Jump to content

MBR CORRUPTED - HELP/FOLLOW UP


Recommended Posts

Thank you for your help :) :) :) :) :) !!!!!!!!!!!!!!!!!

DDS (Ver_10-10-21.02) - NTFSx86

Run by New user at 19:38:04.09 on Sat 10/30/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.603 [GMT -5:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch

svchost.exe

C:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe

C:WINDOWSsystem32svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSExplorer.EXE

C:Program FilesCOMODOCOMODO Internet Securitycfp.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesREALTEKRTL8187 Wireless LAN UtilityRtWLan.exe

C:WINDOWSsystem32wuauclt.exe

C:WINDOWSsystem32wpabaln.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesInternet Exploreriexplore.exe

C:Documents and SettingsNew userDesktopDDS.scr

============== Pseudo HJT Report ===============

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5003

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/30/2010 8:17:12 PM

mbam-log-2010-10-30 (20-17-12).txt

Scan type: Quick scan

Objects scanned: 177570

Time elapsed: 10 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

-----------------------------------------------------------------------------------------------------

CORRECTION OF DDS POST (thought I had copy/pasted whole text on original post, but had not - sorry)

Thank you for your help :) :) :) :) :) !!!!!!!!!!!!!!!!!

DDS (Ver_10-10-21.02) - NTFSx86

Run by New user at 19:38:04.09 on Sat 10/30/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.603 [GMT -5:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch

svchost.exe

C:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe

C:WINDOWSsystem32svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSExplorer.EXE

C:Program FilesCOMODOCOMODO Internet Securitycfp.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesREALTEKRTL8187 Wireless LAN UtilityRtWLan.exe

C:WINDOWSsystem32wuauclt.exe

C:WINDOWSsystem32wpabaln.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesInternet Exploreriexplore.exe

C:Documents and SettingsNew userDesktopDDS.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe

mRun: [COMODO Internet Security] "c:program filescomodocomodo internet securitycfp.exe" -h

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:docume~1alluse~1.winstartm~1programsstartuprealte~1.lnk - c:program filesrealtekrtl8187 wireless lan utilityRtWLan.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe

TCP: {DE00316B-C3EA-4D8F-96CF-20A340A93185} = 156.154.70.22,156.154.71.22

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32wpdshserviceobj.dll

============= SERVICES / DRIVERS ===============

R1 cmderd;COMODO Internet Security Eradication Driver;c:windowssystem32driverscmderd.sys [2010-9-10 15592]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:windowssystem32driverscmdGuard.sys [2010-9-10 239240]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:windowssystem32driverscmdhlp.sys [2010-9-10 25240]

R2 cmdAgent;COMODO Internet Security Helper Service;c:program filescomodocomodo internet securitycmdagent.exe [2010-9-10 1901056]

R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:windowssystem32driversRTL8187.sys [2010-10-26 332928]

=============== Created Last 30 ================

2010-10-31 00:05:44 -------- d-----w- c:docume~1newuse~1applic~1Malwarebytes

2010-10-31 00:05:34 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys

2010-10-31 00:05:32 -------- d-----w- c:docume~1alluse~1.winapplic~1Malwarebytes

2010-10-31 00:05:31 20952 ----a-w- c:windowssystem32driversmbam.sys

2010-10-30 23:10:26 -------- d--h--w- C:VritualRoot

2010-10-30 23:08:01 187473 ----a-w- c:windowssystem32driverssfi.dat

2010-10-30 23:06:25 -------- d-----w- c:program filesCOMODO

2010-10-30 23:02:24 -------- d-----w- c:docume~1alluse~1.winapplic~1Comodo

2010-10-30 22:28:12 -------- d-----w- c:windowssystem32wbemrepositoryFS

2010-10-30 22:28:12 -------- d-----w- c:windowssystem32wbemRepository

2010-10-30 01:34:14 -------- d-----w- c:program filesTweakNow PowerPack 2010

2010-10-30 01:34:14 -------- d-----w- c:docume~1newuse~1applic~1TweakNow PowerPack 2010

2010-10-29 21:51:52 -------- d-----w- C:$WIN_NT$.~BT

2010-10-27 23:02:52 -------- d-----w- c:docume~1newuse~1applic~1CheckPoint

2010-10-27 23:01:59 -------- d-----w- c:docume~1newuse~1locals~1applic~1Conduit

2010-10-27 21:33:34 -------- d-----w- c:program filesNoVirusThanks

2010-10-27 20:50:30 -------- d-----w- c:docume~1newuse~1locals~1applic~1Google

2010-10-27 20:50:04 -------- d-----w- c:docume~1alluse~1.winapplic~1Alwil Software

2010-10-27 01:21:39 -------- d-sh--w- c:documents and settingsnew userIECompatCache

