C4B000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7D31000 intelide.sys
0xF7AAF000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF77B1000 pcmcia.sys
0xF783F000 MountMgr.sys
0xF7792000 ftdisk.sys
0xF7D33000 dmload.sys
0xF776C000 dmio.sys
0xF7AB7000 PartMgr.sys
0xF784F000 VolSnap.sys
0xF7754000 atapi.sys
0xF785F000 disk.sys
0xF786F000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7734000 fltmgr.sys
0xF7722000 sr.sys
0xF770B000 KSecDD.sys
0xF767E000 Ntfs.sys
0xF7651000 NDIS.sys
0xF7637000 Mup.sys
0xF787F000 agp440.sys
0xF79AF000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6FF4000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6FE0000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6F4B000 \SystemRoot\system32\DRIVERS\ltmdmnt.sys
0xF7B07000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6F2E000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF7B0F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6F0A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7B17000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF79BF000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7D0F000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7B1F000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF79CF000 \SystemRoot\system32\DRIVERS\smcirda.sys
0xF7D13000 \SystemRoot\system32\DRIVERS\irenum.sys
0xF6EF6000 \SystemRoot\system32\DRIVERS\parport.sys
0xF79DF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7B27000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6EC0000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7D4D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7B2F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79EF000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF79FF000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6E9D000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6E85000 \SystemRoot\system32\drivers\ac97intc.sys
0xF6E61000 \SystemRoot\system32\drivers\portcls.sys
0xF7A0F000 \SystemRoot\system32\drivers\drmk.sys
0xF7D1F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7F63000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7B77000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF7B7F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF716B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF75F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6BCC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF715B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF714B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF6BBB000 \SystemRoot\system32\DRIVERS\psched.sys
0xF713B000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7BC7000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7BCF000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF635D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF78BF000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7D77000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF62D7000 \SystemRoot\system32\DRIVERS\update.sys
0xF7CC7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF796F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF69BD000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA6ED000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF7DF1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB9302000 \SystemRoot\System32\Drivers\Null.SYS
0xF7DF3000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA718000 \SystemRoot\System32\drivers\vga.sys
0xF7DF5000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7D35000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA710000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7C27000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB92A7000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB8DDE000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB8D85000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB8D63000 \SystemRoot\System32\drivers\afd.sys
0xBA760000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB8D38000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB8CC8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA1E8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB4F91000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB5B42000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB5B32000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB4F79000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7D85000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB5A71000 \SystemRoot\System32\drivers\Dxapi.sys
0xB63B7000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xB9A96000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF04E000 \SystemRoot\System32\ati2cqag.dll
0xBF081000 \SystemRoot\System32\atikvmag.dll
0xBF0B4000 \SystemRoot\System32\ati3duag.dll
0xBF2F2000 \SystemRoot\System32\ativvaxx.dll
0xB2F63000 \SystemRoot\system32\DRIVERS\irda.sys
0xB2F3B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF1ADE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB2E1E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB2DE1000 \SystemRoot\system32\drivers\wdmaud.sys
0xB5AE2000 \SystemRoot\system32\drivers\sysaudio.sys
0xB50A0000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB2C5A000 \SystemRoot\System32\Drivers\HTTP.sys
0xB2B62000 \SystemRoot\system32\DRIVERS\srv.sys
0xB282A000 \??\C:\WINDOWS\system32\GTNDIS5.SYS
0xB262B000 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pwtdqpog.sys
0xB2597000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 33):
0 System Idle Process
4 System
624 C:\WINDOWS\system32\smss.exe
672 csrss.exe
696 C:\WINDOWS\system32\winlogon.exe
740 C:\WINDOWS\system32\services.exe
752 C:\WINDOWS\system32\lsass.exe
904 C:\WINDOWS\system32\ati2evxx.exe
920 C:\WINDOWS\system32\svchost.exe
1016 svchost.exe
1080 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1120 C:\WINDOWS\system32\svchost.exe
1348 svchost.exe
1396 svchost.exe
1504 C:\WINDOWS\system32\ati2evxx.exe
1648 C:\WINDOWS\system32\WLTRYSVC.EXE
1656 C:\WINDOWS\explorer.exe
1692 C:\WINDOWS\system32\BCMWLTRY.EXE
1816 C:\WINDOWS\system32\spoolsv.exe
1936 svchost.exe
128 C:\Program Files\Dynex Wireless Enhanced G NB Card -
DX-WGPNBC\WLService.exe
216 C:\Program Files\Dynex Wireless Enhanced G NB Card -
DX-WGPNBC\WLanCfgG.exe
372 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
400 C:\Program Files\Microsoft Security Essentials\msseces.exe
476 C:\Program Files\Registry Mechanic\RegMech.exe
560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
1052 alg.exe
872 C:\WINDOWS\system32\svchost.exe
3488 C:\Program Files\Mozilla Firefox\firefox.exe
3888 C:\Program Files\Mozilla Firefox\plugin-container.exe
3676 <unknown>
3200 C:\Documents and Settings\Administrator\My
Documents\Downloads\MBRCheck(2).exe
2232 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: IC25N030ATMR04-0, Rev: MOAOAD0A

Size Device Name MBR Status
--------------------------------------------
27 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

DDS (Ver_10-11-10.01) - NTFSx86
Run by Administrator at 9:47:37.06 on Mon 11/15/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.422
[GMT -8:00]

AV: Microsoft Security Essentials *On-access scanning enabled*
(Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Dynex Wireless Enhanced G NB Card - DX-WGPNBC\WLService.exe
C:\Program Files\Dynex Wireless Enhanced G NB Card - DX-WGPNBC\WLanCfgG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Local Settings\Application
Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/ig?hl=en
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} -
c:\program files\common
files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} -
c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f}
- c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} -
c:\program files\java\jre1.6.0_07\bin\ssv.dll
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [Google Update] "c:\documents and settings\administrator\local
settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search &
destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSSE] "c:\program files\microsoft security
essentials\msseces.exe" -hide -runkey
IE: &D&ownload &with BitComet - c:\program
files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program
files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program
files\bitcomet\BitComet.exe/AddAllLink.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program
files\bitcomet\tools\BitCometBHO_1.3.3.2.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program
files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program
files\java\jre1.6.0_07\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
{53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot -
search & destroy\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241402251354
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -
c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\in09o4tz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\documents and settings\administrator\application
data\mozilla\firefox\profiles\in09o4tz.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\administrator\application
data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\administrator\application
data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\administrator\local
settings\application
data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla
firefox\plugins\npclntax_ClickPotatoLiteSA.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js -
pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js -
pref( "network.IDN.whitelist.xn--fiqz9s ", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js -
pref( "network.IDN.whitelist.xn--fiqs8s ", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js -
pref( "network.IDN.whitelist.xn--j6w193g ", true);
c:\program files\mozilla firefox\greprefs\all.js -
pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js -
pref( "network.IDN.whitelist.xn--mgberp4a5d4a87g ", true);
c:\program files\mozilla firefox\greprefs\all.js -
pref( "network.IDN.whitelist.xn--mgbqly7c0a67fbc ", true);
c:\program files\mozilla firefox\greprefs\all.js -
pref( "network.IDN.whitelist.xn--mgbqly7cvafr ", true);
c:\program files\mozilla firefox\greprefs\all.js -
pref( "network.IDN.whitelist.xn--kpry57d ", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js -
pref( "network.IDN.whitelist.xn--kprw13d ", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection
Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 Dynex DX-WGPNBC WLService;Dynex Wireless Enhanced G NB Card -
DX-WGPNBC Service;c:\program files\dynex wireless enhanced g nb card -
dx-wgpnbc\WLService.exe [2009-5-3 49152]
S2 McAfeeFramework;McAfee Framework Service; "c:\program
files\mcafee\common framework\frameworkservice.exe" /servicestart -->
c:\program files\mcafee\common framework\FrameworkService.exe [?]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys -->
c:\windows\system32\drivers\npf.sys [?]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys
--> c:\windows\system32\drivers\AVGIDSShim.Sys [?]

