andrewoman Posted October 31, 2010 ID:337101 Share Posted October 31, 2010 Thank you for your help :) :) !!!!!!!!!!!!!!!!!DDS (Ver_10-10-21.02) - NTFSx86 Run by New user at 19:38:04.09 on Sat 10/30/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.603 [GMT -5:00]AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}============== Running Processes ===============C:WINDOWSsystem32svchost -k DcomLaunchsvchost.exeC:Program FilesCOMODOCOMODO Internet Securitycmdagent.exeC:WINDOWSsystem32svchost.exe -k netsvcssvchost.exesvchost.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSExplorer.EXEC:Program FilesCOMODOCOMODO Internet Securitycfp.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesREALTEKRTL8187 Wireless LAN UtilityRtWLan.exeC:WINDOWSsystem32wuauclt.exeC:WINDOWSsystem32wpabaln.exeC:Program FilesInternet Exploreriexplore.exeC:Program FilesInternet Exploreriexplore.exeC:Program FilesInternet Exploreriexplore.exeC:Program FilesInternet Exploreriexplore.exeC:Documents and SettingsNew userDesktopDDS.scr============== Pseudo HJT Report ===============Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 5003Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870210/30/2010 8:17:12 PMmbam-log-2010-10-30 (20-17-12).txtScan type: Quick scanObjects scanned: 177570Time elapsed: 10 minute(s), 3 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)-----------------------------------------------------------------------------------------------------CORRECTION OF DDS POST (thought I had copy/pasted whole text on original post, but had not - sorry)Thank you for your help :) :) !!!!!!!!!!!!!!!!!DDS (Ver_10-10-21.02) - NTFSx86 Run by New user at 19:38:04.09 on Sat 10/30/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.603 [GMT -5:00]AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}============== Running Processes ===============C:WINDOWSsystem32svchost -k DcomLaunchsvchost.exeC:Program FilesCOMODOCOMODO Internet Securitycmdagent.exeC:WINDOWSsystem32svchost.exe -k netsvcssvchost.exesvchost.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSExplorer.EXEC:Program FilesCOMODOCOMODO Internet Securitycfp.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesREALTEKRTL8187 Wireless LAN UtilityRtWLan.exeC:WINDOWSsystem32wuauclt.exeC:WINDOWSsystem32wpabaln.exeC:Program FilesInternet Exploreriexplore.exeC:Program FilesInternet Exploreriexplore.exeC:Program FilesInternet Exploreriexplore.exeC:Program FilesInternet Exploreriexplore.exeC:Documents and SettingsNew userDesktopDDS.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/uRun: [ctfmon.exe] c:windowssystem32ctfmon.exemRun: [COMODO Internet Security] "c:program filescomodocomodo internet securitycfp.exe" -hdRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,NStartupFolder: c:docume~1alluse~1.winstartm~1programsstartuprealte~1.lnk - c:program filesrealtekrtl8187 wireless lan utilityRtWLan.exeIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exeTCP: {DE00316B-C3EA-4D8F-96CF-20A340A93185} = 156.154.70.22,156.154.71.22SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32wpdshserviceobj.dll============= SERVICES / DRIVERS ===============R1 cmderd;COMODO Internet Security Eradication Driver;c:windowssystem32driverscmderd.sys [2010-9-10 15592]R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:windowssystem32driverscmdGuard.sys [2010-9-10 239240]R1 cmdHlp;COMODO Internet Security Helper Driver;c:windowssystem32driverscmdhlp.sys [2010-9-10 25240]R2 cmdAgent;COMODO Internet Security Helper Service;c:program filescomodocomodo internet securitycmdagent.exe [2010-9-10 1901056]R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:windowssystem32driversRTL8187.sys [2010-10-26 332928]=============== Created Last 30 ================2010-10-31 00:05:44 -------- d-----w- c:docume~1newuse~1applic~1Malwarebytes2010-10-31 00:05:34 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys2010-10-31 00:05:32 -------- d-----w- c:docume~1alluse~1.winapplic~1Malwarebytes2010-10-31 00:05:31 20952 ----a-w- c:windowssystem32driversmbam.sys2010-10-30 23:10:26 -------- d--h--w- C:VritualRoot2010-10-30 23:08:01 187473 ----a-w- c:windowssystem32driverssfi.dat2010-10-30 23:06:25 -------- d-----w- c:program filesCOMODO2010-10-30 23:02:24 -------- d-----w- c:docume~1alluse~1.winapplic~1Comodo2010-10-30 22:28:12 -------- d-----w- c:windowssystem32wbemrepositoryFS2010-10-30 22:28:12 -------- d-----w- c:windowssystem32wbemRepository2010-10-30 01:34:14 -------- d-----w- c:program filesTweakNow PowerPack 20102010-10-30 01:34:14 -------- d-----w- c:docume~1newuse~1applic~1TweakNow PowerPack 20102010-10-29 21:51:52 -------- d-----w- C:$WIN_NT$.