2010-10-27 01:20:36 -------- d-sh--w- c:documents and settingsnew userPrivacIE

2010-10-27 01:14:40 21361 ----a-w- c:windowssystem32driversAegisP.sys

2010-10-27 01:14:28 332928 ----a-r- c:windowssystem32driversRTL8187.sys

2010-10-27 01:14:27 614400 ------r- c:windowssystem32Rtlihvs.dll

2010-10-27 01:14:27 614400 ------r- c:windowsRtlihvs.dll

2010-10-27 01:14:27 380928 ------r- c:windowsRtlUI2.exe

2010-10-27 01:14:27 188416 ------r- c:windowsRTLExtUI.dll

2010-10-27 01:14:26 380928 ------r- c:windowssystem32RtlUI2.exe

2010-10-27 01:14:26 188416 ------r- c:windowssystem32RTLExtUI.dll

2010-10-27 01:14:16 451072 ----a-w- c:windowssystem32ISSRemoveSP.exe

2010-10-27 01:02:32 41600 -c--a-w- c:windowssystem32dllcacheweitekp9.dll

2010-10-27 01:01:57 229439 -c--a-w- c:windowssystem32dllcachemultibox.dll

2010-10-27 01:00:58 514587 -c--a-w- c:windowssystem32dllcacheedb500.dll

2010-10-27 00:59:47 26144 ----a-w- c:windowssystem32spupdsvc.exe

2010-10-27 00:57:10 -------- d-sh--w- c:documents and settingsall users.windowsDRM

2010-10-27 00:56:05 11264 -c--a-w- c:windowssystem32dllcacheatrace.dll

2010-10-27 00:56:05 11264 ----a-w- c:windowssystem32atrace.dll

2010-10-27 00:56:04 99840 -c--a-w- c:windowssystem32dllcachehelphost.exe

2010-10-27 00:56:04 6656 -c--a-w- c:windowssystem32dllcachehcappres.dll

2010-10-27 00:56:04 35328 -c--a-w- c:windowssystem32dllcachenotiflag.exe

2010-10-27 00:56:04 21504 -c--a-w- c:windowssystem32dllcachebrpinfo.dll

2010-10-27 00:54:52 565248 -c--a-w- c:windowssystem32dllcachemsobmain.dll

2010-10-27 00:52:43 33792 ----a-w- c:program filesmessengercustsat.dll

2010-10-27 00:51:44 68608 ----a-w- c:windowssystem32access.cpl

2010-10-26 19:47:12 3072 ----a-w- c:windowssystem32driversaudstub.sys

2010-10-26 19:46:39 57600 ----a-w- c:windowssystem32driversredbook.sys

2010-10-26 19:45:56 10240 ----a-w- c:windowssystem32driverscompbatt.sys

2010-10-26 19:45:55 14208 ----a-w- c:windowssystem32driversbattc.sys

2010-10-26 19:45:54 13952 ----a-w- c:windowssystem32driversCmBatt.sys

2010-10-26 19:45:30 74240 ----a-w- c:windowssystem32usbui.dll

2010-10-26 19:45:17 8832 ----a-w- c:windowssystem32driverswmiacpi.sys

2010-10-26 19:44:03 22016 -c--a-w- c:windowssystem32dllcacheagt0408.dll

2010-10-26 19:44:03 19456 -c--a-w- c:windowssystem32dllcacheagt041f.dll

2010-10-26 19:44:03 19456 -c--a-w- c:windowssystem32dllcacheagt0419.dll

2010-10-26 19:44:03 19456 -c--a-w- c:windowssystem32dllcacheagt0415.dll

2010-10-26 19:44:02 19968 -c--a-w- c:windowssystem32dllcacheagt040e.dll

2010-10-26 19:44:02 19456 -c--a-w- c:windowssystem32dllcacheagt0405.dll

2010-10-26 19:44:01 5632 -c--a-w- c:windowssystem32dllcachekbdazel.dll

2010-10-26 19:44:01 5632 ----a-r- c:windowssystem32kbdazel.dll

2010-10-26 19:44:00 6144 -c--a-w- c:windowssystem32dllcachekbdtuq.dll

2010-10-26 19:44:00 6144 -c--a-w- c:windowssystem32dllcachekbdtuf.dll

2010-10-26 19:44:00 6144 ----a-r- c:windowssystem32kbdtuq.dll

2010-10-26 19:44:00 6144 ----a-r- c:windowssystem32kbdtuf.dll

2010-10-25 22:24:58 -------- d-----w- c:program filesSophos

2010-10-25 20:33:36 -------- d-----w- c:program filesMalwarebytes' Anti-Malware

2010-10-25 00:37:45 -------- d-----w- c:program filesCheckPoint

2010-10-25 00:37:26 -------- d-----w- c:windowssystem32ZoneLabs

2010-10-25 00:37:24 -------- d-----w- c:program filesZone Labs

2010-10-25 00:36:32 -------- d-----w- c:windowsInternet Logs

2010-10-23 18:32:22 -------- d-----w- c:windowsOPTIONS

2010-10-23 18:32:11 -------- d-----w- c:program filesREALTEK

2010-10-23 18:32:04 -------- d-----w- c:windowssystem32RtlGina

==================== Find3M ====================

2010-09-11 04:41:40 285480 ----a-w- c:windowssystem32guard32.dll

============= FINISH: 19:40:48.04 ===============

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch

svchost.exe

C:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe

C:WINDOWSsystem32svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSExplorer.EXE