=============== Created Last 30 ================

2010-11-15 17:40:05 6146896 ----a-w-
c:\docume~1\alluse~1\applic~1\microsoft\microsoft
antimalware\definition
updates\{44b74df0-2c59-435e-a3ea-dfd7c7334399}\mpengine.dll
2010-11-12 23:24:13 -------- d-----w- c:\program
files\Spybot - Search & Destroy
2010-11-12 23:24:13 -------- d-----w-
c:\docume~1\alluse~1\applic~1\Spybot
- Search & Destroy
2010-11-12 18:30:29 -------- d-----w- c:\program
files\Microsoft
Security Essentials
2010-11-11 18:34:27 -------- d--h--w- C:\$AVG
2010-11-11 18:01:44 -------- d-----w-
c:\docume~1\admini~1\applic~1\AVG10
2010-11-11 17:57:27 -------- d--h--w-
c:\docume~1\alluse~1\applic~1\Common Files
2010-11-11 17:54:20 -------- d-----w- c:\program files\AVG
2010-11-11 17:29:45 -------- d-----w-
c:\docume~1\alluse~1\applic~1\MFAData
2010-11-09 01:35:35 -------- d-----w- c:\windows\SxsCaPendDel
2010-11-02 03:22:58 -------- d-----w-
c:\windows\system32\appmgmt
2010-10-29 20:22:45 974848 -c----w-
c:\windows\system32\dllcache\mfc42.dll
2010-10-29 20:22:45 953856 -c----w-
c:\windows\system32\dllcache\mfc40u.dll
2010-10-29 20:22:21 617472 -c----w-
c:\windows\system32\dllcache\comctl32.dll
2010-10-29 20:17:05 -------- d-----w-
c:\docume~1\admini~1\locals~1\applic~1\Temp
2010-10-29 20:16:48 -------- d-----w-
c:\docume~1\admini~1\locals~1\applic~1\Google

==================== Find3M ====================

2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16:29 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 16:49:49 369664 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
http://www.gmer.net
Windows 5.1.2600 Disk: IC25N030ATMR04-0 rev.MOAOAD0A -> Harddisk0\DR0
-> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll
>>UNKNOWN [0x866F0446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX,
[0x866f6504]; MOV EAX, [0x866f6580]; PUSH EBX; PUSH ESI; MOV ESI,
[EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8],
EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x86787AB8]
3 CLASSPNP[0xF786FFD7] -> nt!IofCallDriver[0x804E37D5] ->
\Device\00000075[0x867901B0]
5 ACPI[0xF77E6620] -> nt!IofCallDriver[0x804E37D5] -> [0x8676A940]
\Driver\atapi[0x86749F38] -> IRP_MJ_CREATE -> 0x866F0446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX;
MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH
AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR
BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 ->
\??\IDE#DiskIC25N030ATMR04-0________________________MOAOAD0A#5&5fd921d&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x866F0292
user != kernel MBR !!!
sectors 58605118 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 9:49:26.53 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/3/2009 5:06:22 PM
System Uptime: 11/15/2010 9:19:59 AM (0 hours ago)

Motherboard: Compaq | | 07F4
Processor: Mobile Intel(R) Pentium(R) 4 - M CPU 2.00GHz | J1 | 1993/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 28 GiB total, 8.923 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP421: 9/3/2010 12:09:24 AM - System Checkpoint
RP422: 9/4/2010 3:09:28 PM - System Checkpoint
RP423: 9/6/2010 9:23:02 AM - System Checkpoint
RP424: 9/7/2010 3:09:45 PM - System Checkpoint
RP425: 9/8/2010 3:28:48 PM - System Checkpoint
RP426: 9/9/2010 6:28:56 PM - System Checkpoint
RP427: 9/10/2010 11:43:53 PM - System Checkpoint
RP428: 9/12/2010 4:43:56 PM - System Checkpoint
RP429: 9/15/2010 10:39:14 AM - System Checkpoint
RP430: 9/16/2010 12:26:58 PM - System Checkpoint
RP431: 9/20/2010 9:14:54 PM - System Checkpoint
RP432: 9/22/2010 12:21:03 AM - System Checkpoint
RP433: 9/23/2010 4:44:07 PM - System Checkpoint
RP434: 9/25/2010 11:43:46 AM - System Checkpoint
RP435: 9/26/2010 1:02:18 PM - System Checkpoint
RP436: 9/27/2010 4:03:52 PM - System Checkpoint
RP437: 9/28/2010 6:36:48 PM - System Checkpoint
RP438: 9/30/2010 11:05:04 AM - System Checkpoint
RP439: 10/1/2010 5:41:56 PM - System Checkpoint
RP440: 10/6/2010 9:36:58 AM - System Checkpoint
RP441: 10/9/2010 2:39:38 PM - System Checkpoint
RP442: 10/14/2010 10:01:18 PM - System Checkpoint
RP443: 10/18/2010 1:11:07 PM - System Checkpoint
RP444: 10/19/2010 1:49:03 PM - System Checkpoint
RP445: 10/21/2010 3:39:41 PM - System Checkpoint
RP446: 10/22/2010 6:34:23 PM - System Checkpoint
RP447: 10/24/2010 2:27:20 PM - System Checkpoint
RP448: 10/25/2010 3:11:55 PM - System Checkpoint
RP449: 10/26/2010 11:36:23 PM - System Checkpoint
RP450: 10/29/2010 1:58:09 PM - Software Distribution Service 3.0
RP451: 11/2/2010 1:22:59 PM - System Checkpoint
RP452: 11/3/2010 5:16:15 PM - Removed Windows Live Sign-in Assistant
RP453: 11/3/2010 5:16:41 PM - Removed Windows Live Upload Tool
RP454: 11/6/2010 11:46:17 AM - System Checkpoint
RP455: 11/8/2010 4:21:05 PM - System Checkpoint
RP456: 11/8/2010 5:28:16 PM - Removed Skypeâ„¢ 4.1
RP457: 11/8/2010 5:33:13 PM - Removed OpenOffice.org 3.0
RP458: 11/11/2010 1:37:26 AM - System Checkpoint
RP459: 11/11/2010 11:34:38 AM - Removed McAfee VirusScan Enterprise
RP460: 11/11/2010 11:35:34 AM - Removed McAfee Agent.
RP461: 11/12/2010 10:26:29 AM - Removed AVG 2011
RP462: 11/12/2010 10:29:19 AM - Removed AVG 2011
RP463: 11/12/2010 1:32:01 PM - Removed AVG 2011
RP464: 11/12/2010 1:33:35 PM - Removed AVG 2011
RP465: 11/12/2010 2:06:40 PM - Removed AVG 2011
RP466: 11/13/2010 4:15:19 PM - System Checkpoint
RP467: 11/14/2010 11:17:21 PM - System Checkpoint