~BT2010-10-27 23:02:52 -------- d-----w- c:docume~1newuse~1applic~1CheckPoint2010-10-27 23:01:59 -------- d-----w- c:docume~1newuse~1locals~1applic~1Conduit2010-10-27 21:33:34 -------- d-----w- c:program filesNoVirusThanks2010-10-27 20:50:30 -------- d-----w- c:docume~1newuse~1locals~1applic~1Google2010-10-27 20:50:04 -------- d-----w- c:docume~1alluse~1.winapplic~1Alwil Software2010-10-27 01:21:39 -------- d-sh--w- c:documents and settingsnew userIECompatCache2010-10-27 01:20:36 -------- d-sh--w- c:documents and settingsnew userPrivacIE2010-10-27 01:14:40 21361 ----a-w- c:windowssystem32driversAegisP.sys2010-10-27 01:14:28 332928 ----a-r- c:windowssystem32driversRTL8187.sys2010-10-27 01:14:27 614400 ------r- c:windowssystem32Rtlihvs.dll2010-10-27 01:14:27 614400 ------r- c:windowsRtlihvs.dll2010-10-27 01:14:27 380928 ------r- c:windowsRtlUI2.exe2010-10-27 01:14:27 188416 ------r- c:windowsRTLExtUI.dll2010-10-27 01:14:26 380928 ------r- c:windowssystem32RtlUI2.exe2010-10-27 01:14:26 188416 ------r- c:windowssystem32RTLExtUI.dll2010-10-27 01:14:16 451072 ----a-w- c:windowssystem32ISSRemoveSP.exe2010-10-27 01:02:32 41600 -c--a-w- c:windowssystem32dllcacheweitekp9.dll2010-10-27 01:01:57 229439 -c--a-w- c:windowssystem32dllcachemultibox.dll2010-10-27 01:00:58 514587 -c--a-w- c:windowssystem32dllcacheedb500.dll2010-10-27 00:59:47 26144 ----a-w- c:windowssystem32spupdsvc.exe2010-10-27 00:57:10 -------- d-sh--w- c:documents and settingsall users.windowsDRM2010-10-27 00:56:05 11264 -c--a-w- c:windowssystem32dllcacheatrace.dll2010-10-27 00:56:05 11264 ----a-w- c:windowssystem32atrace.dll2010-10-27 00:56:04 99840 -c--a-w- c:windowssystem32dllcachehelphost.exe2010-10-27 00:56:04 6656 -c--a-w- c:windowssystem32dllcachehcappres.dll2010-10-27 00:56:04 35328 -c--a-w- c:windowssystem32dllcachenotiflag.exe2010-10-27 00:56:04 21504 -c--a-w- c:windowssystem32dllcachebrpinfo.dll2010-10-27 00:54:52 565248 -c--a-w- c:windowssystem32dllcachemsobmain.dll2010-10-27 00:52:43 33792 ----a-w- c:program filesmessengercustsat.dll2010-10-27 00:51:44 68608 ----a-w- c:windowssystem32access.cpl2010-10-26 19:47:12 3072 ----a-w- c:windowssystem32driversaudstub.sys2010-10-26 19:46:39 57600 ----a-w- c:windowssystem32driversredbook.sys2010-10-26 19:45:56 10240 ----a-w- c:windowssystem32driverscompbatt.sys2010-10-26 19:45:55 14208 ----a-w- c:windowssystem32driversbattc.sys2010-10-26 19:45:54 13952 ----a-w- c:windowssystem32driversCmBatt.sys2010-10-26 19:45:30 74240 ----a-w- c:windowssystem32usbui.dll2010-10-26 19:45:17 8832 ----a-w- c:windowssystem32driverswmiacpi.sys2010-10-26 19:44:03 22016 -c--a-w- c:windowssystem32dllcacheagt0408.dll2010-10-26 19:44:03 19456 -c--a-w- c:windowssystem32dllcacheagt041f.dll2010-10-26 19:44:03 19456 -c--a-w- c:windowssystem32dllcacheagt0419.dll2010-10-26 19:44:03 19456 -c--a-w- c:windowssystem32dllcacheagt0415.dll2010-10-26 19:44:02 19968 -c--a-w- c:windowssystem32dllcacheagt040e.dll2010-10-26 19:44:02 19456 -c--a-w- c:windowssystem32dllcacheagt0405.dll2010-10-26 19:44:01 5632 -c--a-w- c:windowssystem32dllcachekbdazel.dll2010-10-26 19:44:01 5632 ----a-r- c:windowssystem32kbdazel.dll2010-10-26 19:44:00 6144 -c--a-w- c:windowssystem32dllcachekbdtuq.dll2010-10-26 19:44:00 6144 -c--a-w- c:windowssystem32dllcachekbdtuf.dll2010-10-26 19:44:00 6144 ----a-r- c:windowssystem32kbdtuq.dll2010-10-26 19:44:00 6144 ----a-r- c:windowssystem32kbdtuf.dll2010-10-25 22:24:58 -------- d-----w- c:program filesSophos2010-10-25 20:33:36 -------- d-----w- c:program filesMalwarebytes' Anti-Malware2010-10-25 00:37:45 -------- d-----w- c:program filesCheckPoint2010-10-25 00:37:26 -------- d-----w- c:windowssystem32ZoneLabs2010-10-25 00:37:24 -------- d-----w- c:program filesZone Labs2010-10-25 00:36:32 -------- d-----w- c:windowsInternet Logs2010-10-23 18:32:22 -------- d-----w- c:windowsOPTIONS2010-10-23 18:32:11 -------- d-----w- c:program filesREALTEK2010-10-23 18:32:04 -------- d-----w- c:windowssystem32RtlGina==================== Find3M ====================2010-09-11 04:41:40 285480 ----a-w- c:windowssystem32guard32.dll============= FINISH: 19:40:48.04 ============================= Running Processes ===============C:WINDOWSsystem32svchost -k DcomLaunchsvchost.exeC:Program FilesCOMODOCOMODO Internet Securitycmdagent.exeC:WINDOWSsystem32svchost.exe -k netsvcssvchost.exesvchost.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSExplorer.EXEC:Program FilesCOMODOCOMODO Internet Securitycfp.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesREALTEKRTL8187 Wireless LAN UtilityRtWLan.exeC:WINDOWSsystem32wuauclt.exeC:WINDOWSsystem32wpabaln.exeC:Program FilesInternet Exploreriexplore.exeC:Program FilesInternet Exploreriexplore.exeC:Program FilesInternet Exploreriexplore.exeC:Program FilesInternet Exploreriexplore.exeC:Documents and SettingsNew userDesktopDDS.scr============== Pseudo HJT Report ===============Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 5003Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870210/30/2010 8:17:12 PMmbam-log-2010-10-30 (20-17-12).txtScan type: Quick scanObjects scanned: 177570Time elapsed: 10 minute(s), 3 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)-----------------------------------------------------------------------------------------------------attach.txt.zipark.zipDDS.txt.txt Link to post Share on other sites More sharing options...
