Computer running incredibly slow, and it is spreading

Inactive
By Corsaiga
Aug 12, 2010
Topic Status:
Not open for further replies.
  1. Hey there fellas, I have been working on a computer on our network here at work, it had reports of taking about 20 minutes to start up, and once started, it just moved incredibly slow, with windows messages of "virtual memory too low." I did standard protocol and started up in safe mode, running malewarebytes, symantec AV scan, and Barracuda malware removal tool. Baracuda found one infected registry key, "Adware.MyWebSearch" but was unable to fix it. I googled the virus and got the same answer of using Bit defender to get rid of it from multiple sites. Bit defender got rid of the virus, but also found "Win32.Sobig.C@mm" which I googled to find out is a worm. BitDefender got rid of it, but the computer showed no signs of improvement.

    Since then I have had 4 others, on the same network, come to me with reports of their computers taking forever to start up and moving slowly. (I, and many others, are on the same network, and we are moving as fast as ever, so I don't think our server is infected.) I have scanned 2 of the 4 computer so far, and all scans have come up clean (same tools as used on the first computer, including bit defender)

    So now I turn to the experts. I have attached the needed log files from the first computer since they are quite long. Thanks in advance for any help you can provide.

    Justin

    Edit: In case it is of any importance, I had to run gmer in safe mode because it would not complete the scan in normal mode.

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  3. Corsaiga

    Corsaiga Newcomer, in training Topic Starter Posts: 20

    Sorry for taking so long, had a wedding to attend to.

    MBR
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x010c000d

    Kernel Drivers (total 128):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0xF89C1000 \WINDOWS\system32\KDCOM.DLL
    0xF88D1000 \WINDOWS\system32\BOOTVID.dll
    0xF8472000 ACPI.sys
    0xF89C3000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF8461000 pci.sys
    0xF84C1000 isapnp.sys
    0xF8A89000 pciide.sys
    0xF8741000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF84D1000 MountMgr.sys
    0xF8442000 ftdisk.sys
    0xF89C5000 dmload.sys
    0xF841C000 dmio.sys
    0xF8749000 PartMgr.sys
    0xF84E1000 VolSnap.sys
    0xF8404000 atapi.sys
    0xF84F1000 disk.sys
    0xF8501000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF83E4000 fltmgr.sys
    0xF83D2000 sr.sys
    0xF8751000 PxHelp20.sys
    0xF83BB000 KSecDD.sys
    0xF832E000 Ntfs.sys
    0xF8301000 NDIS.sys
    0xF82E7000 Mup.sys
    0xF8288000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xF8274000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF8861000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF8250000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF8869000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF8226000 \SystemRoot\system32\DRIVERS\b57xp32.sys
    0xF8551000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF8871000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF8879000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF8212000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF8561000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF8989000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF8881000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF8571000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF8581000 \SystemRoot\System32\Drivers\AFS2K.SYS
    0xF8591000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF85A1000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF81EF000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF85B1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xF8161000 \SystemRoot\system32\drivers\smwdm.sys
    0xF813D000 \SystemRoot\system32\drivers\portcls.sys
    0xF85C1000 \SystemRoot\system32\drivers\drmk.sys
    0xF8125000 \SystemRoot\system32\drivers\aeaudio.sys
    0xF85F1000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF8A0D000 \SystemRoot\system32\DRIVERS\serscan.sys
    0xF8B76000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF8611000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF8991000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF810E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF8621000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF8631000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF8891000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF80FD000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF8641000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF8899000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF88A1000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF80A7000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF8661000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF8049000 \SystemRoot\system32\DRIVERS\teefer2.sys
    0xF8A0F000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF7FEB000 \SystemRoot\system32\DRIVERS\update.sys
    0xF89B5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xEFF57000 \SystemRoot\system32\drivers\ialmkchw.sys
    0xEFF3B000 \SystemRoot\system32\drivers\ialmsbw.sys
    0xF8681000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF86E1000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF8A13000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF88B1000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xEFE29000 \SystemRoot\System32\Drivers\SRTSP.SYS
    0xF88B9000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xEFCB8000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    0xEFF1B000 \SystemRoot\System32\Drivers\SRTSPX.SYS
    0xF89E5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF8AEA000 \SystemRoot\System32\Drivers\Null.SYS
    0xF89E7000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF87F1000 \SystemRoot\System32\drivers\vga.sys
    0xF89E9000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF89EB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF87F9000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF8801000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF8969000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xEFC71000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xEFC18000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xEFBEA000 \SystemRoot\System32\Drivers\SYMTDI.SYS
    0xEFBC4000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF8511000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF86C1000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
    0xEFB9C000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xEFB7A000 \SystemRoot\System32\drivers\afd.sys
    0xF86D1000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xEFB10000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    0xEFAE5000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xEFA75000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF8541000 \SystemRoot\System32\Drivers\Fips.SYS
    0xEFA17000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0xEF9FA000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0xEFF2B000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xEF9BA000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF89F3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF8087000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF8819000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF8BCF000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF01F000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF041000 \SystemRoot\System32\ialmdev5.DLL
    0xBF071000 \SystemRoot\System32\ialmdd5.DLL
    0xEF896000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xEF415000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xEF39E000 \??\C:\WINDOWS\system32\drivers\WpsHelper.sys
    0xEF2C1000 \SystemRoot\system32\drivers\wdmaud.sys
    0xEF47A000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF8A37000 \SystemRoot\System32\Drivers\MCSTRM.SYS
    0xEF157000 \SystemRoot\system32\DRIVERS\srv.sys
    0xF87A9000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
    0xEE783000 \SystemRoot\System32\Drivers\HTTP.sys
    0xEE277000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100814.002\NAVEX15.SYS
    0xEE263000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100814.002\NAVENG.SYS
    0xEDF8D000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 47):
    0 System Idle Process
    4 System
    884 C:\WINDOWS\system32\smss.exe
    932 csrss.exe
    956 C:\WINDOWS\system32\winlogon.exe
    1000 C:\WINDOWS\system32\services.exe
    1012 C:\WINDOWS\system32\lsass.exe
    1180 C:\WINDOWS\system32\svchost.exe
    1284 svchost.exe
    1396 C:\WINDOWS\system32\svchost.exe
    1460 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    1608 svchost.exe
    1700 svchost.exe
    1844 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    180 C:\WINDOWS\system32\spoolsv.exe
    664 svchost.exe
    784 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    868 C:\Program Files\Bonjour\mDNSResponder.exe
    1360 C:\Program Files\Java\jre6\bin\jqs.exe
    1492 C:\WINDOWS\explorer.exe
    2036 C:\WINDOWS\system32\PSIService.exe
    456 C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe
    1480 C:\WINDOWS\system32\igfxtray.exe
    1496 C:\WINDOWS\system32\hkcmd.exe
    1156 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    1536 C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    1744 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    1784 C:\Program Files\QuickTime\QTTask.exe
    1920 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    1980 C:\Program Files\iTunes\iTunesHelper.exe
    288 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    1068 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    1532 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2116 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    2176 C:\WINDOWS\system32\svchost.exe
    2184 C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe
    2192 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    2236 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2264 C:\WINDOWS\system32\ctfmon.exe
    2476 C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe
    2608 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    2944 C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
    812 C:\Program Files\iPod\bin\iPodService.exe
    2052 alg.exe
    3812 C:\Program Files\Internet Explorer\iexplore.exe
    3960 C:\Program Files\Internet Explorer\iexplore.exe
    3744 C:\Documents and Settings\chancock\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD800BB-60JKA0, Rev: 05.01C05

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: BBF289AC40BA09F2CC1797655D4799D2AB148CB5


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
  4. Corsaiga

    Corsaiga Newcomer, in training Topic Starter Posts: 20

    Combo fix

    ComboFix 10-08-15.04 - cwright 08/16/2010 13:17:11.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.183 [GMT -4:00]
    Running from: c:\documents and settings\chancock\Desktop\ComboFix.exe
    AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
    c:\windows\system32\BSTIEPrintCtl1.dll
    c:\windows\system32\drivers\fad.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MYWEBSEARCHSERVICE


    ((((((((((((((((((((((((( Files Created from 2010-07-16 to 2010-08-16 )))))))))))))))))))))))))))))))
    .