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
BitComet 1.11
Broadcom 802.11 Network Adapter
DivX Web Player
Dynex Wireless Enhanced G NB Card - DX-WGPNBC
ffdshow (remove only)
Google Talk Plugin
Hardware Helper
Java(TM) 6 Update 7
K-Lite Codec Pack 2.62 Full
LimeWire PRO 4.18.8
Malwarebytes' Anti-Malware
McAfee Agent
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.12)
Mozilla Thunderbird (2.0.0.24)
QuickTime
Registry Mechanic 8.0
Security Update for Windows XP (KB923789)
Skype web features
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Tunatic
VC80CRTRedist - 8.0.50727.762
VLC media player 1.1.4
WebFldrs XP
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip
Xvid 1.2.1 final uninstall

==== Event Viewer Messages From Past Week ========

11/9/2010 6:10:36 PM, error: sr [1] - The System Restore filter
encountered the unexpected error '0xC0000001' while processing the
file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.
11/9/2010 1:59:00 PM, error: DCOM [10005] - DCOM got error "%1055 "
attempting to start the service BITS with arguments " " in order to run
the server: {4991D34B-80A1-4291-83B6-3328366B9097}
11/8/2010 7:10:28 PM, error: Service Control Manager [7031] - The
Remote Procedure Call (RPC) service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Reboot the machine.
11/8/2010 7:10:13 PM, error: Service Control Manager [7034] - The
Broadcom Wireless LAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).
11/15/2010 9:00:05 AM, error: Microsoft Antimalware [2001] -
Microsoft Antimalware has encountered an error trying to update
signatures. New Signature Version: Previous Signature Version:
1.93.1757.0 Update Source: Microsoft Update Server Update Stage:
Search Source Path: http://www.microsoft.com Signature Type:
AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current
Engine Version: Previous Engine Version: 1.1.6301.0 Error code:
0x80072efe Error description: The connection with the server was
terminated abnormally
11/15/2010 8:38:33 AM, error: Service Control Manager [7031] - The
Dynex Wireless Enhanced G NB Card - DX-WGPNBC Service service
terminated unexpectedly. It has done this 1 time(s). The following
corrective action will be taken in 0 milliseconds: Restart the
service.
11/15/2010 8:38:32 AM, error: Service Control Manager [7034] - The
Ati HotKey Poller service terminated unexpectedly. It has done this 1
time(s).
11/15/2010 8:38:32 AM, error: Service Control Manager [7031] - The
Microsoft Antimalware Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.
11/14/2010 7:45:44 AM, error: Microsoft Antimalware [2001] -
Microsoft Antimalware has encountered an error trying to update
signatures. New Signature Version: Previous Signature Version:
1.93.1757.0 Update Source: Microsoft Update Server Update Stage:
Search Source Path: http://www.microsoft.com Signature Type:
AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current
Engine Version: Previous Engine Version: 1.1.6301.0 Error code:
0x8024402c Error description: An unexpected problem occurred while
checking for updates. For information on installing or troubleshooting
updates, see Help and Support.
11/13/2010 2:18:04 PM, error: atapi [11] - The driver detected a
controller error on \Device\Ide\IdePort0.
11/13/2010 2:17:43 PM, error: atapi [9] - The device,
\Device\Ide\IdePort0, did not respond within the timeout period.
11/12/2010 12:02:25 PM, error: Microsoft Antimalware [1008] -
Microsoft Antimalware has encountered an error when taking action on
spyware or other potentially unwanted software. For more information
please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanClicker:ASX/Wimad.CP&threatid=2147628746
User: NEBULA\Administrator Name: TrojanClicker:ASX/Wimad.CP ID:
2147628746 Severity: Severe Category: Trojan Notifier Path:
Action: Remove Error Code: 0x80508023 Error description: The
program could not find the spyware and other potentially unwanted
software on this computer. Status: Signature Version: AV:
1.93.1757.0, AS: 1.93.1757.0 Engine Version: 1.1.6301.0
11/12/2010 11:37:19 PM, error: Microsoft Antimalware [2001] -
Microsoft Antimalware has encountered an error trying to update
signatures. New Signature Version: Previous Signature Version:
1.93.1757.0 Update Source: Microsoft Update Server Update Stage:
Search Source Path: http://www.microsoft.com Signature Type:
AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current
Engine Version: Previous Engine Version: 1.1.6301.0 Error code:
0x80072efe Error description: The connection with the server was
terminated abnormally
11/12/2010 10:58:37 AM, error: Microsoft Antimalware [2001] -
Microsoft Antimalware has encountered an error trying to update
signatures. New Signature Version: Previous Signature Version:
0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search
Source Path: http://www.microsoft.com Signature Type: AntiVirus
Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error
description: The connection with the server was terminated abnormally
11/12/2010 10:53:02 AM, error: Microsoft Antimalware [2001] -
Microsoft Antimalware has encountered an error trying to update
signatures. New Signature Version: Previous Signature Version:
0.0.0.0 Update Source: Microsoft Malware Protection Center Update
Stage: Download Source Path:
http://go.microsoft.com/fwlink/?Lin...0.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE
Signature Type: AntiVirus Update Type: Full User: NT
AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine
Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The
operation timed out
11/12/2010 10:53:02 AM, error: Microsoft Antimalware [2001] -
Microsoft Antimalware has encountered an error trying to update
signatures. New Signature Version: Previous Signature Version:
0.0.0.0 Update Source: Microsoft Malware Protection Center Update
Stage: Download Source Path:
http://go.microsoft.com/fwlink/?Lin...0.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE
Signature Type: AntiVirus Update Type: Full User: NT
AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine
Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The
operation timed out
11/12/2010 10:53:02 AM, error: Microsoft Antimalware [2001] -
Microsoft Antimalware has encountered an error trying to update
signatures. New Signature Version: Previous Signature Version:
0.0.0.0 Update Source: Microsoft Malware Protection Center Update
Stage: Download Source Path:
http://go.microsoft.com/fwlink/?Lin...0.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE
Signature Type: AntiSpyware Update Type: Full User: NT
AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine
Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The
operation timed out
11/12/2010 10:53:02 AM, error: Microsoft Antimalware [2001] -
Microsoft Antimalware has encountered an error trying to update
signatures. New Signature Version: Previous Signature Version:
0.0.0.0 Update Source: Microsoft Malware Protection Center Update
Stage: Download Source Path:
http://go.microsoft.com/fwlink/?Lin...0.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE
Signature Type: AntiSpyware Update Type: Full User: NT
AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine
Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The
operation timed out
11/12/2010 10:48:06 AM, error: Microsoft Antimalware [2001] -
Microsoft Antimalware has encountered an error trying to update
signatures. New Signature Version: Previous Signature Version:
0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search
Source Path: http://www.microsoft.com Signature Type: AntiVirus
Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error