Elise Posted October 31, 2010 ID:337265 Share Posted October 31, 2010 Hello , And My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. -----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE Mirror[*]Save it to your desktop.[*]Double click on the icon on your desktop.[*]Click the "Scan All Users" checkbox.[*]Push the Quick Scan button.[*]Two reports will open, copy and paste them in a reply here:OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease download Rootkit Unhooker and save it to your DesktopDouble-click on RKUnhookerLE to run itClick the Report tab, then click ScanCheck Drivers, Stealth and uncheck the restClick OKWait until it's finished and then go to File > Save ReportSave the report to your DesktopCopy the entire contents of the report and paste it in a reply here.Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?"-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new OTL log (don't forget extra.txt)RKU logThanks and again sorry for the delay. Link to post Share on other sites More sharing options...
andrewoman Posted October 31, 2010 Author ID:337682 Share Posted October 31, 2010 Once again, thank you for your help!!!!!!!!! FYI: Strange thing. When I did the OTL scan, it posted 3 reports. It ran one, then posted it. It ran a second report, then posted, but continued scanning, then posted a third report. I didn't touch anything. I have included 3, instead of 2.Ok. While doing the scans you asked for I got a few warnings from Comodo's firewall and antivirus, under "Malicious Items Detected" - listed below:#1 warning: svchost.exe, Remote: 192.168.5.1-UDP, Port dhcp (68). I picked "Clean/disinfect"#2: ...However, you are about to receive a connection from another computer. I blocked this one. (I have suspected someone logging on to my computer, as Remote Desktop connection appeared in my start menu and I never use it. Also have suspected "notepad" appearing in start menu).#3: Heur.Suspicious @25964217. I picked "Clean/disinfect"#4: Antivirus Alert - Application.Win32.LeakTest.~A@836990 (Quarantined)#5: Got 2 warings about my wireless antenna trying to ??? - don't recall. I picked Clean/disinfect.History of recent issues:1) About a month ago, started suspecting malware, as a PDF file (red icon) appeared on desktop. I have only stored Word doc's on my desktop. Then, noticed minor changes to word doc's, such as a "$" sign replacing a letter. 2) I have run tons of scans, with Malwarebytes, SuperAntiSpyware, Avast, HijackThis, GMER, etc - too many to list. None of the scans caught anything. If GMER or other one's that "suspected" spyware got hits, I'm not confident enough to move forward.*****3) The most audacious act performed on my laptop was when my screen went black. I assumed it was sleeping, so I toggled the mouse and pressed "enter" several times. It was black for too long of a time, and frozen. When it went back to my normal screen, I noticed that down in the task bar area (where you see your open programs in XP) there was a program called "3dtext", which was very suspicious, as I had never heard of it. *****4)Also, upon boot-up I started noticing an icon in the lower right hand corner, reading "Phoenix" (letters below this are too small to read) and a swoopy logo above Phoenix. After this logo shows, THEN it boots up like normal, with the Windows XP Home logo.#5) Yesterday, hoping to shake some malware from my drivers I tried to run an update from microsoft.com. This disabled my wireless antenna - REALTEK - RTL8187 wireless lan utility. I did a SYSTEM RESTORE to get the use of my antenna back.--------------------------I have done two XP disc re-installs in the past week. After the first one, my desktop was either black or blue. After the second install, the desktop is now the normal XP green meadow with blue sky.Before XP re-install, I ran: Avast Free AV, ZoneAlarm Free firewall, WinPatrol, Snoopfree, and???I now have: Due to suspecting my previous AV and Firewall had been hijacked, I installed Comodo Antivirus/Firewall. This is my only real time protection.--------------------------******************************* SCAN LOGS ***********************************OTL logfile created on: 10/31/2010 1:40:45 PM - Run 1OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\New user\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1,014.00 Mb Total Physical Memory | 640.00 Mb Available Physical Memory | 63.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File freePaging file location(s): C:\pagefile.sys 1524 3048 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 55.89 Gb Total Space | 50.70 Gb Free Space | 90.71% Space Free | Partition Type: NTFSComputer Name: ANDRE | User Name: New user | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2010/10/31 13:40:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\New user\Desktop\OTL.exePRC - [2010/09/10 22:41:42 | 001,901,056 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exePRC - [2010/09/10 22:41:20 | 002,500,552 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exePRC - [2009/07/03 10:20:56 | 000,942,080 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exePRC - [2008/04/13 23:42:42 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wpabaln.exePRC - [2008/04/13 23:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe========== Modules (SafeList) ==========MOD - [2010/10/31 13:40:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\New user\Desktop\OTL.exeMOD - [2010/09/10 22:41:40 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll========== Win32 Services (SafeList) ==========SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)SRV - [2010/09/10 22:41:42 | 001,901,056 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)========== Driver Services (SafeList) ==========DRV - [2010/09/10 22:40:54 | 000,091,560 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)DRV - [2010/09/10 22:40:52 | 000,239,240 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)DRV - [2010/09/10 22:40:52 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)DRV - [2010/09/10 22:40:48 | 000,015,592 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)DRV - [2008/06/26 19:39:42 | 000,332,928 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)DRV - [2008/04/13 16:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-299502267-2139871995-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/IE - HKU\S-1-5-21-299502267-2139871995-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/IE - HKU\S-1-5-21-299502267-2139871995-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usIE - HKU\S-1-5-21-299502267-2139871995-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A 0D EB A0 13 76 CB 01 [binary data]IE - HKU\S-1-5-21-299502267-2139871995-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0O1 HOSTS File: ([2004/08/16 14:48:49 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8187 Wireless LAN Utility.lnk = C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\REALTEK RTL8187 Wireless LAN Utility.lnk = C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-299502267-2139871995-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1 64.134.255.2 64.134.255.10O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\SYSTEM32\RtlGina\RtlGina.DLL) - C:\WINDOWS\system32\RtlGina\RtlGina.dll (Realtek)O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmpO24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmpO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2010/10/22 23:19:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2010/10/31 13:40:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\New user\Desktop\OTL.exe[2010/10/30 18:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New user\Application Data\Malwarebytes[2010/10/30 18:05:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2010/10/30 18:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes[2010/10/30 18:05:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2010/10/30 17:10:26 | 000,000,000 | -H-D | C] -- C:\VritualRoot[2010/10/30 17:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO[2010/10/30 17:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo[2010/10/29 19:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\TweakNow PowerPack 2010[2010/10/29 19:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New user\Application Data\TweakNow PowerPack 2010[2010/10/29 15:51:52 | 000,000,000 | ---D | C] -- C:\$WIN_NT$.