    2010-08-10 18:10 . 2010-08-10 18:10 -------- d-sh--w- c:\documents and settings\administrator.ENGLISHCONST\PrivacIE
    2010-08-10 18:10 . 2010-08-10 18:10 -------- d-----w- c:\documents and settings\administrator.ENGLISHCONST\Local Settings\Application Data\Google
    2010-08-10 15:29 . 2010-08-10 15:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
    2010-08-10 15:29 . 2010-08-10 15:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
    2010-08-10 15:29 . 2010-08-10 15:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-08-10 15:28 . 2010-08-10 15:28 31304 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-08-10 15:26 . 2010-08-10 15:26 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2010-08-10 13:45 . 2010-08-12 15:27 81984 ----a-w- c:\windows\system32\bdod.bin
    2010-08-10 13:39 . 2010-08-10 13:40 -------- d-----w- c:\program files\Common Files\Softwin
    2010-08-10 13:33 . 2010-08-10 13:33 -------- d-----w- c:\documents and settings\administrator.ENGLISHCONST\Application Data\Malwarebytes
    2010-08-10 13:33 . 2010-08-10 13:33 -------- d-----w- c:\documents and settings\administrator.ENGLISHCONST\Application Data\Share-to-Web Upload Folder
    2010-08-10 13:32 . 2010-08-10 13:32 -------- d-sh--w- c:\documents and settings\administrator.ENGLISHCONST\IETldCache
    2010-08-06 16:11 . 2010-08-06 16:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-08-06 15:59 . 2010-08-06 15:59 -------- d-----w- c:\documents and settings\chancock\Application Data\Barracuda
    2010-08-06 14:28 . 2010-08-06 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Barracuda
    2010-08-06 14:28 . 2010-05-26 23:30 38352 ----a-w- c:\windows\system32\drivers\bmrtswissarmy.sys
    2010-08-06 14:28 . 2010-08-06 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Barracuda
    2010-08-06 14:28 . 2010-08-06 14:28 -------- d-----w- c:\program files\Barracuda
    2010-08-06 14:26 . 2010-08-06 14:26 -------- d-----w- c:\program files\CCleaner
    2010-08-06 14:24 . 2010-08-06 14:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2010-08-06 14:24 . 2010-08-06 14:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-05 20:02 . 2010-08-05 20:02 61440 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-47e68a3f-n\decora-sse.dll
    2010-08-05 20:02 . 2010-08-05 20:02 503808 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ca9183d-n\msvcp71.dll
    2010-08-05 20:02 . 2010-08-05 20:02 499712 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ca9183d-n\jmc.dll
    2010-08-05 20:02 . 2010-08-05 20:02 348160 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ca9183d-n\msvcr71.dll
    2010-08-05 20:02 . 2010-08-05 20:02 12800 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-47e68a3f-n\decora-d3d.dll
    2010-07-08 16:26 . 2010-07-08 16:26 -------- d-----w- c:\documents and settings\chancock\Application Data\GARMIN
    2010-06-30 12:31 . 2004-08-04 08:00 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44 . 2004-08-04 08:00 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2004-08-04 08:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2004-08-04 08:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2004-08-04 08:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-14 07:41 . 2004-08-04 08:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-02 23:59 . 2008-06-20 03:12 161920 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
    2010-06-02 15:31 . 2005-04-07 13:30 31304 ----a-w- c:\documents and settings\chancock\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-06-02 15:09 . 2010-06-01 13:22 503808 ------w- c:\windows\Setup1.exe
    2010-06-02 15:09 . 2010-06-01 13:22 73216 ----a-w- c:\windows\ST6UNST.EXE
    2010-05-27 20:02 . 2010-05-27 20:02 61440 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-69bdbc46-n\decora-sse.dll
    2010-05-27 20:02 . 2010-05-27 20:02 503808 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22b078d4-n\msvcp71.dll
    2010-05-27 20:02 . 2010-05-27 20:02 499712 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22b078d4-n\jmc.dll
    2010-05-27 20:02 . 2010-05-27 20:02 348160 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22b078d4-n\msvcr71.dll
    2010-05-27 20:02 . 2010-05-27 20:02 12800 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-69bdbc46-n\decora-d3d.dll
    2008-11-03 14:56 . 2008-11-03 14:56 190 ----a-w- c:\program files\Common Files\psasetup.log
    2007-12-11 21:27 . 2007-12-11 21:27 8 --sh--r- c:\windows\system32\D8A1ECF8E8.sys
    2008-10-09 18:30 . 2007-12-11 21:27 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-19 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-03-11 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-03-11 114688]
    "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
    "DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
    "srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
    "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
    "OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2004-12-15 98304]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-12-18 115560]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "SimNotify.exe"="c:\program files\Sage\SIM\Client\SimNotify.exe" [2010-04-14 38696]
    "Corel Photo Downloader"="c:\program files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe" [2007-02-06 478800]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Start Pervasive PSQL Workgroup Engine.lnk - c:\windows\Installer\{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe [2010-6-1 92854]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "disablecad"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceStartMenuLogOff"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1950072679-626140327-4129173426-1268\Scripts\Logon\0\0]
    "Script"=c:\windows\SYSVOL\sysvol\englishconst.com\scripts\logon.bat

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1950072679-626140327-4129173426-500\Scripts\Logon\0\0]
    "Script"=c:\windows\SYSVOL\sysvol\englishconst.com\scripts\logon.bat

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Pervasive Software\\PSQL\\bin\\w3dbsmgr.exe"=

    R2 Sage.LS1.ServiceHost.1.0;Sage Service Host (v1.0);c:\program files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe [4/7/2010 8:04 PM 107816]
    R2 SageInstMgrClient;Sage Installation Manager Client;c:\program files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe [4/14/2010 4:01 AM 15144]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 8:32 AM 102448]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/18/2008 6:17 PM 23888]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://go.compaq.com/1Q00CDT/0409/bl7.asp
    uInternet Settings,ProxyServer = 192.168.0.2:8080
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    TCP: {D5547583-BD46-4A7F-B9EF-21ABCE83F7FE} = 192.168.0.2,192.168.0.4
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    Notify-NavLogon - (no file)
    SafeBoot-Symantec Antvirus
    AddRemove-HijackThis - E:\HijackThis.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-16 13:28
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1950072679-626140327-4129173426-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,d7,14,ec,8d,72,77,4b,9e,b6,54,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,d7,14,ec,8d,72,77,4b,9e,b6,54,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(1012)
    c:\program files\Bonjour\mdnsNSP.dll

    - - - - - - - > 'explorer.exe'(2336)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
    c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\PSIService.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Java\Java Update\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2010-08-16 13:36:45 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-08-16 17:36

    Pre-Run: 56,997,900,288 bytes free
    Post-Run: 56,886,300,672 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 0829ED4A46559AC438D5EB79D5AA2696
  5. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Run MBRCheck again.

    When it's done you'll see the following line:
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Pres the Y key and then press Enter

    When the program asks you to Enter your choice, enter 2 and press the Enter key.

    Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
    Enter 0 (zero) and press the Enter key.

    Next the program will show Available MBR codes:, followed by a list of operating systems.
    Please enter 1 for Windows XP, and then press Enter.

    Next the program will prompt for confirmation.
    Type YES and hit Enter.

    When it's done there should be a text file with the results on your desktop.
    Please copy and paste it back here.