description: The connection with the server was terminated abnormally
11/12/2010 10:46:39 AM, error: Service Control Manager [7001] - The
AVGIDSAgent service depends on the AVGIDSDriver service which failed
to start because of the following error: The service cannot be
started, either because it is disabled or because it has no enabled
devices associated with it.
11/12/2010 10:43:52 AM, error: Microsoft Antimalware [2001] -
Microsoft Antimalware has encountered an error trying to update
signatures. New Signature Version: Previous Signature Version:
0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search
Source Path: http://www.microsoft.com Signature Type: AntiVirus
Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error
description: The connection with the server was terminated abnormally
11/12/2010 10:39:24 AM, error: Microsoft Antimalware [2001] -
Microsoft Antimalware has encountered an error trying to update
signatures. New Signature Version: Previous Signature Version:
0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search
Source Path: http://www.microsoft.com Signature Type: AntiVirus
Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error
description: The connection with the server was terminated abnormally
11/12/2010 10:37:12 AM, error: Microsoft Antimalware [2001] -
Microsoft Antimalware has encountered an error trying to update
signatures. New Signature Version: Previous Signature Version:
0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search
Source Path: http://www.microsoft.com Signature Type: AntiVirus
Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error
description: The connection with the server was terminated abnormally
11/12/2010 10:36:05 AM, error: Microsoft Antimalware [2001] -
Microsoft Antimalware has encountered an error trying to update
signatures. New Signature Version: Previous Signature Version:
0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search
Source Path: http://www.microsoft.com Signature Type: AntiVirus
Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error
description: The connection with the server was terminated abnormally
11/12/2010 10:34:43 AM, error: Microsoft Antimalware [2001] -
Microsoft Antimalware has encountered an error trying to update
signatures. New Signature Version: Previous Signature Version:
0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search
Source Path: http://www.microsoft.com Signature Type: AntiVirus
Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error
description: The connection with the server was terminated abnormally
11/12/2010 10:32:49 AM, error: Microsoft Antimalware [2001] -
Microsoft Antimalware has encountered an error trying to update
signatures. New Signature Version: Previous Signature Version:
0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search
Source Path: http://www.microsoft.com Signature Type: AntiVirus
Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error
description: The connection with the server was terminated abnormally
11/12/2010 10:31:57 AM, error: Microsoft Antimalware [2001] -
Microsoft Antimalware has encountered an error trying to update
signatures. New Signature Version: Previous Signature Version:
0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search
Source Path: http://www.microsoft.com Signature Type: AntiVirus
Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error
description: The connection with the server was terminated abnormally
11/12/2010 1:51:35 PM, error: Service Control Manager [7026] - The
following boot-start or system-start driver(s) failed to load:
Avgrkx86
11/12/2010 1:42:39 PM, error: DCOM [10005] - DCOM got error "%1084 "
attempting to start the service wuauserv with arguments " " in order to
run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/12/2010 1:42:26 PM, error: Service Control Manager [7026] - The
following boot-start or system-start driver(s) failed to load: AFD
Avgldx86 Avgmfx86 Fips intelppm IPSec MpFilter MRxSmb NetBIOS RasAcd
Rdbss Tcpip
11/12/2010 1:42:26 PM, error: Service Control Manager [7001] - The
NetBios over Tcpip service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: A
device attached to the system is not functioning.
11/12/2010 1:42:26 PM, error: Service Control Manager [7001] - The
DHCP Client service depends on the NetBios over Tcpip service which
failed to start because of the following error: The dependency
service or group failed to start.
11/12/2010 1:23:58 PM, error: Service Control Manager [7000] - The
AVG Anti-Rootkit Driver service failed to start due to the following
error: The system cannot find the file specified.
11/12/2010 1:08:50 PM, error: Microsoft Antimalware [1008] -
Microsoft Antimalware has encountered an error when taking action on
spyware or other potentially unwanted software. For more information
please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanClicker:ASX/Wimad.CP&threatid=2147628746
User: NT AUTHORITY\SYSTEM Name: TrojanClicker:ASX/Wimad.CP ID:
2147628746 Severity: Severe Category: Trojan Notifier Path:
Action: Remove Error Code: 0x80508023 Error description: The
program could not find the spyware and other potentially unwanted
software on this computer. Status: Signature Version: AV:
1.93.1757.0, AS: 1.93.1757.0 Engine Version: 1.1.6301.0
11/11/2010 6:48:56 AM, error: Service Control Manager [7022] - The
Automatic Updates service hung on starting.
11/11/2010 12:34:05 PM, error: Service Control Manager [7026] - The
following boot-start or system-start driver(s) failed to load: AFD
Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT
RasAcd Rdbss Tcpip
11/11/2010 12:34:05 PM, error: Service Control Manager [7001] - The
TCP/IP NetBIOS Helper service depends on the AFD service which failed
to start because of the following error: A device attached to the
system is not functioning.
11/11/2010 12:34:05 PM, error: Service Control Manager [7001] - The
IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: A device attached to
the system is not functioning.
11/11/2010 12:34:05 PM, error: Service Control Manager [7001] - The
DNS Client service depends on the TCP/IP Protocol Driver service which
failed to start because of the following error: A device attached to
the system is not functioning.
11/11/2010 12:34:05 PM, error: Service Control Manager [7001] - The
DHCP Client service depends on the NetBios over Tcpip service which
failed to start because of the following error: A device attached to
the system is not functioning.
11/11/2010 12:33:39 PM, error: DCOM [10005] - DCOM got error "%1084 "
attempting to start the service netman with arguments " " in order to
run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/11/2010 12:33:22 PM, error: DCOM [10005] - DCOM got error "%1084 "
attempting to start the service EventSystem with arguments " " in order
to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/11/2010 11:39:48 AM, error: Service Control Manager [7000] - The
McAfee Framework Service service failed to start due to the following
error: The system cannot find the file specified.
11/11/2010 11:30:29 AM, error: Service Control Manager [7009] -
Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to
connect.
11/11/2010 11:30:29 AM, error: Service Control Manager [7000] - The
AVGIDSAgent service failed to start due to the following error: The
service did not respond to the start or control request in a timely
fashion.
11/10/2010 4:38:47 PM, error: Server [2505] - The server could not
bind to the transport
\Device\NetBT_Tcpip_{AF84B20A-A50E-4F69-8905-F0E37DB718F5} because
another computer on the network has the same name. The server could
not start.