C:Program FilesCOMODOCOMODO Internet Securitycfp.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesREALTEKRTL8187 Wireless LAN UtilityRtWLan.exe

C:WINDOWSsystem32wuauclt.exe

C:WINDOWSsystem32wpabaln.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesInternet Exploreriexplore.exe

C:Documents and SettingsNew userDesktopDDS.scr

============== Pseudo HJT Report ===============

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5003

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/30/2010 8:17:12 PM

mbam-log-2010-10-30 (20-17-12).txt

Scan type: Quick scan

Objects scanned: 177570

Time elapsed: 10 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

-----------------------------------------------------------------------------------------------------

attach.txt.zip

ark.zip

DDS.txt.txt

Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Once again, thank you for your help!!!!!!!!!

FYI: Strange thing. When I did the OTL scan, it posted 3 reports. It ran one, then posted it. It ran a second report, then posted, but continued scanning, then posted a third report. I didn't touch anything. I have included 3, instead of 2.

Ok. While doing the scans you asked for I got a few warnings from Comodo's firewall and antivirus, under "Malicious Items Detected" - listed below:

#1 warning: svchost.exe, Remote: 192.168.5.1-UDP, Port dhcp (68). I picked "Clean/disinfect"

#2: ...However, you are about to receive a connection from another computer. I blocked this one. (I have suspected someone logging on to my computer, as Remote Desktop connection appeared in my start menu and I never use it. Also have suspected "notepad" appearing in start menu).

#3: Heur.Suspicious @25964217. I picked "Clean/disinfect"

#4: Antivirus Alert - Application.Win32.LeakTest.~A@836990 (Quarantined)

#5: Got 2 warings about my wireless antenna trying to ??? - don't recall. I picked Clean/disinfect.

History of recent issues:

1) About a month ago, started suspecting malware, as a PDF file (red icon) appeared on desktop. I have only stored Word doc's on my desktop. Then, noticed minor changes to word doc's, such as a "$" sign replacing a letter.

2) I have run tons of scans, with Malwarebytes, SuperAntiSpyware, Avast, HijackThis, GMER, etc - too many to list. None of the scans caught anything. If GMER or other one's that "suspected" spyware got hits, I'm not confident enough to move forward.

*****3) The most audacious act performed on my laptop was when my screen went black. I assumed it was sleeping, so I toggled the mouse and pressed "enter" several times. It was black for too long of a time, and frozen. When it went back to my normal screen, I noticed that down in the task bar area (where you see your open programs in XP) there was a program called "3dtext", which was very suspicious, as I had never heard of it.

*****4)Also, upon boot-up I started noticing an icon in the lower right hand corner, reading "Phoenix" (letters below this are too small to read) and a swoopy logo above Phoenix. After this logo shows, THEN it boots up like normal, with the Windows XP Home logo.

#5) Yesterday, hoping to shake some malware from my drivers I tried to run an update from microsoft.com. This disabled my wireless antenna - REALTEK - RTL8187 wireless lan utility. I did a SYSTEM RESTORE to get the use of my antenna back.

--------------------------

I have done two XP disc re-installs in the past week. After the first one, my desktop was either black or blue. After the second install, the desktop is now the normal XP green meadow with blue sky.

Before XP re-install, I ran: Avast Free AV, ZoneAlarm Free firewall, WinPatrol, Snoopfree, and???

I now have: Due to suspecting my previous AV and Firewall had been hijacked, I installed Comodo Antivirus/Firewall. This is my only real time protection.

--------------------------

******************************* SCAN LOGS ***********************************

OTL logfile created on: 10/31/2010 1:40:45 PM - Run 1

OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\New user\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 640.00 Mb Available Physical Memory | 63.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.89 Gb Total Space | 50.70 Gb Free Space | 90.71% Space Free | Partition Type: NTFS

Computer Name: ANDRE | User Name: New user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/31 13:40:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\New user\Desktop\OTL.exe

PRC - [2010/09/10 22:41:42 | 001,901,056 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

PRC - [2010/09/10 22:41:20 | 002,500,552 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

PRC - [2009/07/03 10:20:56 | 000,942,080 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe

PRC - [2008/04/13 23:42:42 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wpabaln.exe

PRC - [2008/04/13 23:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/10/31 13:40:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\New user\Desktop\OTL.exe

MOD - [2010/09/10 22:41:40 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/09/10 22:41:42 | 001,901,056 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)

========== Driver Services (SafeList) ==========

DRV - [2010/09/10 22:40:54 | 000,091,560 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)

DRV - [2010/09/10 22:40:52 | 000,239,240 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)

DRV - [2010/09/10 22:40:52 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)

DRV - [2010/09/10 22:40:48 | 000,015,592 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)

DRV - [2008/06/26 19:39:42 | 000,332,928 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)