~BT[2010/10/28 19:13:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8[2010/10/28 14:58:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New user\Desktop\My Briefcase[2010/10/27 17:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New user\My Documents\ForceField Shared Files[2010/10/27 17:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New user\Application Data\CheckPoint[2010/10/27 17:01:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New user\Local Settings\Application Data\Conduit[2010/10/27 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New user\Application Data\Macromedia[2010/10/27 15:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\NoVirusThanks[2010/10/27 14:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New user\Local Settings\Application Data\Google[2010/10/27 14:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software[2010/10/26 19:21:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\New user\IECompatCache[2010/10/26 19:20:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\New user\PrivacIE[2010/10/26 19:14:27 | 000,380,928 | R--- | C] (Realtek) -- C:\WINDOWS\RtlUI2.exe[2010/10/26 19:14:26 | 000,380,928 | R--- | C] (Realtek) -- C:\WINDOWS\System32\RtlUI2.exe[2010/10/26 19:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New user\Application Data\Identities[2010/10/26 19:07:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\New user\My Documents\My Music[2010/10/26 19:07:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\New user\My Documents\My Pictures[2010/10/26 19:07:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\New user\IETldCache[2010/10/26 19:07:23 | 000,000,000 | --SD | C] -- C:\Documents and Settings\New user\Application Data\Microsoft[2010/10/26 19:07:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\New user\SendTo[2010/10/26 19:07:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\New user\Recent[2010/10/26 19:07:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\New user\Application Data[2010/10/26 19:07:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\New user\Start Menu[2010/10/26 19:07:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\New user\My Documents[2010/10/26 19:07:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\New user\Favorites[2010/10/26 19:07:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\New user\Cookies[2010/10/26 19:07:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\New user\Templates[2010/10/26 19:07:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\New user\PrintHood[2010/10/26 19:07:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\New user\NetHood[2010/10/26 19:07:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\New user\Local Settings[2010/10/26 19:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New user\Local Settings\Application Data\Microsoft[2010/10/26 19:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New user\Desktop[2010/10/26 19:02:10 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll[2010/10/26 19:02:10 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll[2010/10/26 19:02:10 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll[2010/10/26 19:00:45 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys[2010/10/26 18:57:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS\DRM[2010/10/26 18:54:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Pictures[2010/10/26 13:44:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Music[2010/10/26 13:43:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu[2010/10/26 13:43:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents[2010/10/26 13:43:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Templates[2010/10/26 13:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Favorites[2010/10/26 13:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Desktop[2010/10/26 13:43:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft[2010/10/26 13:43:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data[2010/10/25 16:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos[2010/10/25 14:33:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2010/10/24 18:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint[2010/10/24 18:37:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs[2010/10/24 18:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs[2010/10/24 18:36:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs[2010/10/24 18:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\Google[2010/10/24 18:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software[2010/10/23 12:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe[2010/10/23 12:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe[2010/10/23 12:32:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS[2010/10/23 12:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK[2010/10/23 12:32:07 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information[2010/10/23 12:32:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RtlGina[2010/10/22 23:37:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER[2010/10/22 23:28:10 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information[2010/10/22 23:25:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution[2010/10/22 23:25:18 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft[2010/10/22 23:25:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch[2010/10/22 23:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft[2010/10/22 23:25:16 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft[2010/10/22 23:24:46 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft[2010/10/22 23:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft[2010/10/22 23:21:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom[2010/10/22 23:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\xerox[2010/10/22 23:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage[2010/10/22 23:21:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM[2010/10/22 23:20:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8[2010/10/22 23:18:09 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files[2010/10/22 23:18:09 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages[2010/10/22 23:17:57 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate[2010/10/22 23:17:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX[2010/10/22 23:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services[2010/10/22 23:16:52 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks[2010/10/22 23:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap[2010/10/22 23:16:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst[2010/10/22 23:16:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed[2010/10/22 23:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker[2010/10/22 23:15:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore[2010/10/22 23:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting[2010/10/22 23:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express[2010/10/22 23:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System[2010/10/22 23:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer[2010/10/22 23:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications[2010/10/22 23:14:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration[2010/10/22 23:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services[2010/10/22 23:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2[2010/10/22 23:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player[2010/10/22 23:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger[2010/10/22 23:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone[2010/10/22 23:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSN[2010/10/22 23:13:06 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe[2010/10/22 23:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT[2010/10/22 23:13:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US[2010/10/22 23:12:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc[2010/10/22 23:12:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com[2010/10/22 18:05:23 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer[2010/10/22 18:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC[2010/10/22 18:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines[2010/10/22 18:05:17 | 000,000,000 | R--D | C] -- C:\Program Files[2010/10/22 18:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared[2010/10/22 18:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files[2010/10/22 18:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2[2010/10/22 18:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot[2010/10/22 18:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings[2010/10/22 18:03:37 | 000,000,000 | -HSD | C] -- C:\System Volume Information[2010/10/22 17:56:56 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts[2010/10/22 17:56:56 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache[2010/10/22 17:56:56 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web[2010/10/22 17:56:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\system[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\security[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\java[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2010/10/31 13:40:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\New user\Desktop\OTL.exe[2010/10/31 13:35:21 | 000,384,896 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat[2010/10/31 13:24:08 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2010/10/31 13:24:08 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2010/10/31 13:22:26 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010/10/31 13:22:26 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2010/10/31 13:15:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010/10/30 20:25:12 | 000,000,435 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\ENCHILADA SAUCE.rtf[2010/10/30 20:06:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2010/10/30 19:25:41 | 000,011,937 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\ark.zip[2010/10/30 18:47:05 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\7mkbj2vc.exe[2010/10/30 18:37:09 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\DDS.scr[2010/10/30 18:17:06 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\Defogger.exe[2010/10/30 18:16:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\New user\defogger_reenable[2010/10/30 18:05:36 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk[2010/10/30 18:02:31 | 000,013,603 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\MALWAREBYTES INSTRUCTIONS.rtf[2010/10/30 18:01:37 | 000,001,104 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\Shortcut (2) to wordpad.lnk[2010/10/30 17:06:34 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\COMODO Internet Security.lnk[2010/10/30 15:06:58 | 000,002,986 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\SPYWARE INFO.rtf[2010/10/30 14:01:02 | 000,000,325 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\IP ADDRESSES.rtf[2010/10/29 16:19:21 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\SCARY FILES.rtf[2010/10/29 15:48:44 | 000,001,146 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\Document.rtf[2010/10/28 20:29:42 | 000,007,064 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\SCAN REMOVAL RECOMMENDATION.rtf[2010/10/28 15:15:09 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT[2010/10/28 14:46:28 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\New user\My Documents\Default.rdp[2010/10/27 20:14:59 | 000,000,470 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\SUSPICIOUS ZONE ALARM ALERT.rtf[2010/10/27 17:03:16 | 000,421,442 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml[2010/10/27 17:00:21 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat[2010/10/27 14:48:54 | 000,002,914 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\ANTIVIRUS FIREWALL INFO.rtf[2010/10/27 14:47:13 | 000,001,104 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\Shortcut to wordpad.lnk[2010/10/26 19:16:32 | 000,001,930 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\REALTEK RTL8187 Wireless LAN Utility.lnk[2010/10/26 19:16:32 | 000,001,912 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\REALTEK RTL8187 Wireless LAN Utility.lnk[2010/10/26 19:07:43 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\New user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2010/10/26 19:07:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\New user\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf[2010/10/26 19:03:53 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD[2010/10/26 19:03:39 | 000,090,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2010/10/26 19:02:59 | 000,000,606 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf[2010/10/26 18:58:11 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb[2010/10/26 18:58:11 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb[2010/10/26 18:58:10 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx[2010/10/26 18:57:58 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI[2010/10/26 18:54:03 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat[2010/10/26 18:50:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini[2010/10/26 18:50:13 | 000,000,211 | -HS- | M] () -- C:\BOOT.BAK[2010/10/26 13:44:11 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF[2010/10/22 23:19:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS[2010/10/22 23:19:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS[2010/10/22 23:19:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS[2010/10/22 23:19:28 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files Created - No Company Name ==========[2010/10/30 20:25:11 | 000,000,435 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\ENCHILADA SAUCE.rtf[2010/10/30 19:25:41 | 000,011,937 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\ark.zip[2010/10/30 18:47:04 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\7mkbj2vc.exe[2010/10/30 18:37:07 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\DDS.scr[2010/10/30 18:17:03 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\Defogger.exe[2010/10/30 18:16:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\New user\defogger_reenable[2010/10/30 18:05:36 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk[2010/10/30 18:02:31 | 000,013,603 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\MALWAREBYTES INSTRUCTIONS.rtf[2010/10/30 18:01:37 | 000,001,104 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\Shortcut (2) to wordpad.lnk[2010/10/30 17:08:01 | 000,384,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat[2010/10/30 17:06:34 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\COMODO Internet Security.lnk[2010/10/30 15:06:58 | 000,002,986 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\SPYWARE INFO.rtf[2010/10/30 14:01:02 | 000,000,325 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\IP ADDRESSES.rtf[2010/10/29 15:52:22 | 000,000,211 | -HS- | C] () -- C:\BOOT.BAK[2010/10/29 15:52:20 | 000,260,288 | R--- | C] () -- C:\$LDR$[2010/10/28 20:29:42 | 000,007,064 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\SCAN REMOVAL RECOMMENDATION.rtf[2010/10/28 15:51:31 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\SCARY FILES.rtf[2010/10/28 14:46:28 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\New user\My Documents\Default.rdp[2010/10/27 20:14:59 | 000,000,470 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\SUSPICIOUS ZONE ALARM ALERT.rtf[2010/10/27 17:00:21 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat[2010/10/27 17:00:07 | 000,421,442 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml[2010/10/27 16:58:29 | 000,001,146 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\Document.rtf[2010/10/27 14:50:34 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2010/10/27 14:50:33 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2010/10/27 14:48:54 | 000,002,914 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\ANTIVIRUS FIREWALL INFO.rtf[2010/10/27 14:47:13 | 000,001,104 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\Shortcut to wordpad.lnk[2010/10/26 19:16:32 | 000,001,930 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\REALTEK RTL8187 Wireless LAN Utility.lnk[2010/10/26 19:16:32 | 000,001,912 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\REALTEK RTL8187 Wireless LAN Utility.lnk[2010/10/26 19:14:16 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe[2010/10/26 19:07:43 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\New user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2010/10/26 19:07:42 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\New user\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf[2010/10/26 19:03:53 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD[2010/10/26 19:02:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat[2010/10/26 19:02:03 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll[2010/10/26 