PeteC · 2010/11/15

Please keep to the same thread - threads merged.

broni · 2010/11/15

1. Please, disable "word wrap" in Notepad, because your logs are hard to read.

2. If you can't fit all logs in one reply, split them between couple of replies.

3. GMER log is incomplete. Please, repost it.

deangmoxon · 2010/11/15

gmer won't work

when i run the gmer it jams up and cannot complete a scan
the computer jams up and cannot be turned off properly
it needs the power button pushed n held for 5 seconds to shut it off

broni · 2010/11/15

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

deangmoxon · 2010/11/15

TDSS killer log

2010/11/15 19:32:34.0777 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/15 19:32:34.0777 ================================================================================
2010/11/15 19:32:34.0777 SystemInfo:
2010/11/15 19:32:34.0777
2010/11/15 19:32:34.0777 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/15 19:32:34.0777 Product type: Workstation
2010/11/15 19:32:34.0777 ComputerName: NEBULA
2010/11/15 19:32:34.0777 UserName: Administrator
2010/11/15 19:32:34.0777 Windows directory: C:\WINDOWS
2010/11/15 19:32:34.0777 System windows directory: C:\WINDOWS
2010/11/15 19:32:34.0777 Processor architecture: Intel x86
2010/11/15 19:32:34.0777 Number of processors: 1
2010/11/15 19:32:34.0777 Page size: 0x1000
2010/11/15 19:32:34.0777 Boot type: Normal boot
2010/11/15 19:32:34.0777 ================================================================================
2010/11/15 19:32:36.0309 Initialize success
2010/11/15 19:32:45.0522 ================================================================================
2010/11/15 19:32:45.0522 Scan started
2010/11/15 19:32:45.0522 Mode: Manual;
2010/11/15 19:32:45.0522 ================================================================================
2010/11/15 19:32:47.0495 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2010/11/15 19:32:47.0906 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/15 19:32:48.0256 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/15 19:32:48.0787 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/15 19:32:49.0188 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/15 19:32:49.0648 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/15 19:32:51.0711 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/15 19:32:52.0082 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/15 19:32:53.0003 ati2mtag (dd3802e25a9ef4e55eee9a0fc2151611) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/11/15 19:32:53.0664 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/15 19:32:53.0995 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/15 19:32:54.0756 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/11/15 19:32:55.0136 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/15 19:32:55.0507 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/15 19:32:56.0058 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/15 19:32:56.0438 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/15 19:32:56.0829 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/15 19:32:57.0369 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/15 19:32:57.0900 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/15 19:32:59.0022 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/15 19:32:59.0673 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/15 19:33:00.0424 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/15 19:33:00.0824 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/15 19:33:01.0255 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/15 19:33:01.0856 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/15 19:33:02.0246 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/15 19:33:02.0707 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/15 19:33:03.0118 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/15 19:33:03.0478 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/15 19:33:03.0829 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/15 19:33:04.0209 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/15 19:33:04.0730 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/15 19:33:05.0131 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/15 19:33:05.0491 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/15 19:33:05.0812 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
2010/11/15 19:33:06.0493 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/15 19:33:07.0454 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/15 19:33:07.0865 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/15 19:33:08.0435 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/15 19:33:08.0766 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/15 19:33:09.0036 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/15 19:33:09.0507 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/15 19:33:09.0907 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/15 19:33:10.0398 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/15 19:33:10.0969 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/15 19:33:11.0450 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/11/15 19:33:11.0910 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/15 19:33:12.0531 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/15 19:33:13.0012 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/15 19:33:13.0583 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/15 19:33:14.0063 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/15 19:33:15.0055 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2010/11/15 19:33:15.0816 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/15 19:33:16.0277 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/15 19:33:16.0697 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/15 19:33:17.0178 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/15 19:33:17.0679 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/11/15 19:33:18.0370 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/15 19:33:18.0960 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/15 19:33:19.0852 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/15 19:33:20.0302 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/15 19:33:20.0733 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/15 19:33:21.0174 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/15 19:33:21.0554 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/15 19:33:21.0895 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/15 19:33:22.0636 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/15 19:33:23.0086 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/15 19:33:23.0527 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/15 19:33:24.0038 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/15 19:33:24.0559 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/15 19:33:25.0059 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/15 19:33:25.0580 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/15 19:33:26.0261 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/15 19:33:26.0892 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/15 19:33:27.0453 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/15 19:33:27.0823 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/15 19:33:28.0174 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/15 19:33:28.0574 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/15 19:33:28.0975 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/15 19:33:29.0335 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/15 19:33:29.0746 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/15 19:33:30.0607 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/11/15 19:33:32.0340 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/15 19:33:32.0750 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/15 19:33:33.0221 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/15 19:33:34.0873 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/15 19:33:35.0204 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/11/15 19:33:35.0544 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/15 19:33:35.0955 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/15 19:33:36.0315 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/15 19:33:36.0756 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/15 19:33:37.0207 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/15 19:33:37.0637 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/15 19:33:38.0188 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/15 19:33:38.0579 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/15 19:33:39.0079 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/15 19:33:39.0440 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/15 19:33:39.0780 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/15 19:33:40.0231 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/15 19:33:40.0872 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2010/11/15 19:33:41.0283 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/11/15 19:33:41.0793 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/15 19:33:42.0194 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/15 19:33:42.0685 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/15 19:33:43.0165 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/15 19:33:43.0526 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/15 19:33:44.0918 SynTP (d7b9ad3abd0f7f9f694d71f38b5c7b72) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/11/15 19:33:45.0559 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/15 19:33:46.0059 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/15 19:33:46.0540 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/15 19:33:46.0911 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/15 19:33:47.0281 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/15 19:33:47.0982 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/15 19:33:48.0813 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/15 19:33:49.0314 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/15 19:33:49.0605 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/15 19:33:50.0025 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/11/15 19:33:50.0366 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/15 19:33:50.0746 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/15 19:33:51.0267 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/15 19:33:51.0708 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/15 19:33:52.0288 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/15 19:33:52.0899 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/15 19:33:53.0310 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/15 19:33:53.0460 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/15 19:33:53.0470 ================================================================================
2010/11/15 19:33:53.0470 Scan finished
2010/11/15 19:33:53.0470 ================================================================================
2010/11/15 19:33:53.0500 Detected object count: 1
2010/11/15 19:34:19.0267 \HardDisk0 - will be cured after reboot
2010/11/15 19:34:19.0267 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

broni · 2010/11/15

Very good
Please, retry GMER now.

deangmoxon · 2010/11/15

gmer won't work-jammed

i ran the gmer but it won't run now and the computer freezes
i get an hour glass and a (not responding) on the top left of the window.
cannot shut off the comp properly either.
and thanx very much for all your help btw !
the kaspersky rootkit remover might have cleaned out the problem anyways

broni · 2010/11/15

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

deangmoxon · 2010/11/16

combofix log

ComboFix 10-11-15.05 - Administrator 11/15/2010 22:07:04.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.660 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2010-10-16 to 2010-11-16 )))))))))))))))))))))))))))))))
.