DRV - [2008/04/13 16:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-2139871995-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-299502267-2139871995-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\S-1-5-21-299502267-2139871995-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-299502267-2139871995-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A 0D EB A0 13 76 CB 01 [binary data]

IE - HKU\S-1-5-21-299502267-2139871995-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2004/08/16 14:48:49 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8187 Wireless LAN Utility.lnk = C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)

O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\REALTEK RTL8187 Wireless LAN Utility.lnk = C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-299502267-2139871995-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1 64.134.255.2 64.134.255.10

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\SYSTEM32\RtlGina\RtlGina.DLL) - C:\WINDOWS\system32\RtlGina\RtlGina.dll (Realtek)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/10/22 23:19:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/31 13:40:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\New user\Desktop\OTL.exe

[2010/10/30 18:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New user\Application Data\Malwarebytes

[2010/10/30 18:05:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/10/30 18:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes

[2010/10/30 18:05:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/10/30 17:10:26 | 000,000,000 | -H-D | C] -- C:\VritualRoot

[2010/10/30 17:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO

[2010/10/30 17:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo

[2010/10/29 19:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\TweakNow PowerPack 2010

[2010/10/29 19:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New user\Application Data\TweakNow PowerPack 2010

[2010/10/29 15:51:52 | 000,000,000 | ---D | C] -- C:\$WIN_NT$.~BT

[2010/10/28 19:13:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8

[2010/10/28 14:58:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New user\Desktop\My Briefcase

[2010/10/27 17:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New user\My Documents\ForceField Shared Files

[2010/10/27 17:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New user\Application Data\CheckPoint

[2010/10/27 17:01:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New user\Local Settings\Application Data\Conduit

[2010/10/27 16:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New user\Application Data\Macromedia

[2010/10/27 15:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\NoVirusThanks

[2010/10/27 14:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New user\Local Settings\Application Data\Google

[2010/10/27 14:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software

[2010/10/26 19:21:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\New user\IECompatCache

[2010/10/26 19:20:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\New user\PrivacIE

[2010/10/26 19:14:27 | 000,380,928 | R--- | C] (Realtek) -- C:\WINDOWS\RtlUI2.exe

[2010/10/26 19:14:26 | 000,380,928 | R--- | C] (Realtek) -- C:\WINDOWS\System32\RtlUI2.exe

[2010/10/26 19:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New user\Application Data\Identities

[2010/10/26 19:07:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\New user\My Documents\My Music

[2010/10/26 19:07:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\New user\My Documents\My Pictures

[2010/10/26 19:07:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\New user\IETldCache

[2010/10/26 19:07:23 | 000,000,000 | --SD | C] -- C:\Documents and Settings\New user\Application Data\Microsoft

[2010/10/26 19:07:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\New user\SendTo

[2010/10/26 19:07:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\New user\Recent

[2010/10/26 19:07:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\New user\Application Data

[2010/10/26 19:07:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\New user\Start Menu

[2010/10/26 19:07:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\New user\My Documents

[2010/10/26 19:07:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\New user\Favorites

[2010/10/26 19:07:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\New user\Cookies

[2010/10/26 19:07:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\New user\Templates

[2010/10/26 19:07:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\New user\PrintHood

[2010/10/26 19:07:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\New user\NetHood

[2010/10/26 19:07:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\New user\Local Settings

[2010/10/26 19:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New user\Local Settings\Application Data\Microsoft

[2010/10/26 19:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\New user\Desktop

[2010/10/26 19:02:10 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll

[2010/10/26 19:02:10 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll

[2010/10/26 19:02:10 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll

[2010/10/26 19:00:45 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys

[2010/10/26 18:57:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS\DRM

[2010/10/26 18:54:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Pictures

[2010/10/26 13:44:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Music

[2010/10/26 13:43:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu

[2010/10/26 13:43:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents

[2010/10/26 13:43:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Templates

[2010/10/26 13:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Favorites

[2010/10/26 13:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Desktop

[2010/10/26 13:43:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft

[2010/10/26 13:43:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data

[2010/10/25 16:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2010/10/25 14:33:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/10/24 18:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint

[2010/10/24 18:37:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs

[2010/10/24 18:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs

[2010/10/24 18:36:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs

[2010/10/24 18:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2010/10/24 18:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2010/10/23 12:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2010/10/23 12:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2010/10/23 12:32:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS

[2010/10/23 12:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK

[2010/10/23 12:32:07 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information

[2010/10/23 12:32:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RtlGina

[2010/10/22 23:37:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/10/22 23:28:10 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information

[2010/10/22 23:25:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution

[2010/10/22 23:25:18 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft

[2010/10/22 23:25:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2010/10/22 23:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2010/10/22 23:25:16 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2010/10/22 23:24:46 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2010/10/22 23:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2010/10/22 23:21:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom

[2010/10/22 23:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\xerox

[2010/10/22 23:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage

[2010/10/22 23:21:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM

[2010/10/22 23:20:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2010/10/22 23:18:09 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files