    Then reboot, run MBRCheck again and post new log.
  6. Corsaiga

    Corsaiga Newcomer, in training Topic Starter Posts: 20

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000d

    Kernel Drivers (total 128):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0xF89C1000 \WINDOWS\system32\KDCOM.DLL
    0xF88D1000 \WINDOWS\system32\BOOTVID.dll
    0xF8472000 ACPI.sys
    0xF89C3000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF8461000 pci.sys
    0xF84C1000 isapnp.sys
    0xF8A89000 pciide.sys
    0xF8741000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF84D1000 MountMgr.sys
    0xF8442000 ftdisk.sys
    0xF89C5000 dmload.sys
    0xF841C000 dmio.sys
    0xF8749000 PartMgr.sys
    0xF84E1000 VolSnap.sys
    0xF8404000 atapi.sys
    0xF84F1000 disk.sys
    0xF8501000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF83E4000 fltmgr.sys
    0xF83D2000 sr.sys
    0xF8751000 PxHelp20.sys
    0xF83BB000 KSecDD.sys
    0xF832E000 Ntfs.sys
    0xF8301000 NDIS.sys
    0xF82E7000 Mup.sys
    0xF8288000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xF8274000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF8879000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF8250000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF8881000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF8226000 \SystemRoot\system32\DRIVERS\b57xp32.sys
    0xF8561000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF8889000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF8891000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF8212000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF8571000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF898D000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF8899000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF8581000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF8591000 \SystemRoot\System32\Drivers\AFS2K.SYS
    0xF85A1000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF85B1000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF81EF000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF85C1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xF8161000 \SystemRoot\system32\drivers\smwdm.sys
    0xF813D000 \SystemRoot\system32\drivers\portcls.sys
    0xF85D1000 \SystemRoot\system32\drivers\drmk.sys
    0xF8125000 \SystemRoot\system32\drivers\aeaudio.sys
    0xF85E1000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF8A11000 \SystemRoot\system32\DRIVERS\serscan.sys
    0xF8B6C000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF85F1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF8995000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF810E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF8601000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF8611000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF88A1000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF80FD000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF8621000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF88A9000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF88B1000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF80CD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF8631000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF806F000 \SystemRoot\system32\DRIVERS\teefer2.sys
    0xF8A13000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF7FEB000 \SystemRoot\system32\DRIVERS\update.sys
    0xF89BD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xEFF57000 \SystemRoot\system32\drivers\ialmkchw.sys
    0xEFF3B000 \SystemRoot\system32\drivers\ialmsbw.sys
    0xF8651000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF8691000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF8A15000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF88C1000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xEFDE9000 \SystemRoot\System32\Drivers\SRTSP.SYS
    0xF8761000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xEFC9D000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100814.002\NAVEX15.SYS
    0xEFC78000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    0xEFC64000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100814.002\NAVENG.SYS
    0xEFEDB000 \SystemRoot\System32\Drivers\SRTSPX.SYS
    0xF89F9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF8A8D000 \SystemRoot\System32\Drivers\Null.SYS
    0xF89FB000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF8809000 \SystemRoot\System32\drivers\vga.sys
    0xF89FD000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF89FF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF8811000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF8819000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF8959000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xEFC31000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xEFBD8000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xEFBAA000 \SystemRoot\System32\Drivers\SYMTDI.SYS
    0xEFB84000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF8661000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF8681000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
    0xEFB34000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xEFB12000 \SystemRoot\System32\drivers\afd.sys
    0xF86B1000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xEFAA8000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    0xEFA7D000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xEFA0D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF8721000 \SystemRoot\System32\Drivers\Fips.SYS
    0xEF9AF000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0xEF992000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0xF8701000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xEF97A000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF8A03000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF80B1000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF8839000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF8B39000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF01F000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF041000 \SystemRoot\System32\ialmdev5.DLL
    0xBF071000 \SystemRoot\System32\ialmdd5.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xEF85E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xEF47B000 \??\C:\WINDOWS\system32\drivers\WpsHelper.sys
    0xEF3AE000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF89EF000 \SystemRoot\System32\Drivers\MCSTRM.SYS
    0xEF217000 \SystemRoot\system32\DRIVERS\srv.sys
    0xEEE42000 \SystemRoot\system32\drivers\wdmaud.sys
    0xEF6EA000 \SystemRoot\system32\drivers\sysaudio.sys
    0xEE923000 \SystemRoot\System32\Drivers\HTTP.sys
    0xF8849000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
    0xEE4C0000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 53):
    0 System Idle Process
    4 System
    884 C:\WINDOWS\system32\smss.exe
    932 csrss.exe
    956 C:\WINDOWS\system32\winlogon.exe
    1000 C:\WINDOWS\system32\services.exe
    1012 C:\WINDOWS\system32\lsass.exe
    1184 C:\WINDOWS\system32\svchost.exe
    1288 svchost.exe
    1400 C:\WINDOWS\system32\svchost.exe
    1476 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    1688 svchost.exe
    1772 svchost.exe
    1816 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    2032 C:\WINDOWS\system32\spoolsv.exe
    644 svchost.exe
    696 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    760 C:\Program Files\Bonjour\mDNSResponder.exe
    1704 C:\Program Files\Java\jre6\bin\jqs.exe
    1796 C:\WINDOWS\system32\PSIService.exe
    452 C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe
    652 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    716 C:\WINDOWS\system32\svchost.exe
    740 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    1236 C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe
    1620 C:\WINDOWS\system32\wuauclt.exe
    2756 alg.exe
    3436 C:\WINDOWS\explorer.exe
    3464 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    2924 C:\WINDOWS\system32\igfxtray.exe
    2948 C:\WINDOWS\system32\hkcmd.exe
    2992 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    3024 C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    3148 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    3332 C:\Program Files\QuickTime\QTTask.exe
    3340 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    3348 C:\Program Files\iTunes\iTunesHelper.exe
    3456 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    3600 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    3980 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    4048 C:\Program Files\Sage\SIM\Client\SimNotify.exe
    1596 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3692 C:\WINDOWS\system32\ctfmon.exe
    3052 C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
    4024 C:\Program Files\iPod\bin\iPodService.exe
    1644 C:\Program Files\Internet Explorer\iexplore.exe
    588 C:\Program Files\Internet Explorer\iexplore.exe
    2720 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    200 SescLU.exe
    3756 C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
    2940 C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    2044 C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    1072 C:\Documents and Settings\administrator.ENGLISHCONST\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD800BB-60JKA0, Rev: 05.01C05

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: BBF289AC40BA09F2CC1797655D4799D2AB148CB5


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel

    Please select the MBR code to write to this drive: 1
    Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
    Successfully wrote new MBR code!
    Please reboot your computer to complete the fix.


    Done!
  7. Corsaiga

    Corsaiga Newcomer, in training Topic Starter Posts: 20

    After Reboot

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000d

    Kernel Drivers (total 127):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0xF89C1000 \WINDOWS\system32\KDCOM.DLL
    0xF88D1000 \WINDOWS\system32\BOOTVID.dll
    0xF8472000 ACPI.sys
    0xF89C3000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF8461000 pci.sys
    0xF84C1000 isapnp.sys
    0xF8A89000 pciide.sys
    0xF8741000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF84D1000 MountMgr.sys
    0xF8442000 ftdisk.sys
    0xF89C5000 dmload.sys
    0xF841C000 dmio.sys
    0xF8749000 PartMgr.sys
    0xF84E1000 VolSnap.sys
    0xF8404000 atapi.sys
    0xF84F1000 disk.sys
    0xF8501000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF83E4000 fltmgr.sys
    0xF83D2000 sr.sys
    0xF8751000 PxHelp20.sys
    0xF83BB000 KSecDD.sys
    0xF832E000 Ntfs.sys
    0xF8301000 NDIS.sys
    0xF82E7000 Mup.sys
    0xF8288000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xF8274000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF8849000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF8250000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF8851000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF8226000 \SystemRoot\system32\DRIVERS\b57xp32.sys
    0xF8731000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF8859000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF8861000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF8212000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF8511000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF8985000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF8869000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF8521000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF8531000 \SystemRoot\System32\Drivers\AFS2K.SYS
    0xF8541000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF8551000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF81EF000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF8561000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xF8161000 \SystemRoot\system32\drivers\smwdm.sys
    0xF813D000 \SystemRoot\system32\drivers\portcls.sys
    0xF8571000 \SystemRoot\system32\drivers\drmk.sys
    0xF8125000 \SystemRoot\system32\drivers\aeaudio.sys
    0xF8581000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF89F7000 \SystemRoot\system32\DRIVERS\serscan.sys
    0xF8B08000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF8591000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF898D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF810E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF85A1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF85B1000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF8871000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF80FD000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF85C1000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF8879000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF8881000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF80CD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF85D1000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF806F000 \SystemRoot\system32\DRIVERS\teefer2.sys
    0xF89F9000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF8011000 \SystemRoot\system32\DRIVERS\update.sys
    0xF89B9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xEFF57000 \SystemRoot\system32\drivers\ialmkchw.sys
    0xEFF3B000 \SystemRoot\system32\drivers\ialmsbw.sys
    0xF85F1000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF8621000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF89FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF8889000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xEFDE9000 \SystemRoot\System32\Drivers\SRTSP.SYS
    0xF8891000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xEEEDD000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100814.002\NAVEX15.SYS
    0xEEEB8000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    0xEEEA4000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100814.002\NAVENG.SYS
    0xEFF0B000 \SystemRoot\System32\Drivers\SRTSPX.SYS
    0xF8A0D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF8BA6000 \SystemRoot\System32\Drivers\Null.SYS
    0xF8A0F000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF88A9000 \SystemRoot\System32\drivers\vga.sys
    0xF8A11000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF8A13000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF88B1000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF88B9000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF8961000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xEEE71000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xEEE18000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xEEDEA000 \SystemRoot\System32\Drivers\SYMTDI.SYS
    0xEEDC4000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xEFEFB000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
    0xEED9C000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xEED7A000 \SystemRoot\System32\drivers\afd.sys
    0xEFEEB000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xEED10000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    0xEFEAB000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xEECE5000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xEEC75000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF8601000 \SystemRoot\System32\Drivers\Fips.SYS
    0xEEC17000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0xEEBFA000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0xF86B1000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xEEB1A000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF8A17000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF80B9000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF8761000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF8B6B000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF01F000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF041000 \SystemRoot\System32\ialmdev5.DLL
    0xBF071000 \SystemRoot\System32\ialmdd5.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xEEAA6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xEE61B000 \??\C:\WINDOWS\system32\drivers\WpsHelper.sys
    0xEE5EE000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF89F1000 \SystemRoot\System32\Drivers\MCSTRM.SYS
    0xEE457000 \SystemRoot\system32\DRIVERS\srv.sys
    0xEDF42000 \SystemRoot\system32\drivers\wdmaud.sys
    0xEE506000 \SystemRoot\system32\drivers\sysaudio.sys
    0xEDC53000 \SystemRoot\System32\Drivers\HTTP.sys
    0xF8779000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 50):
    0 System Idle Process
    4 System
    880 C:\WINDOWS\system32\smss.exe
    928 csrss.exe
    952 C:\WINDOWS\system32\winlogon.exe
    996 C:\WINDOWS\system32\services.exe
    1008 C:\WINDOWS\system32\lsass.exe
    1184 C:\WINDOWS\system32\svchost.exe
    1284 svchost.exe
    1396 C:\WINDOWS\system32\svchost.exe
    1444 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    1644 svchost.exe
    1760 svchost.exe
    1812 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    2024 C:\WINDOWS\system32\spoolsv.exe
    660 svchost.exe
    708 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    748 C:\Program Files\Bonjour\mDNSResponder.exe
    1484 C:\Program Files\Java\jre6\bin\jqs.exe
    1672 C:\WINDOWS\system32\PSIService.exe
    184 C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe
    468 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    528 C:\WINDOWS\system32\svchost.exe
    544 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    872 C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe
    1228 C:\WINDOWS\system32\wuauclt.exe
    2512 alg.exe
    3312 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    2428 C:\WINDOWS\explorer.exe
    828 C:\WINDOWS\system32\igfxtray.exe
    1460 C:\WINDOWS\system32\hkcmd.exe
    1536 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    3888 C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    2188 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    2260 C:\Program Files\QuickTime\QTTask.exe
    2276 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    2284 C:\Program Files\iTunes\iTunesHelper.exe
    2712 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    1272 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3592 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3652 C:\WINDOWS\system32\ctfmon.exe
    3772 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    1852 C:\Program Files\iPod\bin\iPodService.exe
    1488 C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
    2968 SescLU.exe
    4016 C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
    2312 C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    2932 C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    720 C:\Documents and Settings\administrator.ENGLISHCONST\Desktop\MBRCheck.exe
    2584 C:\Program Files\Common Files\Java\Java Update\jucheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD800BB-60JKA0, Rev: 05.01C05