2010-11-16 03:07 . 2010-10-18 16:41 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BE0AA689-C0A3-4973-87A0-ABBD2C890CAF}\mpengine.dll
2010-11-15 08:14 . 2010-11-15 08:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-11-13 16:22 . 2010-11-13 16:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Thunderbird
2010-11-13 16:22 . 2010-11-13 16:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\Thunderbird
2010-11-12 23:24 . 2010-11-13 00:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-12 23:24 . 2010-11-13 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-12 18:30 . 2010-11-12 18:30 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-11 18:34 . 2010-11-11 18:34 -------- d-----w- C:\$AVG
2010-11-11 18:01 . 2010-11-11 18:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG10
2010-11-11 17:57 . 2010-11-11 17:57 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-11-11 17:54 . 2010-11-12 22:33 -------- d-----w- c:\program files\AVG
2010-11-11 17:29 . 2010-11-11 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-11-11 07:41 . 2010-11-15 22:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-11-09 23:01 . 2010-11-09 23:01 -------- d-s---w- c:\documents and settings\LocalService\UserData
2010-11-09 01:35 . 2010-11-09 03:05 -------- d-----w- c:\windows\SxsCaPendDel
2010-10-29 20:22 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-29 20:22 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-29 20:22 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-29 20:17 . 2010-10-29 20:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2010-10-29 20:16 . 2010-10-29 20:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 19:23 . 2004-08-04 05:56 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 05:56 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-23 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16 . 2004-08-04 05:56 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16 . 2004-08-04 03:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16 . 2004-08-04 05:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 16:49 . 2004-08-04 03:59 369664 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2004-08-04 05:56 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 04:17 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 05:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 05:56 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 04:14 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-05-04 03:59 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 05:56 617472 ----a-w- c:\windows\system32\comctl32.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic "= "c:\program files\Registry Mechanic\RegMech.exe" [2008-07-09 2828184]
"Google Update "= "c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-29 136176]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1024000]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38 34672 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-06-08 04:05 344064 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2006-10-12 23:28 1282048 ----a-w- c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 11:27 144784 -c--a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\BitComet\\BitComet.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12316:TCP "= 12316:TCP:BitComet 12316 TCP
"12316:UDP "= 12316:UDP:BitComet 12316 UDP
"1691:TCP "= 1691:TCP:BitComet 1691 TCP
"1691:UDP "= 1691:UDP:BitComet 1691 UDP
"18725:TCP "= 18725:TCP:BitComet 18725 TCP
"18725:UDP "= 18725:UDP:BitComet 18725 UDP

R2 Dynex DX-WGPNBC WLService;Dynex Wireless Enhanced G NB Card - DX-WGPNBC Service;c:\program files\Dynex Wireless Enhanced G NB Card - DX-WGPNBC\WLService.exe [5/3/2009 6:11 PM 49152]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-2111687655-2146967187-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-29 20:16]

2010-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-2111687655-2146967187-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-29 20:16]

2010-11-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 05:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/ig?hl=en
uInternet Connection Wizard,ShellNext = iexplore
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\in09o4tz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\in09o4tz.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqz9s ", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqs8s ", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--j6w193g ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4a87g ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7c0a67fbc ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7cvafr ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kpry57d ", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kprw13d ", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-15 22:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2872)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Dynex Wireless Enhanced G NB Card - DX-WGPNBC\WLanCfgG.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-11-15 22:21:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-16 06:21

Pre-Run: 9,556,172,800 bytes free
Post-Run: 9,501,822,976 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - E84D36092C0FFFD6EBC9B06132FA611A

broni · 2010/11/16

It looks good now

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

deangmoxon · 2010/11/16

OTL log

OTL logfile created on: 11/15/2010 11:00:19 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 528.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.94 Gb Total Space | 8.91 Gb Free Space | 31.90% Space Free | Partition Type: NTFS

Computer Name: NEBULA | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/15 22:51:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/25 21:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/22 13:59:12 | 000,827,392 | ---- | M] () -- C:\Program Files\Dynex Wireless Enhanced G NB Card - DX-WGPNBC\WLanCfgG.exe
PRC - [2004/03/30 06:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Dynex Wireless Enhanced G NB Card - DX-WGPNBC\WLService.exe

========== Modules (SafeList) ==========

MOD - [2010/11/15 22:51:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2004/03/30 06:08:16 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Dynex Wireless Enhanced G NB Card - DX-WGPNBC\WLService.exe -- (Dynex DX-WGPNBC WLService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\AVGIDSShim.Sys -- (AVGIDSShim)
DRV - [2007/12/06 16:41:42 | 000,220,032 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/10/12 15:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/06/07 21:19:52 | 001,201,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/03 14:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/09/25 21:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2001/08/17 04:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 04:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig?hl=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig "
FF - prefs.js..extensions.enabledItems: {563e4790-7e70-11da-a72b-0800200c9a66}:0.9c
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/07 14:34:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/07 14:34:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/13 08:22:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/04/12 10:51:21 | 000,000,000 | ---D | M]

[2009/05/05 20:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/11/13 18:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\in09o4tz.default\extensions
[2010/11/08 13:50:47 | 000,000,000 | ---D | M] (VyprÃƒ¡zdnit vyrovnÃƒ¡vacÃƒ* pamÃ„â€ºÃ…¥) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\in09o4tz.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2009/05/04 19:18:21 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\in09o4tz.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/01/07 00:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\in09o4tz.default\extensions\firefox@tvunetworks.com
[2010/11/15 22:51:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/10 23:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2010/11/15 22:15:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241402251354 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.53.71.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/03 16:02:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\Program Files\K-Lite Codec Pack\codecs\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Program Files\K-Lite Codec Pack\codecs\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: VIDC.3iv2 - C:\Program Files\K-Lite Codec Pack\codecs\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: VIDC.FFDS - ff_vfw.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VP31 - C:\Program Files\K-Lite Codec Pack\codecs\vp31vfw.dll (On2.com)
Drivers32: VIDC.VP60 - C:\Program Files\K-Lite Codec Pack\codecs\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\Program Files\K-Lite Codec Pack\codecs\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\Program Files\K-Lite Codec Pack\codecs\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\Program Files\K-Lite Codec Pack\codecs\vp7vfw.dll (On2.com)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/15 22:51:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/11/15 22:21:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/11/15 22:05:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/15 22:03:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/15 22:03:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/15 22:03:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/15 22:03:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/15 22:02:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/15 22:02:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/15 00:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/11/15 00:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/13 08:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Thunderbird
[2010/11/13 08:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Thunderbird
[2010/11/13 08:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/11/12 15:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/12 15:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/12 10:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/11 10:34:27 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/11/11 10:01:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2010/11/11 09:57:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/11 09:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/11/11 09:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/10 23:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2010/11/09 14:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/08 17:35:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/11/08 10:55:10 | 001,330,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2010/11/07 14:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\doom-saying_files
[2010/11/01 19:22:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/10/29 12:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2010/10/29 12:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google