19:01:40 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex[2010/10/26 19:01:33 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe[2010/10/26 19:01:31 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe[2010/10/26 19:01:29 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex[2010/10/26 19:01:14 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll[2010/10/26 19:01:06 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex[2010/10/26 19:01:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll[2010/10/26 19:00:49 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll[2010/10/26 18:58:19 | 000,002,626 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT[2010/10/26 18:58:11 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb[2010/10/26 18:58:11 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb[2010/10/26 18:58:10 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx[2010/10/26 18:56:27 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex[2010/10/26 18:56:00 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp[2010/10/26 18:56:00 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp[2010/10/26 18:55:49 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf[2010/10/26 18:54:42 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll[2010/10/26 18:54:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat[2010/10/26 18:52:20 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp[2010/10/26 18:52:20 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp[2010/10/26 18:52:20 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp[2010/10/26 18:52:20 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp[2010/10/26 18:52:20 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp[2010/10/26 18:52:19 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp[2010/10/26 18:52:19 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp[2010/10/26 18:52:19 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp[2010/10/26 18:52:19 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp[2010/10/26 18:52:19 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp[2010/10/26 18:52:19 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp[2010/10/26 18:52:15 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd[2010/10/26 18:52:14 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h[2010/10/26 18:52:13 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h[2010/10/26 18:52:06 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc[2010/10/26 13:44:11 | 000,005,208 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF[2010/10/26 13:44:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI[2010/10/26 13:43:42 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT[2010/10/26 13:43:27 | 000,171,588 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat[2010/10/26 13:43:27 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT[2010/10/26 13:43:27 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat[2010/10/26 13:43:27 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat[2010/10/26 13:43:27 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT[2010/10/26 13:43:27 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT[2010/10/26 13:43:27 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT[2010/10/26 13:43:27 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT[2010/10/26 13:43:27 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT[2010/10/26 13:43:27 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat[2010/10/26 13:43:26 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT[2010/10/26 13:43:26 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT[2010/10/26 13:43:26 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT[2010/10/26 13:43:26 | 000,402,264 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT[2010/10/26 13:43:26 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT[2010/10/26 13:43:26 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT[2010/10/26 13:43:26 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT[2010/10/26 13:42:21 | 000,090,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2010/10/26 13:41:24 | 000,000,606 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf[2010/10/22 23:19:28 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS[2010/10/22 23:19:28 | 000,000,000 | RHS- | C] () -- C:\IO.SYS[2010/10/22 23:19:28 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS[2010/10/22 23:19:28 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT[2010/10/22 18:05:19 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd[2010/10/22 18:05:19 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa[2010/10/22 18:05:19 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf[2010/10/22 18:05:18 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa[2010/10/22 18:02:59 | 000,000,211 | -HS- | C] () -- C:\boot.ini========== LOP Check ==========[2010/10/24 18:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software[2010/10/27 14:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software[2010/10/24 18:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andre\Application Data\CheckPoint[2010/10/27 17:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\New user\Application Data\CheckPoint[2010/10/30 16:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\New user\Application Data\TweakNow PowerPack 2010========== Purity Check ==================== Alternate Data Streams ==========@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\CONFIG.NT:SummaryInformation@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\CONFIG.NT:DocumentSummaryInformation< End of report >---------------------RkU Version: 3.8.388.590, Type LE (SR2)==============================================OS Name: Windows XPVersion 5.1.2600 (Service Pack 3)Number of processors #1==============================================>Drivers==============================================0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2065792 bytes (Microsoft Corporation, NT Kernel & System)0x804D7000 PnpManager 2065792 bytes0x804D7000 RAW 2065792 bytes0x804D7000 WMIxWDM 2065792 bytes0xBF800000 Win32k 1847296 bytes0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)0xF7385000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)0xBA7C2000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)0xBAAFB000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)0xBA8F5000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)0xB9DD1000 C:\WINDOWS\system32\DRIVERS\RTL8187.sys 335872 bytes (Realtek Semiconductor Corporation , Realtek RTL8187 NDIS Driver)0xBA143000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)0xB9CA0000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)0xBA995000 C:\WINDOWS\System32\DRIVERS\cmdguard.sys 233472 bytes (COMODO, COMODO Internet Security Sandbox Driver)0xF74A3000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)0xBA1E5000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)0xF7343000 C:\WINDOWS\System32\DRIVERS\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)0xBA832000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)0xBABC8000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)0xBA87F000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)0xBA8A7000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)0xBABA4000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)0xBAB81000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)0xBA85D000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)0x806D0000 ACPI_HAL 131840 bytes0x806D0000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)0xF743B000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)0xF7473000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)0xF7329000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)0xF745B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)0xBA70A000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes0xF7412000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)0xBAB6A000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))0xF7370000 inspect.sys 86016 bytes (COMODO, COMODO Internet Security Firewall Driver)0xBA981000 