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: BBF289AC40BA09F2CC1797655D4799D2AB148CB5


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
  8. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Our fix didn't work :(
    Let's try a different way...

    Restart computer
    When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
    You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
    If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.

    You should get a black screen with a C:\> prompt. Type with an Enter after each line:

    fixmbr

    (If it asks you if you are sure then say "Y".)

    exit

    Reboot computer.

    Post fresh MBRCheck log.
  9. Corsaiga

    Corsaiga Newcomer, in training Topic Starter Posts: 20

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000d

    Kernel Drivers (total 128):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0xF89C1000 \WINDOWS\system32\KDCOM.DLL
    0xF88D1000 \WINDOWS\system32\BOOTVID.dll
    0xF8472000 ACPI.sys
    0xF89C3000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF8461000 pci.sys
    0xF84C1000 isapnp.sys
    0xF8A89000 pciide.sys
    0xF8741000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF84D1000 MountMgr.sys
    0xF8442000 ftdisk.sys
    0xF89C5000 dmload.sys
    0xF841C000 dmio.sys
    0xF8749000 PartMgr.sys
    0xF84E1000 VolSnap.sys
    0xF8404000 atapi.sys
    0xF84F1000 disk.sys
    0xF8501000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF83E4000 fltmgr.sys
    0xF83D2000 sr.sys
    0xF8751000 PxHelp20.sys
    0xF83BB000 KSecDD.sys
    0xF832E000 Ntfs.sys
    0xF8301000 NDIS.sys
    0xF82E7000 Mup.sys
    0xF8288000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xF8274000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF8829000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF8250000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF8831000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF8226000 \SystemRoot\system32\DRIVERS\b57xp32.sys
    0xF8591000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF8839000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF8841000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF8212000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF85A1000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF8995000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF8849000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF85B1000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF85C1000 \SystemRoot\System32\Drivers\AFS2K.SYS
    0xF85D1000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF85E1000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF81EF000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF85F1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xF8161000 \SystemRoot\system32\drivers\smwdm.sys
    0xF813D000 \SystemRoot\system32\drivers\portcls.sys
    0xF8601000 \SystemRoot\system32\drivers\drmk.sys
    0xF8125000 \SystemRoot\system32\drivers\aeaudio.sys
    0xF8611000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF8A19000 \SystemRoot\system32\DRIVERS\serscan.sys
    0xF8B49000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF8621000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF899D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF810E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF8631000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF8641000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF8851000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF80FD000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF8651000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF8859000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF8861000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF80CD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF8661000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF806F000 \SystemRoot\system32\DRIVERS\teefer2.sys
    0xF8A1B000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF8011000 \SystemRoot\system32\DRIVERS\update.sys
    0xF82C3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xEFF57000 \SystemRoot\system32\drivers\ialmkchw.sys
    0xEFF3B000 \SystemRoot\system32\drivers\ialmsbw.sys
    0xF8681000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF86D1000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF8A1D000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF8869000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xEFDE9000 \SystemRoot\System32\Drivers\SRTSP.SYS
    0xF8879000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xEFC9D000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100816.016\NAVEX15.SYS
    0xEFC78000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    0xEFC64000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100816.016\NAVENG.SYS
    0xEFEEB000 \SystemRoot\System32\Drivers\SRTSPX.SYS
    0xF89F5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF8BD7000 \SystemRoot\System32\Drivers\Null.SYS
    0xF89F7000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF87C9000 \SystemRoot\System32\drivers\vga.sys
    0xF89F9000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF89FB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF87D1000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF87D9000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF8981000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xEFC31000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xEFBD8000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xEFBAA000 \SystemRoot\System32\Drivers\SYMTDI.SYS
    0xEFB84000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF86B1000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF86C1000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
    0xEFB5C000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xEFB3A000 \SystemRoot\System32\drivers\afd.sys
    0xF8711000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xEFAD0000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    0xEFAA5000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xEFA35000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF8511000 \SystemRoot\System32\Drivers\Fips.SYS
    0xEF9D7000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0xEF9BA000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0xF8561000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xEF97A000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF8A03000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xEFE97000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF87F9000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF8A8C000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF01F000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF041000 \SystemRoot\System32\ialmdev5.DLL
    0xBF071000 \SystemRoot\System32\ialmdd5.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xEF862000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xEF3ED000 \SystemRoot\system32\drivers\wdmaud.sys
    0xEF592000 \SystemRoot\system32\drivers\sysaudio.sys
    0xEF39E000 \??\C:\WINDOWS\system32\drivers\WpsHelper.sys
    0xEF283000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF8A0D000 \SystemRoot\System32\Drivers\MCSTRM.SYS
    0xEEFCC000 \SystemRoot\system32\DRIVERS\srv.sys
    0xF8779000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
    0xEE8D3000 \SystemRoot\System32\Drivers\HTTP.sys
    0xEE740000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 47):
    0 System Idle Process
    4 System
    884 C:\WINDOWS\system32\smss.exe
    932 csrss.exe
    956 C:\WINDOWS\system32\winlogon.exe
    1000 C:\WINDOWS\system32\services.exe
    1012 C:\WINDOWS\system32\lsass.exe
    1184 C:\WINDOWS\system32\svchost.exe
    1288 svchost.exe
    1400 C:\WINDOWS\system32\svchost.exe
    1460 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    1608 svchost.exe
    1776 svchost.exe
    1860 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    2032 C:\WINDOWS\system32\spoolsv.exe
    728 C:\WINDOWS\explorer.exe
    868 svchost.exe
    1540 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    1600 C:\Program Files\Bonjour\mDNSResponder.exe
    1876 C:\Program Files\Java\jre6\bin\jqs.exe
    544 C:\WINDOWS\system32\PSIService.exe
    1388 C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe
    244 C:\WINDOWS\system32\igfxtray.exe
    272 C:\WINDOWS\system32\hkcmd.exe
    404 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    560 C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    712 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    844 C:\Program Files\QuickTime\QTTask.exe
    792 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    1220 C:\Program Files\iTunes\iTunesHelper.exe
    928 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    1348 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    1344 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    1988 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2096 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2104 C:\WINDOWS\system32\ctfmon.exe
    2256 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    2296 C:\WINDOWS\system32\svchost.exe
    2308 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    2316 C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
    2612 C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe
    2888 C:\WINDOWS\system32\wuauclt.exe
    3232 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    3892 C:\Program Files\iPod\bin\iPodService.exe
    3924 wmiprvse.exe
    3928 alg.exe
    936 C:\Documents and Settings\administrator.ENGLISHCONST\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD800BB-60JKA0, Rev: 05.01C05

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
  10. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Looks good :)


    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\D8A1ECF8E8.sys
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    
    DDS::
    uInternet Settings,ProxyServer = 192.168.0.2:8080
    uInternet Settings,ProxyOverride = <local>
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  11. Corsaiga

    Corsaiga Newcomer, in training Topic Starter Posts: 20

    ComboFix 10-08-18.02 - administrator 08/19/2010 8:14.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.315 [GMT -4:00]
    Running from: c:\documents and settings\administrator.ENGLISHCONST\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\administrator.ENGLISHCONST\Desktop\CFScript.txt
    AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

    FILE ::
    "c:\windows\system32\D8A1ECF8E8.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\D8A1ECF8E8.sys

    .
    ((((((((((((((((((((((((( Files Created from 2010-07-19 to 2010-08-19 )))))))))))))))))))))))))))))))
    .

