Jump to content

Malwarebytes

My PC starts EXTREMLY SLOW

Started by SLIPPY1175, Oct 26 2008 01:14 PM

7 replies to this topic

#1
SLIPPY1175
Posted 26 October 2008 - 01:14 PM

    New Member

  • Members
  • Pip
  • 45 posts
So i had antivirus XP, then i had Smart Antivirus 2009, and with the help of this site i got rid of it but now for some reason my computer starts really slow but after it starts full, like a good 10 minutes, the computer is up to its usaual speed. So anyways any tips?

BTW
I already disabled all my programs "start on sign in" features to see if that would help but it isn't

#2
SLIPPY1175
Posted 26 October 2008 - 05:49 PM

    New Member

  • Members
  • Pip
  • 45 posts
and by slow i mean when i double click on a program it takes another minutes of two for it to actually open, this happens with all my programs, firefox, malwarebytes, itunes, virtual dj, everything

#3
AdvancedSetup
Posted 26 October 2008 - 08:34 PM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,571 posts
  • Gender:Male
  • Location:US
Well we need to know for sure that it's not infected again.

Please read and follow the instructions provided here: Pre- HJT Post Instructions
When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

Also run this routine for us to check on stuff

Important!
[indent]All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.

I also need for you to download this program OTListIt.exe to your desktop.
    [indent]
  • Close all applications and windows so that you have nothing open and are at your Desktop
  • Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.
  • Place a checkmark in the "Scan All Users" checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)
  • Click the Run Scan button
  • NOTE: Please be patient and let the scan run without using the computer
  • When the scan is complete, a text file (OTListIt.Txt) will open in Notepad (if not, it can be found on your Desktop)
  • In Notepad, click Edit, Select all then Edit, Copy
  • Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.
  • Submit your reply and close the Notepad window with OTList.txt
  • Also OTListIt's Extras.txt log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window
  • In Notepad, click Edit, Select all then Edit, Copy
  • Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.
  • NOTE: If the files (OTListIt.txt, Extras.txt) do not appear in your taskbar, just open the files in notepad from your desktop.[/indent]
[/indent]
[indent]Please allow me time to analyze your post. If you don't see a reply from me after 24 hours, feel free to PM me.[/indent]

#4
SLIPPY1175
Posted 27 October 2008 - 10:20 PM

    New Member

  • Members
  • Pip
  • 45 posts
ok, i posted my topic in the hijack this logs forum and i will be downloading the said file when i can but it will be hard for me because my dad works off this computer and if i cannot use the computer at all during the scan it will be hard for me to find a time that he doesn't work

do you know how long this scan will take?

if its long it will take me some time to find a time to do it when my dad isn't on this computer

#5
AdvancedSetup
Posted 28 October 2008 - 12:15 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,571 posts
  • Gender:Male
  • Location:US
This OT scan will run pretty quick on most systems.

#6
SLIPPY1175
Posted 29 October 2008 - 09:32 PM

    New Member

  • Members
  • Pip
  • 45 posts
this is the first OT list scan

OTListIt logfile created on: 10/29/2008 3:25:34 PM - Run
OTListIt by OldTimer - Version 1.0.11.1 Folder = C:\Documents and Settings\Jonathan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.17% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.74 Gb Total Space | 66.77 Gb Free Space | 59.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HMESFIN-PC3
Current User Name: Jonathan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/04/08 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
[2005/04/08 15:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
[2008/02/22 10:33:00 | 00,104,960 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
[2008/01/15 03:40:04 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[1999/12/12 19:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE
[2005/01/07 14:15:58 | 01,409,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
[2005/04/17 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
[2008/02/05 18:18:48 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[2008/02/05 18:20:42 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2008/01/29 14:47:42 | 00,965,120 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
[2006/04/21 13:14:00 | 00,450,560 | ---- | M] (Oracle) -- C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
[2005/04/17 12:30:42 | 00,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
[2005/04/17 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
[2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
[2004/04/21 04:48:42 | 00,931,080 | ---- | M] (Zone Labs Inc.) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[2008/02/05 18:18:48 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[2004/04/21 04:40:34 | 00,439,560 | ---- | M] (Zone Labs Inc.) -- C:\Program Files\Zone Labs\Integrity Client\iclient.exe
[2003/09/17 10:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
[2008/04/13 18:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2005/04/08 15:52:30 | 00,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[2005/04/17 12:30:48 | 00,085,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
[2008/02/04 15:18:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/02/22 10:33:00 | 00,072,192 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[2008/02/13 13:02:46 | 00,564,496 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[2008/02/13 13:06:58 | 02,196,240 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
[2003/11/06 19:32:30 | 00,270,336 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
[2008/02/04 15:18:32 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/02/13 13:02:24 | 00,405,776 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
[2008/10/29 15:23:58 | 00,418,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\OTListIt.exe