[2010/10/22 23:18:09 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages

[2010/10/22 23:17:57 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate

[2010/10/22 23:17:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX

[2010/10/22 23:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services

[2010/10/22 23:16:52 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks

[2010/10/22 23:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap

[2010/10/22 23:16:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst

[2010/10/22 23:16:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed

[2010/10/22 23:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker

[2010/10/22 23:15:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore

[2010/10/22 23:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting

[2010/10/22 23:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express

[2010/10/22 23:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System

[2010/10/22 23:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer

[2010/10/22 23:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications

[2010/10/22 23:14:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration

[2010/10/22 23:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services

[2010/10/22 23:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2

[2010/10/22 23:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player

[2010/10/22 23:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger

[2010/10/22 23:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone

[2010/10/22 23:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSN

[2010/10/22 23:13:06 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe

[2010/10/22 23:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT

[2010/10/22 23:13:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US

[2010/10/22 23:12:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc

[2010/10/22 23:12:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com

[2010/10/22 18:05:23 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer

[2010/10/22 18:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC

[2010/10/22 18:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines

[2010/10/22 18:05:17 | 000,000,000 | R--D | C] -- C:\Program Files

[2010/10/22 18:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared

[2010/10/22 18:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files

[2010/10/22 18:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2

[2010/10/22 18:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot

[2010/10/22 18:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings

[2010/10/22 18:03:37 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2010/10/22 17:56:56 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts

[2010/10/22 17:56:56 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache

[2010/10/22 17:56:56 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web

[2010/10/22 17:56:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\system

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\security

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\java

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028

[2010/10/22 17:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/31 13:40:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\New user\Desktop\OTL.exe

[2010/10/31 13:35:21 | 000,384,896 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat

[2010/10/31 13:24:08 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/10/31 13:24:08 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/10/31 13:22:26 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/10/31 13:22:26 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/10/31 13:15:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/10/30 20:25:12 | 000,000,435 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\ENCHILADA SAUCE.rtf

[2010/10/30 20:06:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/10/30 19:25:41 | 000,011,937 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\ark.zip

[2010/10/30 18:47:05 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\7mkbj2vc.exe

[2010/10/30 18:37:09 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\DDS.scr

[2010/10/30 18:17:06 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\Defogger.exe

[2010/10/30 18:16:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\New user\defogger_reenable

[2010/10/30 18:05:36 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/30 18:02:31 | 000,013,603 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\MALWAREBYTES INSTRUCTIONS.rtf

[2010/10/30 18:01:37 | 000,001,104 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\Shortcut (2) to wordpad.lnk

[2010/10/30 17:06:34 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\COMODO Internet Security.lnk

[2010/10/30 15:06:58 | 000,002,986 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\SPYWARE INFO.rtf

[2010/10/30 14:01:02 | 000,000,325 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\IP ADDRESSES.rtf

[2010/10/29 16:19:21 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\SCARY FILES.rtf

[2010/10/29 15:48:44 | 000,001,146 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\Document.rtf

[2010/10/28 20:29:42 | 000,007,064 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\SCAN REMOVAL RECOMMENDATION.rtf

[2010/10/28 15:15:09 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/10/28 14:46:28 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\New user\My Documents\Default.rdp

[2010/10/27 20:14:59 | 000,000,470 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\SUSPICIOUS ZONE ALARM ALERT.rtf

[2010/10/27 17:03:16 | 000,421,442 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml

[2010/10/27 17:00:21 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat

[2010/10/27 14:48:54 | 000,002,914 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\ANTIVIRUS FIREWALL INFO.rtf

[2010/10/27 14:47:13 | 000,001,104 | ---- | M] () -- C:\Documents and Settings\New user\Desktop\Shortcut to wordpad.lnk

[2010/10/26 19:16:32 | 000,001,930 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\REALTEK RTL8187 Wireless LAN Utility.lnk

[2010/10/26 19:16:32 | 000,001,912 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\REALTEK RTL8187 Wireless LAN Utility.lnk

[2010/10/26 19:07:43 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\New user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/10/26 19:07:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\New user\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2010/10/26 19:03:53 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD

[2010/10/26 19:03:39 | 000,090,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/26 19:02:59 | 000,000,606 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[2010/10/26 18:58:11 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2010/10/26 18:58:11 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2010/10/26 18:58:10 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2010/10/26 18:57:58 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI

[2010/10/26 18:54:03 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/10/26 18:50:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2010/10/26 18:50:13 | 000,000,211 | -HS- | M] () -- C:\BOOT.BAK

[2010/10/26 13:44:11 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF

[2010/10/22 23:19:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010/10/22 23:19:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/10/22 23:19:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2010/10/22 23:19:28 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/30 20:25:11 | 000,000,435 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\ENCHILADA SAUCE.rtf

[2010/10/30 19:25:41 | 000,011,937 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\ark.zip

[2010/10/30 18:47:04 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\7mkbj2vc.exe

[2010/10/30 18:37:07 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\DDS.scr

[2010/10/30 18:17:03 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\Defogger.exe

[2010/10/30 18:16:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\New user\defogger_reenable