    2010-08-16 17:54 . 2010-08-16 17:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
    2010-08-16 17:54 . 2010-08-16 17:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2010-08-10 18:10 . 2010-08-10 18:10 -------- d-sh--w- c:\documents and settings\administrator.ENGLISHCONST\PrivacIE
    2010-08-10 18:10 . 2010-08-18 12:07 -------- d-----w- c:\documents and settings\administrator.ENGLISHCONST\Local Settings\Application Data\Google
    2010-08-10 15:29 . 2010-08-10 15:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
    2010-08-10 15:29 . 2010-08-10 15:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
    2010-08-10 15:29 . 2010-08-10 15:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-08-10 15:28 . 2010-08-10 15:28 31304 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-08-10 15:26 . 2010-08-10 15:26 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2010-08-10 13:45 . 2010-08-12 15:27 81984 ----a-w- c:\windows\system32\bdod.bin
    2010-08-10 13:39 . 2010-08-10 13:40 -------- d-----w- c:\program files\Common Files\Softwin
    2010-08-10 13:33 . 2010-08-10 13:33 -------- d-----w- c:\documents and settings\administrator.ENGLISHCONST\Application Data\Malwarebytes
    2010-08-10 13:33 . 2010-08-10 13:33 -------- d-----w- c:\documents and settings\administrator.ENGLISHCONST\Application Data\Share-to-Web Upload Folder
    2010-08-10 13:32 . 2010-08-10 13:32 -------- d-sh--w- c:\documents and settings\administrator.ENGLISHCONST\IETldCache
    2010-08-06 16:11 . 2010-08-06 16:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-08-06 15:59 . 2010-08-06 15:59 -------- d-----w- c:\documents and settings\chancock\Application Data\Barracuda
    2010-08-06 14:28 . 2010-08-06 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Barracuda
    2010-08-06 14:28 . 2010-05-26 23:30 38352 ----a-w- c:\windows\system32\drivers\bmrtswissarmy.sys
    2010-08-06 14:28 . 2010-08-06 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Barracuda
    2010-08-06 14:28 . 2010-08-06 14:28 -------- d-----w- c:\program files\Barracuda
    2010-08-06 14:26 . 2010-08-06 14:26 -------- d-----w- c:\program files\CCleaner
    2010-08-06 14:24 . 2010-08-06 14:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2010-08-06 14:24 . 2010-08-06 14:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder
    2010-08-05 20:02 . 2010-08-05 20:02 61440 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-47e68a3f-n\decora-sse.dll
    2010-08-05 20:02 . 2010-08-05 20:02 503808 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ca9183d-n\msvcp71.dll
    2010-08-05 20:02 . 2010-08-05 20:02 499712 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ca9183d-n\jmc.dll
    2010-08-05 20:02 . 2010-08-05 20:02 348160 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ca9183d-n\msvcr71.dll
    2010-08-05 20:02 . 2010-08-05 20:02 12800 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-47e68a3f-n\decora-d3d.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-16 17:49 . 2005-08-11 14:50 -------- d-----w- c:\program files\Google
    2010-07-08 16:26 . 2010-07-08 16:26 -------- d-----w- c:\documents and settings\chancock\Application Data\GARMIN
    2010-06-30 12:31 . 2004-08-04 08:00 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44 . 2004-08-04 08:00 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2004-08-04 08:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2004-08-04 08:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2004-08-04 08:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-14 07:41 . 2004-08-04 08:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-02 23:59 . 2008-06-20 03:12 161920 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
    2010-06-02 15:31 . 2005-04-07 13:30 31304 ----a-w- c:\documents and settings\chancock\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-06-02 15:09 . 2010-06-01 13:22 503808 ------w- c:\windows\Setup1.exe
    2010-06-02 15:09 . 2010-06-01 13:22 73216 ----a-w- c:\windows\ST6UNST.EXE
    2010-05-27 20:02 . 2010-05-27 20:02 61440 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-69bdbc46-n\decora-sse.dll
    2010-05-27 20:02 . 2010-05-27 20:02 503808 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22b078d4-n\msvcp71.dll
    2010-05-27 20:02 . 2010-05-27 20:02 499712 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22b078d4-n\jmc.dll
    2010-05-27 20:02 . 2010-05-27 20:02 348160 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22b078d4-n\msvcr71.dll
    2010-05-27 20:02 . 2010-05-27 20:02 12800 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-69bdbc46-n\decora-d3d.dll
    2008-11-03 14:56 . 2008-11-03 14:56 190 ----a-w- c:\program files\Common Files\psasetup.log
    2008-10-09 18:30 . 2007-12-11 21:27 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-19 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-03-11 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-03-11 114688]
    "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
    "DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
    "srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
    "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
    "OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2004-12-15 98304]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-12-18 115560]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "SimNotify.exe"="c:\program files\Sage\SIM\Client\SimNotify.exe" [2010-04-14 38696]
    "Corel Photo Downloader"="c:\program files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe" [2007-02-06 478800]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Start Pervasive PSQL Workgroup Engine.lnk - c:\windows\Installer\{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe [2010-6-1 92854]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "disablecad"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceStartMenuLogOff"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1950072679-626140327-4129173426-1268\Scripts\Logon\0\0]
    "Script"=c:\windows\SYSVOL\sysvol\englishconst.com\scripts\logon.bat

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1950072679-626140327-4129173426-500\Scripts\Logon\0\0]
    "Script"=c:\windows\SYSVOL\sysvol\englishconst.com\scripts\logon.bat

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Pervasive Software\\PSQL\\bin\\w3dbsmgr.exe"=

    R2 Sage.LS1.ServiceHost.1.0;Sage Service Host (v1.0);c:\program files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe [4/7/2010 8:04 PM 107816]
    R2 SageInstMgrClient;Sage Installation Manager Client;c:\program files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe [4/14/2010 4:01 AM 15144]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 8:32 AM 102448]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/16/2010 1:49 PM 135664]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/18/2008 6:17 PM 23888]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 17:49]

    2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 17:49]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://go.compaq.com/1Q00CDT/0409/bl7.asp
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    TCP: {D5547583-BD46-4A7F-B9EF-21ABCE83F7FE} = 192.168.0.2,192.168.0.4
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-19 08:19
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1950072679-626140327-4129173426-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,d7,14,ec,8d,72,77,4b,9e,b6,54,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,d7,14,ec,8d,72,77,4b,9e,b6,54,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(1012)
    c:\program files\Bonjour\mdnsNSP.dll
    .
    Completion time: 2010-08-19 08:23:57
    ComboFix-quarantined-files.txt 2010-08-19 12:23
    ComboFix2.txt 2010-08-16 17:36

    Pre-Run: 56,474,988,544 bytes free
    Post-Run: 56,533,495,808 bytes free

    - - End Of File - - 4C4B107872B78CFF8DEEAF0DB21374A3
  12. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Good :)

    How is computer doing at the moment?

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Click OK (Vista users - press Enter).
    Restart computer.

    =====================================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  13. Corsaiga

    Corsaiga Newcomer, in training Topic Starter Posts: 20

    The computer is doing much better. I won't be able to perform the next step until Monday though.
    Thanks so much for your time. I believe you now deserve a portion of my pay check, so I will be making a donation (as soon as I get payed next Friday :p). I don't have much else to offer except for a pretty good knowledge of food and cooking, so if you ever need an awesome recipe, I would be happy to oblige ;)

    Thanks again sir, and I will get back to you with those OTL logs on Monday.
     
  14. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    You're very welcome :)
    I'll be around on Monday :)

    Hahaha....I'll consider :)
  15. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Are you still out there?
  16. Corsaiga

    Corsaiga Newcomer, in training Topic Starter Posts: 20

    I'm sorry for the delay, had some personal issues to address. Here are the OTL scans. Also, IE doesnt seem to be wanting to let me throw on attachments, so the Logs are split up into parts.

    Part 1
    OTL logfile created on: 8/27/2010 4:32:03 PM - Run 1
    OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\administrator.ENGLISHCONST\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    503.00 Mb Total Physical Memory | 51.00 Mb Available Physical Memory | 10.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 53.40 Gb Free Space | 71.66% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: HANCOCK-HR
    Current User Name: administrator
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/08/27 16:31:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator.ENGLISHCONST\Desktop\OTL.exe
    PRC - [2010/04/14 04:01:38 | 000,038,696 | ---- | M] () -- C:\Program Files\Sage\SIM\Client\SimNotify.exe
    PRC - [2010/04/14 04:01:24 | 000,015,144 | ---- | M] () -- C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe
    PRC - [2010/04/07 20:04:58 | 000,107,816 | ---- | M] (Timberline Software Corp.) -- C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe
    PRC - [2009/10/22 13:48:58 | 000,435,488 | ---- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
    PRC - [2009/02/26 15:07:10 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    PRC - [2009/02/26 15:07:08 | 001,799,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    PRC - [2009/02/01 23:37:00 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2008/12/18 16:47:22 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2008/12/18 16:46:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2008/11/19 10:39:41 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
    PRC - [2004/12/14 20:59:56 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    PRC - [2003/05/08 08:34:32 | 000,069,632 | ---- | M] (adi) -- C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    PRC - [2003/05/05 12:57:30 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    PRC - [2002/09/20 20:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    PRC - [2002/04/17 10:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    PRC - [2002/04/17 10:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/08/27 16:31:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator.ENGLISHCONST\Desktop\OTL.exe
    MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - [2010/04/14 04:01:24 | 000,015,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe -- (SageInstMgrClient)
    SRV - [2010/04/07 20:04:58 | 000,107,816 | ---- | M] (Timberline Software Corp.) [Auto | Running] -- C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe -- (Sage.LS1.ServiceHost.1.0) Sage Service Host (v1.0)
    SRV - [2009/02/26 15:07:08 | 001,799,496 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2009/02/01 23:37:00 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2009/02/01 21:43:02 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
    SRV - [2008/12/18 16:46:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2008/12/18 16:46:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2008/12/10 15:46:58 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
    SRV - [2006/05/08 04:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
    SRV - [2006/04/27 17:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
    SRV - [2006/04/27 17:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
    SRV - [2006/04/27 17:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
    SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
    SRV - [2002/09/20 20:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\trufos.sys -- (Trufos)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\profos.sys -- (Profos)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1.ENG\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv)
    DRV - [2010/07/14 04:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100825.040\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/07/14 04:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100825.040\NAVENG.SYS -- (NAVENG)
    DRV - [2010/06/17 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/06/02 19:59:06 | 000,161,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
    DRV - [2010/05/27 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2009/10/03 20:37:11 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2009/02/26 15:11:00 | 000,091,976 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
    DRV - [2009/02/26 15:08:38 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
    DRV - [2008/12/19 15:08:12 | 000,319,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2008/12/19 15:08:12 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2008/12/19 15:08:12 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2008/11/18 18:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
    DRV - [2008/10/14 11:24:18 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
    DRV - [2008/09/09 14:54:42 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2008/08/21 11:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2008/08/21 11:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2007/03/28 08:51:27 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
    DRV - [2005/08/11 10:47:58 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
    DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
    DRV - [2004/08/03 13:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
    DRV - [2004/08/03 13:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
    DRV - [2004/08/03 13:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
    DRV - [2004/08/03 13:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
    DRV - [2004/08/03 13:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
    DRV - [2004/08/03 13:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
    DRV - [2004/08/03 13:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
    DRV - [2004/08/03 13:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
    DRV - [2004/08/03 13:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
    DRV - [2004/08/03 13:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
    DRV - [2004/08/03 13:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
    DRV - [2004/08/03 13:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
    DRV - [2004/08/03 13:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
    DRV - [2004/08/03 13:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
    DRV - [2004/08/03 13:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
    DRV - [2003/02/17 08:22:24 | 000,170,880 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2003/02/05 16:22:32 | 000,050,816 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
    DRV - [2002/05/08 14:44:42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2002/04/04 02:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
    DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 03:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  17. Corsaiga

    Corsaiga Newcomer, in training Topic Starter Posts: 20

    Part 2
    O1 HOSTS File: ([2010/08/19 08:19:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
    O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe (Corel, Inc.)
    O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [SimNotify.exe] C:\Program Files\Sage\SIM\Client\SimNotify.exe ()
    O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [srmclean] C:\cpqs\scom\srmclean.exe ()
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk = C:\WINDOWS\Installer\{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = englishconst.com
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Error starting restore point: System Restore is disabled.
    Error closing restore point: System Restore is disabled.

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/08/27 16:31:14 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\administrator.ENGLISHCONST\Desktop\OTL.exe
    [2010/08/16 13:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
    [2010/08/16 13:54:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2010/08/16 13:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data\Adobe
    [2010/08/16 13:16:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/08/16 13:09:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/08/12 11:34:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010/08/10 14:10:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\PrivacIE
    [2010/08/10 14:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Local Settings\Application Data\Google
    [2010/08/10 14:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data\Google
    [2010/08/10 09:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Softwin
    [2010/08/10 09:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data\Malwarebytes
    [2010/08/10 09:33:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data\Share-to-Web Upload Folder
    [2010/08/10 09:32:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\IETldCache
    [2010/08/10 09:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data\Macromedia
    [2010/08/10 09:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data\Identities
    [2010/08/10 09:31:32 | 000,000,000 | --SD | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data\Microsoft
    [2010/08/10 09:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data\Sun
    [2010/08/10 09:31:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data
    [2010/08/10 09:31:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Favorites
    [2010/08/10 09:31:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Cookies
    [2010/08/10 09:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Local Settings\Application Data\Symantec
    [2010/08/10 09:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data\Symantec
    [2010/08/10 09:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Local Settings\Application Data\Microsoft
    [2010/08/10 09:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Desktop
    [2010/08/10 09:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Local Settings\Application Data\ApplicationHistory
    [2010/08/10 09:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
    [2010/08/10 09:31:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\SendTo
    [2010/08/10 09:31:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Recent
    [2010/08/10 09:31:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Start Menu
    [2010/08/10 09:31:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\My Documents\My Pictures
    [2010/08/10 09:31:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\My Documents\My Music
    [2010/08/10 09:31:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\My Documents
    [2010/08/10 09:31:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Templates
    [2010/08/10 09:31:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\PrintHood
    [2010/08/10 09:31:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\NetHood
    [2010/08/10 09:31:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Local Settings
    [2010/08/06 10:28:41 | 000,038,352 | ---- | C] (Barracuda Networks) -- C:\WINDOWS\System32\drivers\bmrtswissarmy.sys
    [2010/08/06 10:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Barracuda
    [2010/08/06 10:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\Barracuda
    [2010/08/06 10:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2010/06/02 11:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\Barracuda Message Archiver Outlook Add-In
    [2010/06/02 11:50:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
    [2010/06/01 15:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Pervasive Software
    [2010/06/01 15:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pervasive Software
    [2010/06/01 09:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Event 1
    [2010/06/01 09:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\Event 1
    [2010/06/01 09:22:04 | 000,000,000 | ---D | C] -- C:\Program Files\Aatrix Software
    [2010/06/01 09:22:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Aatrix Software
    [2010/06/01 09:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Sage
    [2010/06/01 09:17:25 | 004,210,688 | R--- | C] (Amyuni Technologies
    http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf400.dll
  18. Corsaiga

    Corsaiga Newcomer, in training Topic Starter Posts: 20

    part 3
    ========== Files - Modified Within 90 Days ==========

    [2010/08/27 16:31:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator.ENGLISHCONST\Desktop\OTL.exe
    [2010/08/27 16:29:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/08/27 16:28:39 | 000,002,537 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk
    [2010/08/27 16:28:18 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/08/27 16:28:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/08/27 16:27:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/08/27 16:27:31 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\administrator.ENGLISHCONST\ntuser.ini
    [2010/08/27 16:27:30 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\administrator.ENGLISHCONST\NTUSER.DAT
    [2010/08/27 14:54:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/08/27 09:48:22 | 000,000,617 | ---- | M] () -- C:\WINDOWS\System32\NTS5CSET.INI
    [2010/08/24 08:31:41 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/08/19 08:25:46 | 004,851,962 | -H-- | M] () -- C:\Documents and Settings\administrator.ENGLISHCONST\Local Settings\Application Data\IconCache.db
    [2010/08/19 08:19:56 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/08/19 08:19:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/08/17 09:51:02 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\administrator.ENGLISHCONST\Desktop\MBRCheck_MBR_Backup_08-17-10_09-51-02.bak
    [2010/08/17 09:47:54 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\administrator.ENGLISHCONST\Desktop\MBRCheck.exe
    [2010/08/16 13:16:07 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/08/13 08:14:51 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/08/13 08:14:51 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/08/13 08:14:50 | 000,522,384 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/08/13 08:03:26 | 000,155,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/12 17:14:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/08/12 17:13:10 | 000,000,655 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/08/12 11:27:32 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
    [2010/08/10 13:44:52 | 000,001,384 | ---- | M] () -- C:\WINDOWS\ODBC.INI
    [2010/08/10 11:29:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/08/10 09:32:38 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/08/10 09:32:05 | 000,002,008 | RHS- | M] () -- C:\Documents and Settings\administrator.ENGLISHCONST\ntuser.pol
    [2010/08/06 10:28:41 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Barracuda Malware Removal Tool.lnk
    [2010/08/05 10:06:59 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
    [2010/08/04 16:33:18 | 000,008,628 | -H-- | M] () -- C:\WINDOWS\System32\ZSHP1020.GID
    [2010/06/02 19:59:06 | 000,161,920 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WpsHelper.sys
    [2010/06/02 11:17:21 | 000,007,139 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\services
    [2010/06/02 11:10:16 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Office Connector Launch Pad.lnk
    [2010/06/01 15:24:37 | 000,004,633 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
    [2010/06/01 15:24:36 | 000,002,642 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

    ========== Files Created - No Company Name ==========

    [2010/08/17 09:51:02 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\administrator.ENGLISHCONST\Desktop\MBRCheck_MBR_Backup_08-17-10_09-51-02.bak
    [2010/08/17 09:47:51 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\administrator.ENGLISHCONST\Desktop\MBRCheck.exe
    [2010/08/16 13:49:21 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/08/16 13:49:20 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/08/16 13:16:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/08/16 13:16:02 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/08/11 17:04:25 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2010/08/10 11:29:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/08/10 09:45:56 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
    [2010/08/10 09:32:05 | 000,002,008 | RHS- | C] () -- C:\Documents and Settings\administrator.ENGLISHCONST\ntuser.pol
    [2010/08/10 09:31:39 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/08/10 09:31:39 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2010/08/10 09:31:30 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\administrator.ENGLISHCONST\NTUSER.DAT
    [2010/08/10 09:31:30 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\administrator.ENGLISHCONST\ntuser.dat.LOG
    [2010/08/10 09:31:30 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\administrator.ENGLISHCONST\ntuser.ini
    [2010/08/06 10:28:41 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Barracuda Malware Removal Tool.lnk
    [2010/06/01 15:24:24 | 000,002,537 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk
    [2010/06/01 09:23:56 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Office Connector Launch Pad.lnk
    [2009/10/22 15:38:56 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\BTRDRVR.SYS
    [2009/08/17 10:38:45 | 000,005,357 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
    [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2008/11/03 10:56:03 | 000,000,190 | ---- | C] () -- C:\Program Files\Common Files\psasetup.log
    [2008/11/03 10:55:32 | 000,043,760 | ---- | C] () -- C:\WINDOWS\System32\nwlocale.dll
    [2008/09/09 15:07:07 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Readiris.ini
    [2008/09/09 15:07:02 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
    [2008/09/09 15:05:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\StiRegstEng.dll
    [2007/12/11 17:27:54 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2007/08/16 17:17:50 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
    [2007/06/05 08:14:39 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
    [2007/03/28 11:00:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
    [2005/12/21 18:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
    [2005/12/21 18:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
    [2005/10/28 10:12:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
    [2005/09/19 09:08:05 | 000,000,285 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2005/08/03 09:08:35 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
    [2005/07/21 16:08:03 | 000,000,617 | ---- | C] () -- C:\WINDOWS\System32\NTS5CSET.INI
    [2005/04/04 11:11:42 | 000,000,184 | ---- | C] () -- C:\WINDOWS\bti.ini
    [2005/03/16 15:41:23 | 000,001,384 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/02/12 03:14:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/02/12 03:09:12 | 000,001,058 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2005/02/12 03:08:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
    [2003/06/03 08:08:30 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2010/06/01 09:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aatrix Software
    [2010/08/06 10:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Barracuda
    [2010/06/01 09:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Event 1
    [2007/03/28 08:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
    [2010/06/01 15:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pervasive Software
    [2010/06/02 11:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage
    [2009/08/03 15:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2007/03/28 16:49:33 | 000,003,389 | ---- | M] () -- C:\additdiag.txt
    [2004/02/12 13:34:24 | 000,391,594 | ---- | M] () -- C:\BLUEFI00.100
    [2010/08/06 10:28:45 | 000,000,130 | ---- | M] () -- C:\bmrt-error.txt
    [2005/03/16 15:06:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/08/16 13:16:07 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2010/08/19 08:23:58 | 000,014,213 | ---- | M] () -- C:\ComboFix.txt
    [2008/01/23 13:42:46 | 000,000,772 | ---- | M] () -- C:\EasyShareInstall.log
    [2005/08/03 08:28:26 | 000,413,985 | ---- | M] () -- C:\hpfr5550.log
    [2005/08/03 08:28:26 | 000,000,545 | ---- | M] () -- C:\hpfr5550.xml
    [2005/04/04 11:12:06 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2002/09/09 05:02:46 | 000,221,184 | ---- | M] (Crystal Decisions) -- C:\keycode.dll
    [2005/04/04 11:12:06 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/09/02 08:18:14 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/08/27 16:27:47 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
    [2006/05/01 13:42:07 | 000,007,082 | ---- | M] () -- C:\Rescued document.txt
    [2008/11/03 10:58:49 | 000,000,579 | ---- | M] () -- C:\v9installdebug.log

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2004/12/14 21:01:24 | 000,049,152 | R--- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IMFPRINT.DLL
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\*. /mp /s >


    < %systemroot%\system32\*.dll /lockedfiles >
    [2009/02/26 15:07:32 | 000,049,480 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
    [2009/02/26 15:08:20 | 000,107,848 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll
    [2009/02/26 15:08:22 | 000,357,704 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sysfer.dll

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2004/08/09 02:20:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/09 02:20:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/09 02:20:08 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\user32.dll /md5 >
    [2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

    < %systemroot%\system32\ws2help.dll /md5 >
    [2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
    < End of report >
  19. Corsaiga

    Corsaiga Newcomer, in training Topic Starter Posts: 20

    Extras.txt part 1
    OTL Extras logfile created on: 8/27/2010 4:32:03 PM - Run 1
    OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\administrator.ENGLISHCONST\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    503.00 Mb Total Physical Memory | 51.00 Mb Available Physical Memory | 10.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 53.40 Gb Free Space | 71.66% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: HANCOCK-HR
    Current User Name: administrator
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
    "C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
    "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
    "C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe" = C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe:*:Enabled:Database Service Manager -- (Pervasive Software Inc.)
    "C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe" = C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe:*:Enabled:Sage Service Host (v1.0) -- (Timberline Software Corp.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe" = C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe:*:Disabled:Database Service Manager -- (Pervasive Software Inc.)
  20. Corsaiga

    Corsaiga Newcomer, in training Topic Starter Posts: 20

    Part 2
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0030188A-533E-42EE-9837-E044F10E4369}" = Palm
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}" = Pervasive PSQL v10 SP3 Workgroup (32-bit)
    "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
    "{12665B01-3F3A-4433-B179-9D8E352D7547}" = Try Corel Snapfire muvee autoProducer add on
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{21461F67-7C02-407E-9DF2-EF1752F55142}" = Aatrix Forms for Sage Timberline Office
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
    "{3CA9D105-113C-11D8-AB3E-000102B0F79A}" = Readiris Pro 9
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
    "{5F0C7588-DC73-4465-8BAB-21813C1EC047}" = PDF Manual NW-E000 Series
    "{65438A88-7717-47F9-8078-EA745EF83580}" = Presto! BizCard 4.0 Eng
    "{6710FE30-27F7-492B-A660-D31D4A898A43}" = MSN Toolbar
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
    "{71715DF4-3167-489A-B843-9EEFC71D97E8}" = Sage Installation Manager CLIENT programs
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{750DFF5E-C559-11D4-A441-00B0D0436EE7}" = Broadcom Management Programs
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{83CDDBA5-0306-4173-9851-71F0F0E8412A}" = HP Photo and Imaging 2.2 - Scanjet 8200 Series
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
    "{90150409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003
    "{939E2189-9B65-41FC-A842-1BBC1588BFD1}" = HP eServices Local Prints and Save
    "{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.0
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
    "{AE41BE84-761C-0F5E-451B-3D145E8A8840}" = Acrobat.com
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
    "{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}" = Symantec Endpoint Protection
    "{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
    "{C378651D-4F97-450E-9D33-8AF8C02FC287}" = Sage Timberline Office Accounting Client
    "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
    "{CA706D05-B655-4F31-AA68-03BB2441F8EC}" = Barracuda Message Archiver Outlook Add-In 2.2.1
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{E0150C73-3138-4FD2-B038-7F2637C9B5C7}" = CVS Photo Editor Plus
    "{EEF5C81F-46E4-4C41-9554-541800A33766}" = Timberline Office requirements
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
    "Barracuda Malware Removal Tool_is1" = Barracuda Malware Removal Tool
    "CCleaner" = CCleaner
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Coupon Printer for Windows2.0" = Coupon Printer for Windows
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "HP-LaserJet 1020 series" = LaserJet 1020 series
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
    "InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
    "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSN Music Assistant" = MSN Music Assistant
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Office Connector" = Office Connector (Remove Only)
    "OpenMG HotFix4.5-06-05-10-01" = OpenMG Limited Patch 4.5-06-05-12-01
    "OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020
    "Software Setup" = Software Setup
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinZip" = WinZip
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Toolbar" = Yahoo! Toolbar
    "YInstHelper" = Yahoo! Install Manager

    ========== Last 10 Event Log Errors ==========
  21. Corsaiga

    Corsaiga Newcomer, in training Topic Starter Posts: 20

    Part 3
    [ Application Events ]
    Error - 8/24/2010 4:35:54 PM | Computer Name = HANCOCK-HR | Source = Timberline | ID = 100
    Description =

    Error - 8/26/2010 8:11:48 AM | Computer Name = HANCOCK-HR | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
    Description = EventType clr20r3, P1 simnotify.exe, P2 9.7.0.0, P3 4bc5a08e, P4 sage.sim.desktopnotification.clientlibrary,
    P5 9.7.0.0, P6 4bc5a06b, P7 1e, P8 2e, P9 system.nullreferenceexception, P10 NIL.

    Error - 8/26/2010 8:12:17 AM | Computer Name = HANCOCK-HR | Source = UserInit | ID = 1000
    Description = Could not execute the following script C:\WINDOWS\SYSVOL\sysvol\englishconst.com\scripts\logon.bat.
    The system cannot find the file specified. .

    Error - 8/26/2010 9:15:55 AM | Computer Name = HANCOCK-HR | Source = Application Error | ID = 1000
    Description = Faulting application zshp1020.exe, version 1.0.1007.0, faulting module
    zshp1020.exe, version 1.0.1007.0, fault address 0x0001eb8f.

    Error - 8/26/2010 2:43:20 PM | Computer Name = HANCOCK-HR | Source = Microsoft Office 11 | ID = 1000
    Description = Faulting application msaccess.exe, version 11.0.8321.0, stamp 4b4f9cfd,
    faulting module tscommon.dll, version 9.7.1.114, stamp 4bbd50f1, debug? 0, fault
    address 0x00244846.

    Error - 8/26/2010 4:13:46 PM | Computer Name = HANCOCK-HR | Source = Microsoft Office 11 | ID = 1000
    Description = Faulting application msaccess.exe, version 11.0.8321.0, stamp 4b4f9cfd,
    faulting module tscommon.dll, version 9.7.1.114, stamp 4bbd50f1, debug? 0, fault
    address 0x00244846.

    Error - 8/27/2010 7:58:29 AM | Computer Name = HANCOCK-HR | Source = UserInit | ID = 1000
    Description = Could not execute the following script C:\WINDOWS\SYSVOL\sysvol\englishconst.com\scripts\logon.bat.
    The system cannot find the file specified. .

    Error - 8/27/2010 8:00:08 AM | Computer Name = HANCOCK-HR | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
    Description = EventType clr20r3, P1 simnotify.exe, P2 9.7.0.0, P3 4bc5a08e, P4 sage.sim.desktopnotification.clientlibrary,
    P5 9.7.0.0, P6 4bc5a06b, P7 1e, P8 2e, P9 system.nullreferenceexception, P10 NIL.

    Error - 8/27/2010 4:22:22 PM | Computer Name = HANCOCK-HR | Source = UserInit | ID = 1000
    Description = Could not execute the following script C:\WINDOWS\SYSVOL\sysvol\englishconst.com\scripts\logon.bat.
    The system cannot find the file specified. .

    Error - 8/27/2010 4:29:05 PM | Computer Name = HANCOCK-HR | Source = UserInit | ID = 1000
    Description = Could not execute the following script C:\WINDOWS\SYSVOL\sysvol\englishconst.com\scripts\logon.bat.
    The system cannot find the file specified. .

    [ Sage Events ]
    Error - 6/29/2010 2:11:28 PM | Computer Name = HANCOCK-HR | Source = Sage Diagnostics | ID = 0
    Description = Minidump created at: T:\9.5\Accounting\Misc\Dumps\PR(9e8)-20100629-14112778.dmp

    Error - 6/29/2010 2:11:28 PM | Computer Name = HANCOCK-HR | Source = Sage Diagnostics | ID = 0
    Description = Aborted. Pervasive status code 161. Your system has reached the maximum
    number of licenses. This situation can occur when the Pervasive Server engine shuts
    down and another workstation takes control of the processing. Contact Timberline
    Support for a resolution [TS 2696]

    Error - 6/29/2010 2:11:45 PM | Computer Name = HANCOCK-HR | Source = Sage Diagnostics | ID = 0
    Description = Minidump created at: T:\9.5\Accounting\Misc\Dumps\IA(8d8)-20100629-14114481.dmp

    Error - 6/29/2010 2:11:45 PM | Computer Name = HANCOCK-HR | Source = Sage Diagnostics | ID = 0
    Description = Aborted. Pervasive status code 161. Your system has reached the maximum
    number of licenses. This situation can occur when the Pervasive Server engine shuts
    down and another workstation takes control of the processing. Contact Timberline
    Support for a resolution [TS 2696]

    Error - 6/29/2010 2:11:48 PM | Computer Name = HANCOCK-HR | Source = Sage Diagnostics | ID = 0
    Description = End Information Assistant

    Error - 6/29/2010 2:12:21 PM | Computer Name = HANCOCK-HR | Source = Sage Diagnostics | ID = 0
    Description = Minidump created at: T:\9.5\Accounting\Misc\Dumps\IA(5e8)-20100629-14122162.dmp

    Error - 6/29/2010 2:12:21 PM | Computer Name = HANCOCK-HR | Source = Sage Diagnostics | ID = 0
    Description = Aborted. Pervasive status code 161. Your system has reached the maximum
    number of licenses. This situation can occur when the Pervasive Server engine shuts
    down and another workstation takes control of the processing. Contact Timberline
    Support for a resolution [TS 2696]

    Error - 6/29/2010 2:12:26 PM | Computer Name = HANCOCK-HR | Source = Sage Diagnostics | ID = 0
    Description = End Information Assistant

    Error - 7/29/2010 3:07:00 PM | Computer Name = HANCOCK-HR | Source = Sage Diagnostics | ID = 0
    Description =

    Error - 8/6/2010 11:13:06 AM | Computer Name = HANCOCK-HR | Source = Business Layer | ID = 0
    Description = Message Source: tsGoldSuiteManager.SuiteManager FinalConstruct Invalid
    System Mode

    [ System Events ]
    Error - 8/12/2010 12:43:52 PM | Computer Name = HANCOCK-HR | Source = Service Control Manager | ID = 7000
    Description = The BDFsDrv service failed to start due to the following error: %%2

    Error - 8/12/2010 12:43:52 PM | Computer Name = HANCOCK-HR | Source = Service Control Manager | ID = 7000
    Description = The BDRsDrv service failed to start due to the following error: %%2

    Error - 8/12/2010 12:46:52 PM | Computer Name = HANCOCK-HR | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain ENGLISHCONST due to the
    following: %%1311. Make sure that the computer is connected to the network and try
    again.
    If the problem persists, please contact your domain administrator.

    Error - 8/12/2010 12:48:40 PM | Computer Name = HANCOCK-HR | Source = Print | ID = 33
    Description = The PrintQueue Container could not be found because the DNS Domain
    name could not be retrieved. Error: 54b

    Error - 8/18/2010 8:13:31 AM | Computer Name = HANCOCK-HR | Source = DCOM | ID = 10010
    Description = The server {7E477741-01A6-4C06-9DAC-55F6174C08A3} did not register
    with DCOM within the required timeout.

    Error - 8/23/2010 8:16:02 AM | Computer Name = HANCOCK-HR | Source = DCOM | ID = 10005
    Description = DCOM got error "%1053" attempting to start the service LiveUpdate
    with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

    Error - 8/23/2010 8:16:16 AM | Computer Name = HANCOCK-HR | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the LiveUpdate service to
    connect.

    Error - 8/23/2010 8:16:16 AM | Computer Name = HANCOCK-HR | Source = Service Control Manager | ID = 7000
    Description = The LiveUpdate service failed to start due to the following error:
    %%1053

    Error - 8/27/2010 4:32:28 PM | Computer Name = HANCOCK-HR | Source = SRService | ID = 104
    Description = The System Restore initialization process failed.

    Error - 8/27/2010 4:32:29 PM | Computer Name = HANCOCK-HR | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
    %%2


    < End of report >
  22. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Your computer would definitely benefit from adding another 512MB of RAM.

    ========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\trufos.sys -- (Trufos)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\profos.sys -- (Profos)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1.ENG\LOCALS~1\Temp\catchme.sys -- (catchme)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv)
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
  23. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Are you still out there?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.