========== (O23) Win32 Services ==========

[2008/02/22 10:33:00 | 00,104,960 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon [Auto | Running])
[2008/01/15 03:40:04 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2005/04/08 15:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
[2005/04/08 15:54:50 | 00,083,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
[2005/04/08 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
[1999/12/12 19:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2005/01/07 14:15:58 | 01,409,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
[2005/04/17 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
[2007/09/16 17:19:02 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2008/02/04 15:18:32 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/02/05 18:18:48 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])
[2008/02/05 18:20:42 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
[2008/02/05 18:22:36 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2008/01/29 14:47:42 | 00,965,120 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe -- (MyDesktopWindows [Auto | Running])
File not found -- -- (OracleDBConsoleinfra [Disabled | Stopped])
[2005/08/16 12:21:06 | 00,024,064 | ---- | M] (Oracle Corporation) -- C:\oracle\product\10g\BIN\nmesrvc.exe -- (OracleDBConsoleorcl [On_Demand | Stopped])
File not found -- -- (OracleDBConsoletest [Disabled | Stopped])
[2005/08/29 19:32:22 | 00,102,400 | ---- | M] () -- c:\oracle\product\10g\BIN\extjob.exe -- (OracleJobSchedulerORCL [On_Demand | Stopped])
[2005/08/16 01:23:02 | 00,053,248 | ---- | M] (Oracle) -- C:\oracle\product\10g\BIN\isqlplussvc.exe -- (OracleOraDb10g_home1iSQL*Plus [On_Demand | Stopped])
[2005/08/15 23:57:48 | 00,204,800 | ---- | M] () -- C:\oracle\product\10g\BIN\TNSLSNR.EXE -- (OracleOraDb10g_home1TNSListener [On_Demand | Stopped])
File not found -- -- (OracleOraDb10g_home2iSQL*Plus [Disabled | Stopped])
File not found -- -- (OracleOraDb10g_home2TNSListener [Disabled | Stopped])
[2005/08/29 22:03:50 | 59,027,456 | ---- | M] (Oracle Corporation) -- c:\oracle\product\10g\BIN\oracle.exe -- (OracleServiceORCL [On_Demand | Stopped])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/04/21 13:14:00 | 00,450,560 | ---- | M] (Oracle) -- C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe -- (QOSMyDesktop [Auto | Running])
[2005/04/17 12:30:42 | 00,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [Auto | Running])
[2005/03/30 21:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
[2005/04/17 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
[2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2004/04/21 04:48:42 | 00,931,080 | ---- | M] (Zone Labs Inc.) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])

========== Driver Services ==========

[2004/09/02 21:01:16 | 00,396,480 | ---- | M] (D-Link Corporation) -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB [On_Demand | Running])
[2003/05/05 19:25:48 | 00,028,205 | ---- | M] (Alpha Networks Inc.) -- C:\WINDOWS\system32\ANIO.sys -- (ANIO [Auto | Running])
[2004/04/25 21:23:41 | 00,130,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2003/05/01 13:26:34 | 00,005,220 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
[2005/01/07 14:14:30 | 00,297,035 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
[2003/08/15 02:55:08 | 00,011,237 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp [On_Demand | Running])
[2003/07/24 18:55:50 | 00,139,604 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE [On_Demand | Running])
[2005/08/15 19:14:46 | 00,010,910 | ---- | M] (Oracle Corp.) -- C:\WINDOWS\system32\drivers\dsload.sys -- (dsload [Unknown | Stopped])
[2008/09/17 02:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2008/02/05 20:21:48 | 00,023,832 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService [On_Demand | Stopped])
[2006/09/19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2003/09/17 15:57:22 | 00,008,440 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt [Auto | Running])
[2008/02/05 18:18:12 | 00,689,176 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap [On_Demand | Stopped])
[2008/02/05 18:20:08 | 00,025,624 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
[2008/02/05 20:20:40 | 00,628,760 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS [On_Demand | Running])
[2008/02/05 20:21:25 | 00,041,752 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
[2008/02/05 20:21:37 | 04,658,456 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC [On_Demand | Running])
[2008/09/17 02:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081028.004\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/09/17 02:00:00 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081028.004\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2004/04/25 21:23:40 | 00,178,736 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2004/06/03 12:10:00 | 00,071,596 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT [Auto | Running])
[2003/03/31 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2003/10/13 13:29:58 | 00,067,456 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\GA311ND5.SYS -- (RTL8023 [On_Demand | Stopped])
[2004/08/03 23:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139 [On_Demand | Stopped])
[2005/02/04 20:14:30 | 00,324,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Running])
[2005/02/04 20:14:32 | 00,053,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Running])
[2004/07/27 03:31:34 | 01,643,648 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sbusb.sys -- (sbusb [On_Demand | Running])
[2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/03/30 21:48:20 | 00,372,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
[2005/04/01 20:36:04 | 00,123,200 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2008/01/15 03:39:58 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 12:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
[2001/05/07 04:56:02 | 00,019,805 | R--- | M] (Thesycon GmbH, Germany) -- C:\WINDOWS\system32\drivers\usbio.sys -- (USBIO [On_Demand | Stopped])
[2008/04/13 12:46:20 | 00,121,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Stopped])
[2004/04/21 04:48:30 | 00,198,992 | ---- | M] (Zone Labs Inc.) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [Auto | Running])
[2004/05/07 13:47:10 | 00,079,616 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GV4SRV [On_Demand | Stopped])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-1078081533-412668190-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKU\S-1-5-21-1078081533-412668190-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-1078081533-412668190-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
HKU\S-1-5-21-1078081533-412668190-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
HKU\S-1-5-21-1078081533-412668190-682003330-1006\S-1-5-21-1078081533-412668190-682003330-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (265567 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 192.168.1.101 hmesfin-pc3.us.oracle.com hmesfin-pc3
O1 - Hosts: 138.1.148.133 hmesfinsun.us.oracle.com hmesfinsun
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 9199 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-1078081533-412668190-682003330-1006\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r (Creative Technology Ltd)
O4 - HKLM..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe (D-Link)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor (Creative Technology Ltd)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [TweakAutomaticUpdates] C:\WINDOWS\orclobi\suspatch.exe /S /CHECK ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe" (Zone Labs Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [NetscapeConfig] C:\WINDOWS\orclobi\config\DTC121~1.EXE /NEWUSER File not found
O4 - HKU\S-1-5-21-1078081533-412668190-682003330-1006..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-1078081533-412668190-682003330-1006..\Run: [NetscapeConfig] C:\WINDOWS\orclobi\config\DTC121~1.EXE /NEWUSER File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe ()
O4 - Startup: C:\Documents and Settings\Habte Mesfin\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-412668190-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-412668190-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: IE HTTPAnalyzer V2 - {85F4A88D-5FA7-40BB-8BD3-AF7E24C0BF4A} - C:\Program Files\IEInspector\HTTPAnalyzerFullV2\IEHTTPAnalyzerV2.dll (IEInspector Software)
O9 - Extra 'Tools' menuitem : IE HTTPAnalyzer V2 - {85F4A88D-5FA7-40BB-8BD3-AF7E24C0BF4A} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 46 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: 45 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Sites: 45 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Sites: 45 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1078081533-412668190-682003330-1006\..Trusted Sites: 45 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://software-dl.real.com/26291336b09b14...ip/RdxIE601.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} http://hmesfinsun.us...tor/oajinit.exe (Oracle JInitiator 1.1.8.16)
O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} http://bde-linux3.us...tor/oajinit.exe (JInitiator 1.3.1.18)
O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} http://fusion12.us.o...tor/oajinit.exe (JInitiator 1.3.1.21)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-itss - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - skype4com - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
NavLogon: "DllName" = C:\WINDOWS\system32\NavLogon.dll -- C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/05/22 18:49:48 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/10/29 15:23:57 | 00,418,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\OTListIt.exe
[2008/10/26 07:30:29 | 00,000,000 | ---D | C] -- C:\442c3f6aa300f5ec7b6a6d6ea6
[2008/10/23 17:55:06 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/18 19:20:35 | 00,000,837 | ---- | C] () -- C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2008/10/16 13:40:18 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/16 13:39:50 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/16 13:39:48 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/16 13:39:47 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/16 13:39:47 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/16 13:39:46 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/03 17:48:51 | 00,014,472 | ---- | C] () -- C:\Documents and Settings\Jonathan\My Documents\Thomas Tall Tale0001.mdi
[2008/10/03 17:47:27 | 00,012,974 | ---- | C] () -- C:\Documents and Settings\Jonathan\My Documents\Thomas Tall Tale.mdi
[2008/10/01 16:37:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/10/01 16:29:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/10/01 16:29:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/10/01 16:29:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/10/01 16:25:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2008/10/01 16:14:41 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/10/01 16:14:35 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/10/01 16:14:35 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/10/01 16:14:32 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/10/01 16:14:30 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/10/01 16:14:30 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/10/01 16:14:30 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/10/01 16:14:29 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/10/01 16:14:29 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/10/01 16:14:29 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/10/01 16:14:29 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/10/01 16:14:29 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/10/01 16:14:29 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/10/01 16:14:29 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/10/01 16:14:28 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/10/01 16:14:28 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/10/01 16:14:28 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/10/01 16:14:28 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/10/01 16:14:28 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/10/01 16:14:28 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/10/01 16:14:28 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/10/01 16:14:28 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/10/01 16:14:20 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2008/10/01 16:14:20 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/10/01 16:14:19 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2008/10/01 16:14:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/10/01 16:14:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/10/01 16:14:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/10/01 16:14:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/10/01 16:14:14 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/10/01 16:14:14 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/10/01 16:14:08 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/10/01 16:14:08 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/10/01 16:14:08 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/10/01 16:14:08 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/10/01 16:14:00 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/10/01 16:14:00 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/10/01 16:13:58 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2008/10/01 16:13:58 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/10/01 16:13:58 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/10/01 16:13:58 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/10/01 16:13:57 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/10/01 16:13:57 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/10/01 16:13:57 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/10/01 16:13:51 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/10/01 16:13:48 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2008/10/01 16:13:46 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/10/01 16:13:46 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/10/01 16:13:46 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/10/01 16:13:45 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/10/01 16:13:44 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/10/01 16:13:42 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/10/01 16:13:39 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/10/01 16:13:39 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/10/01 16:13:34 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/10/01 16:13:34 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/10/01 16:13:30 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2008/10/01 16:13:30 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2008/10/01 16:13:29 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2008/10/01 15:51:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2008/10/01 15:50:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2008/10/01 15:05:46 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/09/30 16:05:57 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Jonathan\My Documents\My Videos
[2008/09/30 16:04:59 | 00,025,056 | R--- | C] () -- C:\WINDOWS\System32\Repository.reg
[2008/09/30 16:04:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2008/09/30 16:04:47 | 00,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/09/30 16:04:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2008/09/30 16:04:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan\Application Data\Leadertech
[2008/09/30 16:02:39 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2008/09/30 16:02:38 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2008/09/30 16:01:18 | 00,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2008/09/30 16:01:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2008/09/30 16:01:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2008/09/30 16:01:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2008/09/30 16:01:03 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech


========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/10/29 15:23:58 | 00,418,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\OTListIt.exe
[2008/10/29 15:04:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/29 15:04:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/29 15:04:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2008/10/29 15:03:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2008/10/28 16:08:15 | 05,865,064 | -H-- | M] () -- C:\Documents and Settings\Jonathan\Local Settings\Application Data\IconCache.db
[2008/10/28 13:30:15 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/10/28 13:29:31 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2008/10/28 13:25:27 | 00,001,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2008/10/27 16:39:01 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/27 15:50:42 | 00,013,696 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/18 19:20:36 | 00,000,837 | ---- | M] () -- C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2008/10/16 18:26:13 | 00,244,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/16 16:57:38 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 10:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 10:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/13 19:12:22 | 00,360,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/13 19:12:22 | 00,314,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/13 19:12:22 | 00,041,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/07 13:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/03 17:48:51 | 00,014,472 | ---- | M] () -- C:\Documents and Settings\Jonathan\My Documents\Thomas Tall Tale0001.mdi
[2008/10/03 17:47:27 | 00,012,974 | ---- | M] () -- C:\Documents and Settings\Jonathan\My Documents\Thomas Tall Tale.mdi
[2008/10/03 11:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 11:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/10/01 16:24:44 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/09/30 16:04:39 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/09/30 16:04:39 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm

< End of report >

#7
SLIPPY1175
Posted 29 October 2008 - 09:32 PM

    New Member

  • Members
  • Pip
  • 45 posts
the extras scan:

OTListIt Extras logfile created on: 10/29/2008 3:25:34 PM - Run
OTListIt by OldTimer - Version 1.0.11.1 Folder = C:\Documents and Settings\Jonathan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.17% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.74 Gb Total Space | 66.77 Gb Free Space | 59.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HMESFIN-PC3
Current User Name: Jonathan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2007/05/07 20:28:58 | 00,589,824 | ---- | M] (TightVNC Group) -- C:\Program Files\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server
[2008/04/13 18:12:20 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program
[1999/04/16 21:40:50 | 00,828,416 | ---- | M] (jan debis) -- C:\Program Files\LeechFTP\Leechftp.exe:*:Enabled:LeechFTP
File not found -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
File not found -- C:\Documents and Settings\Habte Mesfin\Local Settings\Temp\OraInstall2006-10-23_01-16-54PM\jre\1.4.2\bin\javaw.exe:*:Disabled:javaw
File not found -- C:\oracle\product\10.2.0\10g\jdk\jre\bin\java.exe:*:Disabled:java
[2006/05/13 08:55:19 | 00,049,250 | ---- | M] (Sun Microsystems, Inc.) -- C:\jdev\jdevstudio1013\jdk\bin\javaw.exe:*:Disabled:Java™ 2 Platform Standard Edition binary
File not found -- C:\oracle\product\10.2.0\jdk\jre\bin\java.exe:*:Disabled:java
[2006/05/13 08:55:19 | 00,049,248 | ---- | M] (Sun Microsystems, Inc.) -- C:\jdev\jdevstudio1013\jdk\bin\java.exe:*:Disabled:Java™ 2 Platform Standard Edition binary
[2006/01/24 11:13:58 | 00,099,840 | R--- | M] () -- C:\jdev\jdevstudio1013\jdev\bin\jdev.exe:*:Enabled:jdev
[2008/08/22 23:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
[2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2006/11/03 01:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/02/04 15:18:34 | 19,926,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/08/06 09:21:06 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/08/12 18:19:02 | 21,741,864 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}" = iTunes
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A99BB6A-0A01-4214-BD32-D54BD3FD79E4}_is1" = HTTP Analyzer V2.0.2
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5A633ED0-E5D7-4D65-AB8D-53ED43510284}" = Symantec AntiVirus
"{5C0054EB-24A5-46A8-80E3-62AAA930DEFA}" = Sound Blaster Live! 24-Bit External
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{6294CE03-1A16-4610-891E-FDAF9A585A54}" = SA52xx Device Manager
"{6444D9D9-CD6C-4464-B970-55C606C944DC}" = Logitech QuickCam
"{68249B6E-B714-11D7-88E8-0050DA21757E}" = Oracle JInitiator 1.3.1.18
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus XtremeG
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{8D8B167A-ED0F-43F1-AC10-3F4379F7CBBB}" = ArcSoft MediaConverter 2.5
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CAFECAFE-0013-0001-0121-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.21
"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support
"{DBD40476-78A4-4738-86B4-A5FB8807946D}" = NETGEAR GA311 Gigabit Adapter
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DF15059E-A356-47B2-B14B-6380ED32AB68}" = Microsoft Baseline Security Analyzer 1.2.1
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"AIMTunes" = AIMTunes
"AOL Search" = AOL Search
"Cisco VPN Client 4.6" = Cisco VPN Client 4.6
"ExpertTool" = ExpertTool
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 2.9
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"GS GeezMahtem Unicode" = GS GeezMahtem Unicode
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus XtremeG
"InstallShield_{DBD40476-78A4-4738-86B4-A5FB8807946D}" = NETGEAR GA311 Smart Wizard Utility
"Integrity Client" = Integrity Client
"Jabber MomentIM" = Jabber MomentIM
"LeechFTP" = LeechFTP
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"lvdrivers_11.70" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Options Investigator" = Options Investigator 1.0
"Oracle JInitiator 1.1.8.16" = Oracle JInitiator 1.1.8.16
"Oracle RTC Messenger" = Oracle Messenger
"OracleRTCClient" = Oracle Web Conferencing Console
"Position Simulator" = Position Simulator
"RealPlayer 6.0" = RealPlayer
"RollerCoaster Tycoon Setup" = Roll
"Symantec Antivirus 10" = Symantec Antivirus 10
"SysInfo" = Creative System Information
"TightVNC_is1" = TightVNC 1.3.9
"Uninstall_is1" = Uninstall 1.0.0.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/28/2008 6:25:02 PM | Computer Name = HMESFIN-PC3 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Backdoor.Trojan in File: C:\System Volume Information\_restore{DBC6A1EB-BFE7-45B2-9A8B-805CB9D9D5BD}\RP522\A0105432.exe
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 10/28/2008 6:25:06 PM | Computer Name = HMESFIN-PC3 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Spyware.ISearch in File: C:\System Volume Information\_restore{DBC6A1EB-BFE7-45B2-9A8B-805CB9D9D5BD}\RP521\A0104151.dll
by: Auto-Protect scan. Action: Leave Alone succeeded : Access allowed. Action
Description: The file was left unchanged.

Error - 10/28/2008 6:25:21 PM | Computer Name = HMESFIN-PC3 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Adware.ISMonitor in File: C:\System Volume Information\_restore{DBC6A1EB-BFE7-45B2-9A8B-805CB9D9D5BD}\RP521\A0104218.exe
by: Auto-Protect scan. Action: Leave Alone succeeded : Access allowed. Action
Description: The file was left unchanged.

Error - 10/28/2008 7:06:04 PM | Computer Name = HMESFIN-PC3 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Threat: Downloader in File: C:\SYSTEM~1\_RESTO~1\RP522\A0105434.exe
by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
The file was deleted successfully.

Error - 10/28/2008 7:06:04 PM | Computer Name = HMESFIN-PC3 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Downloader in File: C:\System Volume Information\_restore{DBC6A1EB-BFE7-45B2-9A8B-805CB9D9D5BD}\RP522\A0105434.exe
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 10/28/2008 7:06:04 PM | Computer Name = HMESFIN-PC3 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: Downloader in File: C:\SYSTEM~1\_RESTO~1\RP522\A0105434.exe
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 10/29/2008 5:04:45 PM | Computer Name = HMESFIN-PC3 | Source = TrueVector Service | ID = 5009
Description = TrueVector engine: Timeout on debug mutex

Error - 10/29/2008 5:04:48 PM | Computer Name = HMESFIN-PC3 | Source = TrueVector Service | ID = 5007
Description = TrueVector engine: File "C:\WINDOWS\Internet Logs\IAMDB.RDB" was corrupt
and has been copied to "C:\WINDOWS\Internet Logs\xDB374.tmp". File "C:\WINDOWS\Internet
Logs\IAMDB.RDB" was corrupt and has been deleted.

Error - 10/29/2008 5:04:48 PM | Computer Name = HMESFIN-PC3 | Source = TrueVector Service | ID = 5007
Description = TrueVector engine: File "C:\WINDOWS\Internet Logs\IAMDB.RDB" was corrupt,
restoring from backup "C:\WINDOWS\Internet Logs\BACKUP.RDB".

Error - 10/29/2008 5:04:58 PM | Computer Name = HMESFIN-PC3 | Source = TrueVector Service | ID = 5007
Description = TrueVector engine: File "C:\WINDOWS\Internet Logs\HMESFIN-PC3.ldb"
was corrupt and has been copied to "C:\WINDOWS\Internet Logs\xDB375.tmp". File
"C:\WINDOWS\Internet Logs\HMESFIN-PC3.ldb" was corrupt and has been deleted.

[ System Events ]
Error - 10/25/2008 11:46:53 AM | Computer Name = HMESFIN-PC3 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2


< End of report >

#8
AdvancedSetup
Posted 30 October 2008 - 03:07 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,571 posts
  • Gender:Male
  • Location:US
Please see your HJT post for other recommended actions.

This folder is left over from an update and can be removed: C:\442c3f6aa300f5ec7b6a6d6ea6

Your Symantec Antivirus is finding old stuff in your System Restore. You need to do the following.

Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
  • Reboot.
Turn ON System Restore
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.
This will remove all restore points except the new one you just created.
Back to PC Help · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. PC Help

Products

About

Partners

Follow Us