========== Files - Modified Within 30 Days ==========

[2010/11/15 22:51:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/11/15 22:40:16 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/15 22:34:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/15 22:34:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/15 22:22:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-2111687655-2146967187-500UA.job
[2010/11/15 22:15:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/15 22:05:59 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/15 21:48:25 | 003,910,070 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/11/15 20:59:01 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010/11/15 13:21:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-2111687655-2146967187-500Core.job
[2010/11/12 15:24:22 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/12 15:24:22 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/11/12 10:30:31 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/11/12 08:48:09 | 000,043,675 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\dyn-postdownload.php
[2010/11/10 23:41:28 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/11/09 16:00:40 | 011,464,753 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Time In Motion - Dreamscape.mp3
[2010/11/09 15:55:36 | 006,736,351 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\009 Sound System - Dreamscape.mp3
[2010/11/08 10:55:10 | 001,330,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2010/11/08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/07 14:58:39 | 000,010,901 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\doom-saying.htm
[2010/11/07 14:48:06 | 001,623,860 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\TappingSolutionEbook.pdf
[2010/11/07 14:34:08 | 000,313,048 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 14:34:08 | 000,040,912 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/03 15:54:54 | 000,001,590 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\download.html
[2010/11/03 15:49:13 | 003,022,808 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\OJays-BackStabbers.mp3
[2010/11/01 11:51:45 | 001,734,337 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Jelleestone - Money Can&#39;t Buy Me Happiness_[www.Mp3Drug.com].mp3
[2010/10/29 13:13:06 | 000,112,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/29 13:10:34 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/27 08:56:56 | 004,756,500 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\7635a31d423c5e4ff66a53e8221c602e.mp3
[2010/10/22 09:14:26 | 004,948,932 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\rye_rye-sunshine_(feat._mia)(2).mp3
[2010/10/19 21:01:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2010/11/15 22:05:59 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/15 22:05:54 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/15 22:03:08 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/15 22:03:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/15 22:03:08 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/15 22:03:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/15 22:03:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/15 21:47:25 | 003,910,070 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/11/15 20:58:51 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010/11/12 15:24:22 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/12 15:24:22 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/11/12 10:35:48 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/12 10:30:31 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/11/12 08:48:06 | 000,043,675 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\dyn-postdownload.php
[2010/11/10 23:41:28 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/11/09 16:00:58 | 011,464,753 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Time In Motion - Dreamscape.mp3
[2010/11/09 15:56:08 | 006,736,351 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\009 Sound System - Dreamscape.mp3
[2010/11/08 10:32:38 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2010/11/07 14:58:38 | 000,010,901 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\doom-saying.htm
[2010/11/07 14:48:02 | 001,623,860 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\TappingSolutionEbook.pdf
[2010/11/03 15:54:53 | 000,001,590 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\download.html
[2010/11/03 15:49:06 | 003,022,808 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\OJays-BackStabbers.mp3
[2010/11/01 11:52:51 | 001,734,337 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Jelleestone - Money Can&#39;t Buy Me Happiness_[www.Mp3Drug.com].mp3
[2010/10/29 12:17:01 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-2111687655-2146967187-500UA.job
[2010/10/29 12:16:59 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-2111687655-2146967187-500Core.job
[2010/10/27 19:14:11 | 007,680,000 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Dj Baby Anne - Freestylers - Punks (Krafty Kuts Mix).mp3
[2010/10/27 09:31:44 | 004,756,500 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\7635a31d423c5e4ff66a53e8221c602e.mp3
[2010/10/22 09:31:12 | 004,948,932 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\rye_rye-sunshine_(feat._mia)(2).mp3
[2009/07/13 10:25:28 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/14 11:15:49 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/05/03 18:11:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/05/03 18:11:43 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/05/03 18:11:40 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\WGPNBC.dll
[2009/05/03 18:11:33 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/05/03 17:56:19 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/05/03 17:56:14 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/03 17:56:14 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/03 17:56:12 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009/05/03 08:49:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2010/11/11 10:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2010/09/28 11:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DriverCure
[2009/11/07 22:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\foobar2000
[2010/09/28 11:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2009/11/10 11:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Haihaisoft
[2009/11/10 11:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Haihaisoft Universal Player
[2010/11/09 15:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2009/05/03 18:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2009/05/03 19:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2009/10/02 21:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TigerPlayer
[2010/11/09 15:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/11/11 09:57:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/18 18:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/11/11 09:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/15 22:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/15 22:40:16 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/05/03 16:02:40 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/05/03 18:11:55 | 000,000,090 | ---- | M] () -- C:\bcmwl5.log
[2009/05/03 18:56:44 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/11/15 22:05:59 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/11/15 22:21:10 | 000,012,578 | ---- | M] () -- C:\ComboFix.txt
[2009/05/03 16:02:40 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/05/03 16:02:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/05/03 16:02:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 19:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/05/03 16:22:50 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/15 22:33:54 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/11/15 19:40:24 | 000,032,396 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_15.11.2010_19.32.34_log.txt
[2010/11/15 19:51:19 | 000,031,832 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_15.11.2010_19.49.51_log.txt

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/05/03 16:01:54 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/05/03 08:47:43 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/05/03 08:47:43 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/05/03 08:47:42 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/05/03 16:29:43 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/05/03 16:37:45 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/05/03 16:09:43 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/11/15 21:48:25 | 003,910,070 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2009/10/25 21:25:47 | 004,367,480 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\Administrator\Desktop\ffdshow.exe
[2010/11/08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2010/11/15 22:51:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/11/08 10:55:10 | 001,330,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2008/06/07 23:27:00 | 008,575,872 | ---- | M] (Compaq Computer Corporation ) -- C:\Documents and Settings\Administrator\My Documents\sp21661.exe
[2009/04/25 11:20:09 | 005,128,504 | ---- | M] (Hewlett-Packard Company ) -- C:\Documents and Settings\Administrator\My Documents\sp22515.exe
[2009/05/03 21:05:35 | 006,451,488 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Synaptics_Driver_v10_1_8_XP32.exe
[2008/06/07 21:04:21 | 000,642,796 | ---- | M] (Xvid team ) -- C:\Documents and Settings\Administrator\My Documents\XviD-1.1.3-28062007.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/05/03 16:37:45 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/15 22:51:01 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 04:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 00:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 06:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 22:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 04:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 22:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 22:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 22:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40640B7D

< End of report >

OTL Extras logfile created on: 11/15/2010 11:00:19 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 528.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.94 Gb Total Space | 8.91 Gb Free Space | 31.90% Space Free | Partition Type: NTFS