[2010/10/30 18:05:36 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/30 18:02:31 | 000,013,603 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\MALWAREBYTES INSTRUCTIONS.rtf

[2010/10/30 18:01:37 | 000,001,104 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\Shortcut (2) to wordpad.lnk

[2010/10/30 17:08:01 | 000,384,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat

[2010/10/30 17:06:34 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\COMODO Internet Security.lnk

[2010/10/30 15:06:58 | 000,002,986 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\SPYWARE INFO.rtf

[2010/10/30 14:01:02 | 000,000,325 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\IP ADDRESSES.rtf

[2010/10/29 15:52:22 | 000,000,211 | -HS- | C] () -- C:\BOOT.BAK

[2010/10/29 15:52:20 | 000,260,288 | R--- | C] () -- C:\$LDR$

[2010/10/28 20:29:42 | 000,007,064 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\SCAN REMOVAL RECOMMENDATION.rtf

[2010/10/28 15:51:31 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\SCARY FILES.rtf

[2010/10/28 14:46:28 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\New user\My Documents\Default.rdp

[2010/10/27 20:14:59 | 000,000,470 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\SUSPICIOUS ZONE ALARM ALERT.rtf

[2010/10/27 17:00:21 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat

[2010/10/27 17:00:07 | 000,421,442 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml

[2010/10/27 16:58:29 | 000,001,146 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\Document.rtf

[2010/10/27 14:50:34 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/10/27 14:50:33 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/10/27 14:48:54 | 000,002,914 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\ANTIVIRUS FIREWALL INFO.rtf

[2010/10/27 14:47:13 | 000,001,104 | ---- | C] () -- C:\Documents and Settings\New user\Desktop\Shortcut to wordpad.lnk

[2010/10/26 19:16:32 | 000,001,930 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\REALTEK RTL8187 Wireless LAN Utility.lnk

[2010/10/26 19:16:32 | 000,001,912 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\REALTEK RTL8187 Wireless LAN Utility.lnk

[2010/10/26 19:14:16 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe

[2010/10/26 19:07:43 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\New user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/10/26 19:07:42 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\New user\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2010/10/26 19:03:53 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD

[2010/10/26 19:02:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/10/26 19:02:03 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll

[2010/10/26 19:01:40 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex

[2010/10/26 19:01:33 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe

[2010/10/26 19:01:31 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe

[2010/10/26 19:01:29 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex

[2010/10/26 19:01:14 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll

[2010/10/26 19:01:06 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex

[2010/10/26 19:01:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll

[2010/10/26 19:00:49 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll

[2010/10/26 18:58:19 | 000,002,626 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/10/26 18:58:11 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb

[2010/10/26 18:58:11 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb

[2010/10/26 18:58:10 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx

[2010/10/26 18:56:27 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex

[2010/10/26 18:56:00 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp

[2010/10/26 18:56:00 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp

[2010/10/26 18:55:49 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf

[2010/10/26 18:54:42 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll

[2010/10/26 18:54:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/10/26 18:52:20 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp

[2010/10/26 18:52:20 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp

[2010/10/26 18:52:20 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp

[2010/10/26 18:52:20 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp

[2010/10/26 18:52:20 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp

[2010/10/26 18:52:19 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp

[2010/10/26 18:52:19 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp

[2010/10/26 18:52:19 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp

[2010/10/26 18:52:19 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp

[2010/10/26 18:52:19 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp

[2010/10/26 18:52:19 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp

[2010/10/26 18:52:15 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd

[2010/10/26 18:52:14 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h

[2010/10/26 18:52:13 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h

[2010/10/26 18:52:06 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc

[2010/10/26 13:44:11 | 000,005,208 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF

[2010/10/26 13:44:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/10/26 13:43:42 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT

[2010/10/26 13:43:27 | 000,171,588 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat

[2010/10/26 13:43:27 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT

[2010/10/26 13:43:27 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat

[2010/10/26 13:43:27 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat

[2010/10/26 13:43:27 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT

[2010/10/26 13:43:27 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT

[2010/10/26 13:43:27 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT

[2010/10/26 13:43:27 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT

[2010/10/26 13:43:27 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT

[2010/10/26 13:43:27 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat

[2010/10/26 13:43:26 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT

[2010/10/26 13:43:26 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT

[2010/10/26 13:43:26 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT

[2010/10/26 13:43:26 | 000,402,264 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT

[2010/10/26 13:43:26 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT

[2010/10/26 13:43:26 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT

[2010/10/26 13:43:26 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT

[2010/10/26 13:42:21 | 000,090,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/26 13:41:24 | 000,000,606 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf

[2010/10/22 23:19:28 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS

[2010/10/22 23:19:28 | 000,000,000 | RHS- | C] () -- C:\IO.SYS

[2010/10/22 23:19:28 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS

[2010/10/22 23:19:28 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT

[2010/10/22 18:05:19 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd

[2010/10/22 18:05:19 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa

[2010/10/22 18:05:19 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf

[2010/10/22 18:05:18 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa

[2010/10/22 18:02:59 | 000,000,211 | -HS- | C] () -- C:\boot.ini

========== LOP Check ==========

[2010/10/24 18:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/10/27 14:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software