C:\WINDOWS\System32\drivers\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)0xBA94E000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)0xBF9C3000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)0xF7429000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)0xF7492000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)0xBAB59000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)0xF77E2000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)0xF76D2000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)0xF76E2000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)0xF7752000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)0xF7612000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)0xF76B2000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)0xF76F2000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)0xF75F2000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)0xF7712000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)0xF77C2000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)0xF76C2000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)0xF75E2000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)0xF7702000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)0xF75D2000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)0xF7742000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)0xF7732000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)0xF7602000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)0xBA0FB000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)0xF76A2000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)0xF7722000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)0xF77B2000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)0xBA00B000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)0xF77A2000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)0xF791A000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)0xF78BA000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)0xF78EA000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)0xF7852000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)0xF78C2000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)0xF78CA000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)0xF78B2000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)0xF790A000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)0xF799A000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Cisco Systems, Inc., IEEE 802.1X Protocol Driver)0xF792A000 C:\WINDOWS\System32\DRIVERS\cmdhlp.sys 20480 bytes (COMODO, COMODO Internet Security Helper Driver)0xF7912000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)0xF785A000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)0xF78D2000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)0xF78DA000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)0xF7862000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)0xF7942000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)0xF79EA000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)0xF7A9E000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)0xF7AB6000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)0xBA38A000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)0xF79EE000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)0xF79E2000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)0xF72E4000 C:\WINDOWS\System32\DRIVERS\cmderd.sys 12288 bytes (COMODO, COMODO Internet Security Eradication Driver)0xF79E6000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)0xBA9D6000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)0xBFF50000 C:\WINDOWS\System32\framebuf.dll 12288 bytes (Microsoft Corporation, Framebuffer Display Driver)0xB9E43000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)0xB9E3F000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)0xF7AA6000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)0xF72D4000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)0xF7A9A000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)0xF7AF2000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)0xF7B08000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes0xF7AF0000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)0xF7AD2000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)0xF7AF4000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)0xF7AF6000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)0xF7AE8000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)0xF7AEC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)0xF7AD4000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)0xF7C70000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)0xF7C2C000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)0xF7BA7000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)0xF7B9B000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)0xF7B9A000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)==============================================>Stealth==============================================Extras.TxtOTL.Txt Link to post Share on other sites More sharing options...
Elise Posted November 1, 2010 ID:337905 Share Posted November 1, 2010 Hi again, lets see if something is hiding here.COMBOFIX---------------Please download ComboFix from one of these locations:BleepingcomputerForoSpywareDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)Double click on Combofix.exe and follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Link to post Share on other sites More sharing options...
andrewoman Posted November 2, 2010 Author ID:338345 Share Posted November 2, 2010 Hi. Ok, I disabled Comodo's firewall, antivirus, sanbox and Defense Security. Even though I disabled Comodo, upon scan with Combofix, a Comodo warning screen popped up, reading something about Heuristics.Then Combofix detected (if I recall correctly) a "rootkit", shut down and rebooted, then completed the scan.After scan was completed, I turned Comodo processes back on. Hoping this isn't a problem, as the scan was complete. Too much weirdness going on to be without any security at all. Also, before knowing I needed to not make any changes, I had quarantined something, via Comodo, somone and blocked someone trying to access my computer. Should I find these items (if I can) and send them to you?COMBOFIX LOG:ComboFix 10-11-01.01 - New user 11/01/2010 19:21:57.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.743 [GMT -6:00]Running from: c:\documents and settings\New user\Desktop\ComboFix.exeAV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} * Created a new restore point.((((((((((((((((((((((((( Files Created from 2010-10-02 to 2010-11-02 ))))))))))))))))))))))))))))))).2010-10-30 23:10 . 2010-10-30 23:10 -------- d-----w- C:\VritualRoot2010-10-29 21:51 . 2010-10-29 21:52 -------- d-----w- C:\$WIN_NT$.~BT.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-09-11 04:41 . 2010-09-11 04:41 285480 ----a-w- c:\windows\system32\guard32.dll2010-09-11 04:40 . 2010-09-11 04:40 91560 ----a-w- c:\windows\system32\drivers\inspect.sys2010-09-11 04:40 . 2010-09-11 04:40 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys2010-09-11 04:40 . 2010-09-11 04:40 239240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys2010-09-11 04:40 . 2010-09-11 04:40 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-11 2500552][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"_nltide_3"="advpack.dll" [2009-03-08 128512]c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe [2010-10-23 942080][HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\REALTEK\\RTL8187 Wireless LAN Utility\\RtWLan.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot"53:UDP"= 53:UDP:Realtek AP UDP ProtR1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [9/10/2010 10:40 PM 15592]R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [9/10/2010 10:40 PM 239240]R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [9/10/2010 10:40 PM 25240]R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [10/26/2010 7:14 PM 332928].Contents of the 'Scheduled Tasks' folder..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/TCP: {DE00316B-C3EA-4D8F-96CF-20A340A93185} = 156.154.70.22,156.154.71.22.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-11-01 19:25Windows 5.1.2600 Service Pack 3 NTFSdetected NTDLL code modification:ZwClose, ZwOpenFilescanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(512)c:\windows\SYSTEM32\RtlGina\RtlGina.DLL- - - - - - - > 'lsass.exe'(696)c:\windows\system32\guard32.dll.Completion time: 2010-11-01 19:27:00ComboFix-quarantined-files.txt 2010-11-02 01:26Pre-Run: 54,363,066,368 bytes freePost-Run: 54,385,573,888 bytes freeWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect- - End Of File - - 91CDE06AC6BB87801D4A84976DDB7384COMBOFIX_LOG.txt Link to post Share on other sites More sharing options...