Computer Name: NEBULA | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"12316:TCP" = 12316:TCP:*:Enabled:BitComet 12316 TCP
"12316:UDP" = 12316:UDP:*:Enabled:BitComet 12316 UDP
"1691:TCP" = 1691:TCP:*:Enabled:BitComet 1691 TCP
"1691:UDP" = 1691:UDP:*:Enabled:BitComet 1691 UDP
"18725:TCP" = 18725:TCP:*:Enabled:BitComet 18725 TCP
"18725:UDP" = 18725:UDP:*:Enabled:BitComet 18725 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7F736447-A8B5-4FB9-9DE0-BC1A362EE185}" = Dynex Wireless Enhanced G NB Card - DX-WGPNBC
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BitComet" = BitComet 1.11
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"ffdshow" = ffdshow (remove only)
"Hardware Helper_is1" = Hardware Helper
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.62 Full
"LimeWire" = LimeWire PRO 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Registry Mechanic_is1" = Registry Mechanic 8.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tunatic" = Tunatic
"VLC media player" = VLC media player 1.1.4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/15/2010 8:30:18 PM | Computer Name = NEBULA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/15/2010 8:30:18 PM | Computer Name = NEBULA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 11/15/2010 8:30:19 PM | Computer Name = NEBULA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/15/2010 8:30:19 PM | Computer Name = NEBULA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/15/2010 10:13:02 PM | Computer Name = NEBULA | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 11/15/2010 11:11:01 PM | Computer Name = NEBULA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/15/2010 11:11:01 PM | Computer Name = NEBULA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/15/2010 11:11:01 PM | Computer Name = NEBULA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 11/15/2010 11:11:02 PM | Computer Name = NEBULA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/15/2010 11:11:02 PM | Computer Name = NEBULA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 11/15/2010 11:42:18 PM | Computer Name = NEBULA | Source = Service Control Manager | ID = 7023
Description = The Microsoft Antimalware Service service terminated with the following
error: %%2147944102

Error - 11/16/2010 12:48:48 AM | Computer Name = NEBULA | Source = Service Control Manager | ID = 7000
Description = The McAfee Framework Service service failed to start due to the following
error: %%2

Error - 11/16/2010 2:06:53 AM | Computer Name = NEBULA | Source = Service Control Manager | ID = 7034
Description = The Broadcom Wireless LAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/16/2010 2:06:53 AM | Computer Name = NEBULA | Source = Service Control Manager | ID = 7031
Description = The Dynex Wireless Enhanced G NB Card - DX-WGPNBC Service service
terminated unexpectedly. It has done this 1 time(s). The following corrective
action will be taken in 0 milliseconds: Restart the service.

Error - 11/16/2010 2:08:08 AM | Computer Name = NEBULA | Source = Service Control Manager | ID = 7031
Description = The Dynex Wireless Enhanced G NB Card - DX-WGPNBC Service service
terminated unexpectedly. It has done this 1 time(s). The following corrective
action will be taken in 0 milliseconds: Restart the service.

Error - 11/16/2010 2:10:34 AM | Computer Name = NEBULA | Source = Service Control Manager | ID = 7031
Description = The Dynex Wireless Enhanced G NB Card - DX-WGPNBC Service service
terminated unexpectedly. It has done this 1 time(s). The following corrective
action will be taken in 0 milliseconds: Restart the service.

Error - 11/16/2010 2:11:02 AM | Computer Name = NEBULA | Source = Service Control Manager | ID = 7031
Description = The Dynex Wireless Enhanced G NB Card - DX-WGPNBC Service service
terminated unexpectedly. It has done this 1 time(s). The following corrective
action will be taken in 0 milliseconds: Restart the service.

Error - 11/16/2010 2:15:14 AM | Computer Name = NEBULA | Source = Service Control Manager | ID = 7000
Description = The McAfee Framework Service service failed to start due to the following
error: %%2

Error - 11/16/2010 2:15:14 AM | Computer Name = NEBULA | Source = Service Control Manager | ID = 7023
Description = The Microsoft Antimalware Service service terminated with the following
error: %%2147944102

Error - 11/16/2010 2:34:18 AM | Computer Name = NEBULA | Source = Service Control Manager | ID = 7000
Description = The McAfee Framework Service service failed to start due to the following
error: %%2

< End of report >

deangmoxon · 2010/11/16

OTL log

broni
thanx for all yer help
my computer is doing fine
the problem has not reared its ugly head in 24 hrs so i assume its gone

broni · 2010/11/16

Very good

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

================================================================

Please, uninstall Registry Mechanic.
Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

================================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\AVGIDSShim.Sys -- (AVGIDSShim)
[2010/11/11 10:34:27 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/11/11 10:01:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2010/11/11 09:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/11/11 10:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG10
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40640B7D


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

deangmoxon · 2010/11/16

new OTL log

All processes killed
========== OTL ==========
Service McAfeeFramework stopped successfully!
Service McAfeeFramework deleted successfully!
File C:\Program Files\McAfee\Common Framework\FrameworkService.exe not found.
Service AVGIDSShim stopped successfully!
Service AVGIDSShim deleted successfully!
File C:\WINDOWS\System32\DRIVERS\AVGIDSShim.Sys not found.
C:\$AVG\$VAULT folder moved successfully.
C:\$AVG folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\AVG10\cfgall folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\AVG10 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
Folder C:\Documents and Settings\Administrator\Application Data\AVG10\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:40640B7D deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1590641 bytes
->Temporary Internet Files folder emptied: 135959 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 90246787 bytes
->Flash cache emptied: 2594 bytes

User: All Users

User: Default User

Log in or Sign up

Solved generic host process for win32 has encountered a problem

deangmoxon Inactive Thread Starter

PeteC SuperGeek Staff

deangmoxon Inactive Thread Starter

broni Moderator Malware Analyst

deangmoxon Inactive Thread Starter

deangmoxon Inactive Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

deangmoxon Inactive Thread Starter

broni Moderator Malware Analyst

deangmoxon Inactive Thread Starter

broni Moderator Malware Analyst

deangmoxon Inactive Thread Starter

broni Moderator Malware Analyst

deangmoxon Inactive Thread Starter

broni Moderator Malware Analyst

deangmoxon Inactive Thread Starter

deangmoxon Inactive Thread Starter

broni Moderator Malware Analyst

deangmoxon Inactive Thread Starter

Share This Page

Log in or Sign up

Solved generic host process for win32 has encountered a problem

deangmoxon Inactive Thread Starter

PeteC SuperGeek Staff

deangmoxon Inactive Thread Starter

broni Moderator Malware Analyst

deangmoxon Inactive Thread Starter

deangmoxon Inactive Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

deangmoxon Inactive Thread Starter

broni Moderator Malware Analyst

deangmoxon Inactive Thread Starter

broni Moderator Malware Analyst

deangmoxon Inactive Thread Starter

broni Moderator Malware Analyst

deangmoxon Inactive Thread Starter

broni Moderator Malware Analyst

deangmoxon Inactive Thread Starter

deangmoxon Inactive Thread Starter

broni Moderator Malware Analyst

deangmoxon Inactive Thread Starter

Share This Page

Useful Searches