[2010/10/24 18:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andre\Application Data\CheckPoint

[2010/10/27 17:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\New user\Application Data\CheckPoint

[2010/10/30 16:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\New user\Application Data\TweakNow PowerPack 2010

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\CONFIG.NT:SummaryInformation

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\CONFIG.NT:DocumentSummaryInformation

< End of report >

---------------------

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #1

==============================================

>Drivers

==============================================

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2065792 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2065792 bytes

0x804D7000 RAW 2065792 bytes

0x804D7000 WMIxWDM 2065792 bytes

0xBF800000 Win32k 1847296 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xF7385000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xBA7C2000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xBAAFB000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xBA8F5000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xB9DD1000 C:\WINDOWS\system32\DRIVERS\RTL8187.sys 335872 bytes (Realtek Semiconductor Corporation , Realtek RTL8187 NDIS Driver)

0xBA143000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)

0xB9CA0000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xBA995000 C:\WINDOWS\System32\DRIVERS\cmdguard.sys 233472 bytes (COMODO, COMODO Internet Security Sandbox Driver)

0xF74A3000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xBA1E5000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF7343000 C:\WINDOWS\System32\DRIVERS\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xBA832000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xBABC8000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0xBA87F000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xBA8A7000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xBABA4000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xBAB81000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xBA85D000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806D0000 ACPI_HAL 131840 bytes

0x806D0000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF743B000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF7473000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xF7329000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF745B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xBA70A000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xF7412000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xBAB6A000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xF7370000 inspect.sys 86016 bytes (COMODO, COMODO Internet Security Firewall Driver)

0xBA981000 C:\WINDOWS\System32\drivers\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xBA94E000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF9C3000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF7429000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xF7492000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xBAB59000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF77E2000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF76D2000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF76E2000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xF7752000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF7612000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF76B2000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)

0xF76F2000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF75F2000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xF7712000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF77C2000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF76C2000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xF75E2000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF7702000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF75D2000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xF7742000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF7732000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF7602000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xBA0FB000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xF76A2000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xF7722000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xF77B2000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xBA00B000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF77A2000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF791A000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF78BA000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF78EA000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF7852000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF78C2000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF78CA000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xF78B2000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xF790A000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF799A000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Cisco Systems, Inc., IEEE 802.1X Protocol Driver)

0xF792A000 C:\WINDOWS\System32\DRIVERS\cmdhlp.sys 20480 bytes (COMODO, COMODO Internet Security Helper Driver)

0xF7912000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF785A000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF78D2000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF78DA000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF7862000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF7942000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xF79EA000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)

0xF7A9E000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)

0xF7AB6000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xBA38A000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF79EE000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)

0xF79E2000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xF72E4000 C:\WINDOWS\System32\DRIVERS\cmderd.sys 12288 bytes (COMODO, COMODO Internet Security Eradication Driver)

0xF79E6000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)

0xBA9D6000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xBFF50000 C:\WINDOWS\System32\framebuf.dll 12288 bytes (Microsoft Corporation, Framebuffer Display Driver)

0xB9E43000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xB9E3F000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xF7AA6000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xF72D4000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xF7A9A000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)

0xF7AF2000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF7B08000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xF7AF0000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7AD2000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF7AF4000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF7AF6000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF7AE8000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF7AEC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7AD4000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7C70000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7C2C000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7BA7000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7B9B000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)

0xF7B9A000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

==============================================

>Stealth

==============================================

Extras.Txt

OTL.Txt

Link to post
Share on other sites

Hi again, lets see if something is hiding here.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Hi. Ok, I disabled Comodo's firewall, antivirus, sanbox and Defense Security.

Even though I disabled Comodo, upon scan with Combofix, a Comodo warning screen popped up, reading something about Heuristics.

Then Combofix detected (if I recall correctly) a "rootkit", shut down and rebooted, then completed the scan.

After scan was completed, I turned Comodo processes back on. Hoping this isn't a problem, as the scan was complete. Too much weirdness going on to be without any security at all.

Also, before knowing I needed to not make any changes, I had quarantined something, via Comodo, somone and blocked someone trying to access my computer. Should I find these items (if I can) and send them to you?

COMBOFIX LOG:

ComboFix 10-11-01.01 - New user 11/01/2010 19:21:57.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.743 [GMT -6:00]

Running from: c:\documents and settings\New user\Desktop\ComboFix.exe

AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2010-10-02 to 2010-11-02 )))))))))))))))))))))))))))))))

.

2010-10-30 23:10 . 2010-10-30 23:10 -------- d-----w- C:\VritualRoot

2010-10-29 21:51 . 2010-10-29 21:52 -------- d-----w- C:\$WIN_NT$.~BT

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-11 04:41 . 2010-09-11 04:41 285480 ----a-w- c:\windows\system32\guard32.dll

2010-09-11 04:40 . 2010-09-11 04:40 91560 ----a-w- c:\windows\system32\drivers\inspect.sys

2010-09-11 04:40 . 2010-09-11 04:40 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2010-09-11 04:40 . 2010-09-11 04:40 239240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2010-09-11 04:40 . 2010-09-11 04:40 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-11 2500552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_3"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\

REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe [2010-10-23 942080]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\REALTEK\\RTL8187 Wireless LAN Utility\\RtWLan.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot

"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot

"53:UDP"= 53:UDP:Realtek AP UDP Prot

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [9/10/2010 10:40 PM 15592]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [9/10/2010 10:40 PM 239240]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [9/10/2010 10:40 PM 25240]

R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [10/26/2010 7:14 PM 332928]

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

TCP: {DE00316B-C3EA-4D8F-96CF-20A340A93185} = 156.154.70.22,156.154.71.22

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-01 19:25

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)

c:\windows\SYSTEM32\RtlGina\RtlGina.DLL

- - - - - - - > 'lsass.exe'(696)

c:\windows\system32\guard32.dll

.

Completion time: 2010-11-01 19:27:00

ComboFix-quarantined-files.txt 2010-11-02 01:26

Pre-Run: 54,363,066,368 bytes free

Post-Run: 54,385,573,888 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 91CDE06AC6BB87801D4A84976DDB7384

COMBOFIX_LOG.txt

Link to post
Share on other sites

Hi.

It has been running pretty well, even when it was doing weird things, with bouts of extreme slowing and weirdness. Even yesterday, shortly before the Combofix scan, Comodo caught a computer trying to log on to my laptop.

Right before I ran the Combofix scan the program said it would clean things up also. I find it hard to believe with all the strange things going on that Combofix didn't find anything. Did the program not clean anything?

What about the Phoenix logo that appeared out of nowhere, upon boot-up? And still does so, even after two rounds of XP disc fresh installs.

I have a stupid question, as I guess I don't fully understand the whole IP address thing.

I have suspected my laptop has had spyware installed and possibly been used as a bot. Once nefarious forces have your IP address, can they not just reinstall their malware, using your IP address, and your back to square one?

I thought the IP address is associated with your computer. I am now logged into Panera restaurant's wi-fi, and presume I am using their IP address. Am I the subnet part of the address? On this note, I let Comodo change my IP address when I added their program a few days ago. I'm so confused...sigh.

Link to post
Share on other sites

Also, upon logon today, I noticed a notepad doc. on my desktop that I had not put there. I certainly didn't put it there. It replaced my icon for my wireless antenna, which was in the left top corner.

I opened it and it is a blank document.

I am paranoid about notepad being infected, as notepad had appeared in my start-up menu out of nowhere (before I reinstalled XP). I never even knew it was there, so I did not activate it. After that I googled away and found that some malware camouflage themselves as notepad.

In my Services (local) file, upon opening many of the folders, under "Log on as:", instead

of Local System account being checked off, "This account" is checked and next to it is: NT AUTHORITY\LocalService, with a 15 digit password, that I can assure you I did not set.

Hardware Profile 1 is enabled.

Also, I didn't have this many users on my laptop when I first got it. Now it has about 4-5. Upon fresh XP install I only added my name, as it wouldn't install without me doing so. Where the heck did default user come from? 4-5 users is suspicious I keep forgetting to add that upon my fresh install of XP, I have not had sound. Don't know if this is malware related or not.

Link to post
Share on other sites

Hi, combofix does fix a lot of things that are not directly malware related.

The Phoenix logo is just your BIOS logo. On certain computers you can switch between that and a splash screen.

Once nefarious forces have your IP address, can they not just reinstall their malware, using your IP address, and your back to square one?
No, an IP address is assigned by your Internet Service Provider. If you are on an open wifi network, you have another IP address then when you are connecting at home.

Let me know if this answers your questions. :welcome:

Link to post
Share on other sites

Thanks for answering those questions.

Today is the worst slowing I have ever had. Ever. Pages are taking FOREVER to load - minutes. Comodo, again, caught: New Private Network Detected...another computer is about to join you...LAN #1...

I suspect this is why my connection is so entirely slow today. Something is wrong. My computer has never acted so weird. It has been a complete gem since I got it back in February, with very quick internet connections. However, recently there has been very odd behavior.

On my original post, someone commented on issues from a scan. I ran a scan of GMER in safe mode last night and the file he points out is still there. It is a mbr.sys file in a temp folder. His post is below.

I am not trying to be difficult, but I know something is wrong.

Here is his post:

Oct 30 2010, 02:50 PM Post #3

New Member

Group: Members

Posts: 18

Joined: 6-April 09

Member No.: 12,251

andrewoman:

There is a driver in the list above (0xF7892000 \??\C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\mbr.sys) that is in a location that should not have a driver - a temp folder.

Haider suggested following the "how to rid myself of malware" and you should. One of the first things on it's list is running GMER. It should rid your computer of the problem I have pointed out. But, there may be more - so run through the whole script, to make sure.

Good luck!

Link to post
Share on other sites

  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.