Elise Posted November 2, 2010 ID:338454 Share Posted November 2, 2010 Combofix doens't show anything to be deleted. How are things running now? Link to post Share on other sites More sharing options...
andrewoman Posted November 2, 2010 Author ID:338771 Share Posted November 2, 2010 Hi.It has been running pretty well, even when it was doing weird things, with bouts of extreme slowing and weirdness. Even yesterday, shortly before the Combofix scan, Comodo caught a computer trying to log on to my laptop. Right before I ran the Combofix scan the program said it would clean things up also. I find it hard to believe with all the strange things going on that Combofix didn't find anything. Did the program not clean anything? What about the Phoenix logo that appeared out of nowhere, upon boot-up? And still does so, even after two rounds of XP disc fresh installs. I have a stupid question, as I guess I don't fully understand the whole IP address thing. I have suspected my laptop has had spyware installed and possibly been used as a bot. Once nefarious forces have your IP address, can they not just reinstall their malware, using your IP address, and your back to square one?I thought the IP address is associated with your computer. I am now logged into Panera restaurant's wi-fi, and presume I am using their IP address. Am I the subnet part of the address? On this note, I let Comodo change my IP address when I added their program a few days ago. I'm so confused...sigh. Link to post Share on other sites More sharing options...
andrewoman Posted November 2, 2010 Author ID:338808 Share Posted November 2, 2010 Also, upon logon today, I noticed a notepad doc. on my desktop that I had not put there. I certainly didn't put it there. It replaced my icon for my wireless antenna, which was in the left top corner. I opened it and it is a blank document. I am paranoid about notepad being infected, as notepad had appeared in my start-up menu out of nowhere (before I reinstalled XP). I never even knew it was there, so I did not activate it. After that I googled away and found that some malware camouflage themselves as notepad. In my Services (local) file, upon opening many of the folders, under "Log on as:", instead of Local System account being checked off, "This account" is checked and next to it is: NT AUTHORITY\LocalService, with a 15 digit password, that I can assure you I did not set. Hardware Profile 1 is enabled.Also, I didn't have this many users on my laptop when I first got it. Now it has about 4-5. Upon fresh XP install I only added my name, as it wouldn't install without me doing so. Where the heck did default user come from? 4-5 users is suspicious I keep forgetting to add that upon my fresh install of XP, I have not had sound. Don't know if this is malware related or not. Link to post Share on other sites More sharing options...
Elise Posted November 2, 2010 ID:338809 Share Posted November 2, 2010 Hi, combofix does fix a lot of things that are not directly malware related.The Phoenix logo is just your BIOS logo. On certain computers you can switch between that and a splash screen.Once nefarious forces have your IP address, can they not just reinstall their malware, using your IP address, and your back to square one?No, an IP address is assigned by your Internet Service Provider. If you are on an open wifi network, you have another IP address then when you are connecting at home.Let me know if this answers your questions. Link to post Share on other sites More sharing options...
andrewoman Posted November 3, 2010 Author ID:339349 Share Posted November 3, 2010 Thanks for answering those questions. Today is the worst slowing I have ever had. Ever. Pages are taking FOREVER to load - minutes. Comodo, again, caught: New Private Network Detected...another computer is about to join you...LAN #1...I suspect this is why my connection is so entirely slow today. Something is wrong. My computer has never acted so weird. It has been a complete gem since I got it back in February, with very quick internet connections. However, recently there has been very odd behavior. On my original post, someone commented on issues from a scan. I ran a scan of GMER in safe mode last night and the file he points out is still there. It is a mbr.sys file in a temp folder. His post is below.I am not trying to be difficult, but I know something is wrong. Here is his post:Oct 30 2010, 02:50 PM Post #3 New MemberGroup: MembersPosts: 18Joined: 6-April 09Member No.: 12,251andrewoman:There is a driver in the list above (0xF7892000 \??\C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\mbr.sys) that is in a location that should not have a driver - a temp folder.Haider suggested following the "how to rid myself of malware" and you should. One of the first things on it's list is running GMER. It should rid your computer of the problem I have pointed out. But, there may be more - so run through the whole script, to make sure.Good luck! Link to post Share on other sites More sharing options...
Elise Posted November 4, 2010 ID:339534 Share Posted November 4, 2010 That driver is GMER's mbr checking driver and nothing to worry about. For how long have you been using Comodo internet security? Link to post Share on other sites More sharing options...
LDTate Posted November 22, 2010 ID:349259 Share Posted November 22, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts