Funkymonkey,
Thanks for your help, hopefully I have run everything correctly. Here are the results.
Andy
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as AJ on 02/26/2010 at 7:00:18.
Processes terminated by Rkill or while it was running:
F:\Documents and Settings\Wayne\Local Settings\Application Data\xflvfv\sdjlsftav.exe
F:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
F:\Documents and Settings\AJ\Desktop\rkill.exe
Rkill completed on 02/26/2010 at 7:00:47.
GMER 1.0.15.15281 -
http://www.gmer.netRootkit quick scan 2010-02-26 07:16:01
Windows 5.1.2600 Service Pack 3
Running: knlr42i1.exe; Driver: F:\DOCUME~1\AJ\LOCALS~1\Temp\awlyafod.sys
---- System - GMER 1.0.15 ----
Code \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResetWriteWatch [0x8053FDCC]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----
OTL Extras logfile created on: 2/26/2010 7:08:41 AM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = F:\Documents and Settings\AJ\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): f:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 279.46 Gb Total Space | 61.30 Gb Free Space | 21.94% Space Free | Partition Type: NTFS
Drive D: | 122.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 445.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 74.52 Gb Total Space | 21.10 Gb Free Space | 28.32% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PEOPLE-74CFDE58
Current User Name: AJ
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "F:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "F:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- F:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- F:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "F:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10508:TCP" = 10508:TCP:*:Enabled:BitComet 10508 TCP
"10508:UDP" = 10508:UDP:*:Enabled:BitComet 10508 UDP
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\Mozilla Firefox\firefox.exe" = F:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"F:\Program Files\Common Files\AOL\Loader\aolload.exe" = F:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"F:\Program Files\AIM6\aim6.exe" = F:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"F:\Program Files\Bonjour\mDNSResponder.exe" = F:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"F:\Program Files\iTunes\iTunes.exe" = F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"F:\Documents and Settings\Kristin\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe" = F:\Documents and Settings\Kristin\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe:*:Enabled:Abacast Distributed On-Demand -- (Abacast, Inc.)
"F:\Documents and Settings\Kristin\Local Settings\Application Data\Abacast\Abaclient2.exe" = F:\Documents and Settings\Kristin\Local Settings\Application Data\Abacast\Abaclient2.exe:*:Enabled:Abaclient -- (Abacast, Inc.)
"F:\Program Files\Symantec AntiVirus\Smc.exe" = F:\Program Files\Symantec AntiVirus\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"F:\Program Files\Symantec AntiVirus\SNAC.EXE" = F:\Program Files\Symantec AntiVirus\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"F:\Program Files\Common Files\Symantec Shared\ccApp.exe" = F:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{06B594A0-2D2B-4376-94E4-13A0BD4A88F8}" = Symantec Endpoint Protection
"{0D3F9802-689F-9B6D-8E44-B55971F0CCBB}" = FlipShare
"{141F2872-D2F9-4A89-95D3-E222D1CBCC56}" = Vz In Home Agent
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142140}" = Java 2 Runtime Environment, SE v1.4.2_14
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{99B60592-CEE2-43B4-BBFC-FAE049D13DA9}" = PresentationEXPRESS(TM)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E434580A-2D4A-4433-A81E-4BCAE86AD148}" = palmOne
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FDE97748-2050-47B1-9BDD-E049626FDE63}" = Smartparts Desktop
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"AbacastNode:11" = Abacast Distributed On-Demand
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HijackThis" = HijackThis 2.0.2
"hp officejet v series 1204559325" = hp officejet v series
"HP Photo Printing Software" = HP Photo Printing Software
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malware Sweeper_is1" = Malware Sweeper 2.3.0.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Martini Recipes List" = Martini Recipes List
"Massage_Office_Professional_1.0" = Massage Office Professional 1.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SecondLife" = SecondLife (remove only)
"Tax Forms Helper 2007_is1" = Tax Forms Helper 2007 8.0
"Verizon Broadband Toolbar Firefox only" = Verizon Broadband Toolbar Firefox only
"Verizon Help and Support" = Verizon Help and Support Tool
"verizon_broad" = Verizon Broadband Toolbar (IE only)
"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.2
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 2/18/2010 3:53:15 PM | Computer Name = PEOPLE-74CFDE58 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Symantec
AntiVirus\SavUI.exe Event Info: Terminate Process Action Taken: Logged Actor Process:
F:\Documents and Settings\Wayne\Local Settings\Application Data\xflvfv\sdjlsftav.exe
(PID 2504) Time: Thursday, February 18, 2010 11:53:15 AM
Error - 2/18/2010 3:53:16 PM | Computer Name = PEOPLE-74CFDE58 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Symantec
AntiVirus\SavUI.exe Event Info: Terminate Process Action Taken: Logged Actor Process:
F:\Documents and Settings\Wayne\Local Settings\Application Data\xflvfv\sdjlsftav.exe
(PID 2504) Time: Thursday, February 18, 2010 11:53:16 AM
Error - 2/18/2010 3:53:17 PM | Computer Name = PEOPLE-74CFDE58 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: F:\Program Files\Symantec
AntiVirus\SavUI.exe Event Info: Terminate Process Action Taken: Logged Actor Process:
F:\Documents and Settings\Wayne\Local Settings\Application Data\xflvfv\sdjlsftav.exe
(PID 2504) Time: Thursday, February 18, 2010 11:53:17 AM
Error - 2/20/2010 7:54:55 PM | Computer Name = PEOPLE-74CFDE58 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookie in File: Unavailable by: Manual
scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
file was deleted successfully.
Error - 2/21/2010 2:28:26 PM | Computer Name = PEOPLE-74CFDE58 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- The installer
has encountered an unexpected error installing this package. This may indicate
a problem with this package. The error code is 2721. The arguments are: DD_CA_RegIIS_X86.3643236F_FC70_11D3_A536_0090278A1BB8,
,
Error - 2/21/2010 2:28:26 PM | Computer Name = PEOPLE-74CFDE58 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB974417'
could not be installed. Error code 1603. Additional information is available in
the log file F:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework
2.0-KB974417_20100221_182728328-Msi0.txt.
Error - 2/21/2010 2:28:27 PM | Computer Name = PEOPLE-74CFDE58 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb974417,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
2721.
Error - 2/21/2010 3:23:15 PM | Computer Name = PEOPLE-74CFDE58 | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.
Error - 2/26/2010 11:06:09 AM | Computer Name = PEOPLE-74CFDE58 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB974417'
could not be installed. Error code 1603. Additional information is available in
the log file F:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework
2.0-KB974417_20100226_150316962-Msi0.txt.
Error - 2/26/2010 11:06:15 AM | Computer Name = PEOPLE-74CFDE58 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb974417,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.
[ System Events ]
Error - 2/21/2010 3:41:15 PM | Computer Name = PEOPLE-74CFDE58 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 2/21/2010 3:41:24 PM | Computer Name = PEOPLE-74CFDE58 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 2/21/2010 11:06:53 PM | Computer Name = PEOPLE-74CFDE58 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2/26/2010 10:49:31 AM | Computer Name = PEOPLE-74CFDE58 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2/26/2010 10:50:37 AM | Computer Name = PEOPLE-74CFDE58 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl Fips intelppm SPBBCDrv SRTSP SRTSPX SYMTDI
Error - 2/26/2010 10:55:30 AM | Computer Name = PEOPLE-74CFDE58 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 2/26/2010 10:56:41 AM | Computer Name = PEOPLE-74CFDE58 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 2/26/2010 10:57:53 AM | Computer Name = PEOPLE-74CFDE58 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2/26/2010 11:00:53 AM | Computer Name = PEOPLE-74CFDE58 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 2/26/2010 11:06:21 AM | Computer Name = PEOPLE-74CFDE58 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 2.0 Service Pack 2 Security Update
for Windows 2000, Windows Server 2003, and Windows XP (KB974417).
< End of report >
OTL logfile created on: 2/26/2010 7:08:40 AM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = F:\Documents and Settings\AJ\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): f:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 279.46 Gb Total Space | 61.30 Gb Free Space | 21.94% Space Free | Partition Type: NTFS
Drive D: | 122.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 445.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 74.52 Gb Total Space | 21.10 Gb Free Space | 28.32% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PEOPLE-74CFDE58
Current User Name: AJ
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - F:\Documents and Settings\AJ\Desktop\OTL.exe (OldTimer Tools)
PRC - F:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - F:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - F:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
PRC - F:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
PRC - F:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - F:\Program Files\Symantec AntiVirus\SmcGui.exe (Symantec Corporation)
PRC - F:\Program Files\Symantec AntiVirus\Smc.exe (Symantec Corporation)
PRC - F:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
PRC - F:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - F:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - F:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - F:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - F:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - F:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - F:\WINDOWS\system32\VTTrayp.exe (S3 Graphics Co., Ltd.)
PRC - F:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
PRC - F:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - F:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
========== Modules (SafeList) ========== MOD - F:\Documents and Settings\AJ\Desktop\OTL.exe (OldTimer Tools)
MOD - F:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Motive Communications, Inc.)
========== Win32 Services (SafeList) ========== SRV - (clr_optimization_v2.0.50727_32) -- File not found
SRV - (JavaQuickStarterService) -- F:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (McciCMService) -- F:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (FlipShare Service) -- F:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (Symantec AntiVirus) -- F:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- F:\Program Files\Symantec AntiVirus\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- F:\Program Files\Symantec AntiVirus\SNAC.EXE (Symantec Corporation)
SRV - (TuneUp.ProgramStatisticsSvc) -- F:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- F:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software)
SRV - (ccSetMgr) -- F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (UxTuneUp) -- F:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (LiveUpdate) -- F:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (iPod Service) -- F:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service) -- F:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Viewpoint Manager Service) -- F:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (ose) -- F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- F:\Program Files\Common Files\Symantec Shared\VirusDefs\20100214.004\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- F:\Program Files\Common Files\Symantec Shared\VirusDefs\20100214.004\NAVENG.SYS (Symantec Corporation)
DRV - (MREMP50) -- F:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- F:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (eeCtrl) -- F:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- F:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- F:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (WpsHelper) -- F:\WINDOWS\system32\drivers\WpsHelper.sys (Symantec Corporation)
DRV - (SysPlant) -- F:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys (Symantec Corporation)
DRV - (WPS) -- F:\WINDOWS\system32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (SRTSPL) -- F:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- F:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- F:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (COH_Mon) -- F:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (USBAAPL) -- F:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (Teefer2) -- F:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SYMTDI) -- F:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- F:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (GEARAspiWDM) -- F:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (PalmUSBD) -- F:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (Secdrv) -- F:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (MREMPR5) -- F:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (MRENDIS5) -- F:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (Ptilink) -- F:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (xfilt) -- F:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- F:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (viagfx) -- F:\WINDOWS\system32\drivers\vtmini.sys (Copyright (C) VIA/S3 Graphics Co, Ltd.)
DRV - (FETND5BV) -- F:\WINDOWS\system32\drivers\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - (SISNIC) -- F:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- F:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ALCXSENS) -- F:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (FETNDIS) -- F:\WINDOWS\system32\drivers\fetnd5.sys (VIA Technologies, Inc. )
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1454471165-2049760794-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1454471165-2049760794-1801674531-1003\S-1-5-21-1454471165-2049760794-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.msn.com/|http://www.google.com/"
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2010/01/26 16:36:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2010/01/07 09:52:09 | 000,000,000 | ---D | M]
[2009/02/12 15:14:56 | 000,000,000 | ---D | M] -- F:\Documents and Settings\AJ\Application Data\Mozilla\Extensions
[2007/08/02 16:34:10 | 000,000,000 | ---D | M] -- F:\Documents and Settings\AJ\Application Data\Mozilla\Firefox\Profiles\ooxunp1l.default\extensions
[2010/02/17 19:20:53 | 000,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions
[2008/01/22 22:20:30 | 000,491,520 | ---- | M] (BitComet) -- F:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2006/01/18 11:50:00 | 000,319,488 | ---- | M] ( ) -- F:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2007/04/16 09:07:12 | 000,180,293 | ---- | M] () -- F:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/12/21 23:00:21 | 000,001,948 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml
O1 HOSTS File: ([2010/02/20 14:55:19 | 000,000,732 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - F:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - F:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1454471165-2049760794-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1454471165-2049760794-1801674531-1003\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - F:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O4 - HKLM..\Run: [AppleSyncNotifier] F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [athvsdij] F:\Documents and Settings\Wayne\Local Settings\Application Data\xflvfv\sdjlsftav.exe ()
O4 - HKLM..\Run: [ccApp] F:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DWQueuedReporting] F:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] F:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] F:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] F:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [VTTrayp] F:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKU\S-1-5-21-1454471165-2049760794-1801674531-1003..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - HKLM..\RunOnce\Setup: [Registering ActiveScan 2.0 Components] F:\Program Files\Panda Security\ActiveScan 2.0\as2guiie.dll File not found
O4 - HKLM..\RunOnce\Setup: [Registering ActiveScan 2.0 Components.] F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll File not found
O4 - HKLM..\RunOnce\Setup: [Registering ActiveScan 2.0 Components..] F:\Program Files\Panda Security\ActiveScan 2.0\libcomm.dll File not found
O4 - HKLM..\RunOnce\Setup: [Registering ActiveScan 2.0 Components...] F:\Program Files\Panda Security\ActiveScan 2.0\as2inst.dll File not found
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = F:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-2049760794-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - F:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.microsoft.com/windowsupda ... 6445338640 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}
http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.4.2_14)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload.macromedia.com/get/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}
https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: F:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: F:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (F:\WINDOWS\system32\pmnnOiJC) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/15 15:00:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/04/23 15:51:42 | 000,000,028 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - F:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/02/26 07:05:11 | 000,000,000 | ---D | C] -- F:\Documents and Settings\AJ\Desktop\Malware
[2010/02/26 07:01:35 | 000,000,000 | ---D | C] -- F:\WINDOWS\LastGood
[2010/02/26 06:56:26 | 000,549,888 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\AJ\Desktop\OTL.exe
[2010/02/18 12:03:44 | 001,140,472 | ---- | C] (Infragistics, Inc.) -- F:\WINDOWS\System32\IGUltraGrid20.ocx
[2010/02/18 12:03:44 | 000,512,688 | ---- | C] (Xceed Software Inc (450) 442-2626
support@xceedsoft.com www.xceedsoft.com) -- F:\WINDOWS\System32\XceedCry.dll
[2010/02/18 12:03:44 | 000,131,856 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\MSADODC.ocx
[2010/02/18 12:03:43 | 001,435,272 | ---- | C] (Macromedia, Inc.) -- F:\WINDOWS\System32\Flash.ocx
[2010/02/18 12:03:43 | 000,423,784 | ---- | C] (Xceed Software Inc (450) 442-2626
support@xceedsoft.com www.xceedsoft.com) -- F:\WINDOWS\System32\XceedBkp.dll
[2010/02/18 12:03:43 | 000,265,753 | ---- | C] (Ariad Software) -- F:\WINDOWS\System32\AS-Exp2.ocx
[2010/02/18 12:03:43 | 000,188,416 | ---- | C] (SoftShape Development) -- F:\WINDOWS\System32\actsplash.ocx
[2010/02/18 12:03:43 | 000,101,888 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\VB6STKIT.DLL
[2010/02/18 12:03:43 | 000,089,088 | ---- | C] (Ariad Software) -- F:\WINDOWS\System32\ProgressBar4.ocx
[2010/02/18 12:03:43 | 000,028,672 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\systray.ocx
[2010/02/18 12:03:43 | 000,010,752 | ---- | C] ( ) -- F:\WINDOWS\System32\md5.dll
[2010/02/18 12:03:41 | 000,000,000 | ---D | C] -- F:\Program Files\MalwareSweeper.com
[2010/02/18 12:01:21 | 000,000,000 | ---D | C] -- F:\Program Files\Microsoft Windows OneCare Live
[2010/02/18 11:21:31 | 000,000,000 | ---D | C] -- F:\Documents and Settings\AJ\Application Data\Malwarebytes
[2010/02/18 11:21:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/18 11:21:25 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
[2010/02/18 11:21:25 | 000,000,000 | ---D | C] -- F:\Program Files\Malwarebytes' Anti-Malware
[2010/02/18 10:23:20 | 000,000,000 | ---D | C] -- F:\Program Files\Trend Micro
[2010/02/18 10:13:57 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- F:\Documents and Settings\AJ\Desktop\HJTInstall.exe
[2010/02/18 07:37:21 | 000,000,000 | ---D | C] -- F:\Documents and Settings\AJ\Local Settings\Application Data\PCHealth
[2010/02/17 19:44:18 | 000,000,000 | ---D | C] -- F:\Program Files\PC Medkit
[2010/02/17 19:35:28 | 000,000,000 | -HSD | C] -- F:\WINDOWS\CSC
[2010/02/17 17:33:55 | 000,000,000 | ---D | C] -- F:\Program Files\Panda Security
[2010/02/17 17:30:52 | 000,000,000 | ---D | C] -- F:\Documents and Settings\AJ\My Documents\Downloads
[2010/02/17 17:24:22 | 000,265,728 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\http.sys
[2010/02/17 17:24:22 | 000,075,776 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\strmfilt.dll
[2010/02/17 17:24:22 | 000,025,088 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\httpapi.dll
[2010/02/17 13:02:58 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\XPSViewer
[2010/02/17 13:02:52 | 000,000,000 | ---D | C] -- F:\Program Files\MSBuild
[2010/02/17 13:02:35 | 000,000,000 | ---D | C] -- F:\Program Files\Reference Assemblies
[2010/02/17 13:01:50 | 001,676,288 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\xpssvcs.dll
[2010/02/17 13:01:50 | 001,676,288 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/02/17 13:01:50 | 000,597,504 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/02/17 13:01:50 | 000,575,488 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/02/17 13:01:50 | 000,117,760 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\prntvpt.dll
[2010/02/17 13:01:50 | 000,089,088 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/02/17 10:20:39 | 000,989,696 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kernel32.dll
[2010/02/17 10:20:31 | 000,080,896 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tlntsess.exe
[2010/02/17 10:20:31 | 000,076,288 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\telnet.exe
[2010/02/17 10:20:25 | 000,149,504 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\rastls.dll
[2010/02/17 10:20:25 | 000,079,872 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\raschap.dll
[2010/02/17 10:20:20 | 001,435,648 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\query.dll
[2010/02/17 10:20:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\csrsrv.dll
[2010/02/17 10:20:05 | 000,474,112 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\shlwapi.dll
[2010/02/17 10:19:58 | 000,132,096 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wkssvc.dll
[2010/02/17 10:19:46 | 000,345,600 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\localspl.dll
[2010/02/17 10:19:31 | 000,956,928 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdtctm.dll
[2010/02/17 10:19:31 | 000,161,792 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2010/02/17 10:19:31 | 000,091,648 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mtxoci.dll
[2010/02/17 10:19:31 | 000,066,560 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mtxclu.dll
[2010/02/17 10:19:31 | 000,058,880 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdtclog.dll
[2010/02/17 10:19:21 | 000,058,880 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msasn1.dll
[2010/02/17 10:19:16 | 000,017,920 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msyuv.dll
[2010/02/17 10:19:05 | 000,058,880 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\atl.dll
[2010/02/17 10:18:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\oakley.dll
[2010/02/17 10:18:35 | 000,084,992 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\avifil32.dll
[2010/02/17 10:18:35 | 000,011,264 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msrle32.dll
[2010/02/17 10:18:35 | 000,008,704 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tsbyuv.dll
[2010/02/17 10:18:34 | 000,048,128 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iyuv_32.dll
[2010/02/17 10:18:29 | 000,585,216 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\rpcrt4.dll
[2010/02/17 10:18:20 | 000,343,040 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mspaint.exe
[2010/02/17 10:18:15 | 000,354,816 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\winhttp.dll
[2010/02/17 10:18:12 | 000,204,800 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mswebdvd.dll
[2010/02/17 10:18:09 | 000,017,408 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\corpol.dll
[2010/02/17 10:18:01 | 000,078,336 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ieencode.dll
[2010/02/17 10:15:51 | 008,461,312 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\shell32.dll
[2010/02/17 10:13:08 | 000,471,552 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\aclayers.dll
[2010/02/17 10:08:30 | 000,081,920 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fontsub.dll
[2010/02/17 10:08:29 | 000,119,808 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\t2embed.dll
[2010/02/16 19:01:33 | 000,147,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\schannel.dll
[2010/02/16 19:01:33 | 000,136,192 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msv1_0.dll
[2010/02/16 19:01:33 | 000,092,928 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ksecdd.sys
[2010/02/16 19:01:33 | 000,056,832 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\secur32.dll
[2010/02/16 19:01:33 | 000,054,272 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wdigest.dll
[2010/02/16 19:01:32 | 000,730,112 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/02/16 19:01:32 | 000,301,568 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kerberos.dll
[2010/02/07 12:48:04 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Documents\Hudson
[2009/06/30 13:26:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/06/30 13:25:02 | 000,000,000 | --SD | M] -- F:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/01/05 12:41:00 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/03/15 15:06:21 | 000,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/03/15 15:00:04 | 000,000,000 | --SD | M] -- F:\Documents and Settings\LocalService\Application Data\Microsoft
[8 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[5 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/02/26 07:07:03 | 002,359,296 | ---- | M] () -- F:\Documents and Settings\AJ\NTUSER.DAT
[2010/02/26 07:00:00 | 000,013,668 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2010/02/26 06:59:23 | 000,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2010/02/26 06:59:12 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2010/02/26 06:56:58 | 000,293,376 | ---- | M] () -- F:\Documents and Settings\AJ\Desktop\knlr42i1.exe
[2010/02/26 06:56:26 | 000,549,888 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\AJ\Desktop\OTL.exe
[2010/02/20 14:55:19 | 000,000,732 | ---- | M] () -- F:\WINDOWS\System32\drivers\etc\hosts
[2010/02/18 14:55:18 | 000,000,278 | -HS- | M] () -- F:\Documents and Settings\AJ\ntuser.ini
[2010/02/18 11:39:31 | 000,002,497 | ---- | M] () -- F:\Documents and Settings\AJ\Desktop\Microsoft Office Word 2003.lnk
[2010/02/18 11:34:19 | 004,768,656 | -H-- | M] () -- F:\Documents and Settings\AJ\Local Settings\Application Data\IconCache.db
[2010/02/18 10:40:33 | 000,002,521 | ---- | M] () -- F:\Documents and Settings\AJ\Desktop\Microsoft Office Outlook 2003.lnk
[2010/02/18 10:23:21 | 000,001,734 | ---- | M] () -- F:\Documents and Settings\AJ\Desktop\HijackThis.lnk
[2010/02/18 10:09:38 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- F:\Documents and Settings\AJ\Desktop\HJTInstall.exe
[2010/02/18 10:08:04 | 000,363,008 | ---- | M] () -- F:\Documents and Settings\AJ\Desktop\rkill.exe
[2010/02/18 07:34:22 | 000,512,960 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/18 07:34:22 | 000,435,260 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2010/02/18 07:34:22 | 000,068,156 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2010/02/18 03:30:43 | 000,001,374 | ---- | M] () -- F:\WINDOWS\imsins.BAK
[2010/02/17 19:59:15 | 000,000,336 | ---- | M] () -- F:\WINDOWS\tasks\PC Medkit.job
[2010/02/17 14:57:59 | 000,064,368 | ---- | M] () -- F:\Documents and Settings\AJ\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/17 14:45:48 | 000,244,720 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/14 19:06:43 | 000,002,137 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/11 11:22:14 | 000,000,664 | ---- | M] () -- F:\WINDOWS\System32\d3d9caps.dat
[2010/02/03 15:55:25 | 000,000,932 | ---- | M] () -- F:\WINDOWS\win.ini
[8 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[5 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/02/26 06:56:57 | 000,293,376 | ---- | C] () -- F:\Documents and Settings\AJ\Desktop\knlr42i1.exe
[2010/02/18 12:03:43 | 000,389,120 | ---- | C] () -- F:\WINDOWS\System32\ACTSKN43.OCX
[2010/02/18 12:03:43 | 000,011,012 | ---- | C] () -- F:\WINDOWS\System32\threadapi.tlb
[2010/02/18 10:23:21 | 000,001,734 | ---- | C] () -- F:\Documents and Settings\AJ\Desktop\HijackThis.lnk
[2010/02/18 10:13:49 | 000,363,008 | ---- | C] () -- F:\Documents and Settings\AJ\Desktop\rkill.exe
[2010/02/17 19:44:23 | 000,000,336 | ---- | C] () -- F:\WINDOWS\tasks\PC Medkit.job
[2009/12/26 13:10:35 | 000,000,032 | ---- | C] () -- F:\WINDOWS\CD_Start.INI
[2009/09/30 12:07:19 | 018,527,244 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\vlc-1.0.2-win32.exe
[2008/12/30 15:35:17 | 001,307,941 | -HS- | C] () -- F:\WINDOWS\System32\nssvovqu.ini
[2008/12/29 14:59:09 | 001,307,941 | -HS- | C] () -- F:\WINDOWS\System32\vnhlxlgr.ini
[2008/12/24 08:17:33 | 001,746,192 | -HS- | C] () -- F:\WINDOWS\System32\whotxebs.ini
[2008/12/22 14:47:02 | 000,688,277 | -HS- | C] () -- F:\WINDOWS\System32\CJiOnnmp.ini2
[2008/12/22 14:47:02 | 000,688,277 | -HS- | C] () -- F:\WINDOWS\System32\CJiOnnmp.ini
[2008/03/03 07:27:16 | 000,000,020 | ---- | C] () -- F:\WINDOWS\Hposcv07.INI
[2008/02/18 22:33:34 | 000,446,352 | ---- | C] () -- F:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/11/11 16:36:50 | 000,003,328 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/06 12:07:30 | 000,008,784 | ---- | C] () -- F:\WINDOWS\System32\ractrlkeyhook.dll
[2007/07/03 05:32:37 | 000,765,952 | ---- | C] () -- F:\WINDOWS\System32\xvidcore.dll
[2007/07/03 05:32:36 | 000,180,224 | ---- | C] () -- F:\WINDOWS\System32\xvidvfw.dll
[2007/03/29 06:42:21 | 000,000,169 | ---- | C] () -- F:\WINDOWS\RtlRack.ini
[2007/03/26 20:06:48 | 000,000,164 | ---- | C] () -- F:\WINDOWS\avrack.ini
[2007/03/26 20:06:46 | 000,155,648 | ---- | C] () -- F:\WINDOWS\System32\RTLCPAPI.dll
[2007/03/23 01:59:36 | 000,000,000 | ---- | C] () -- F:\WINDOWS\vpc32.INI
[2007/03/23 01:58:23 | 000,000,376 | ---- | C] () -- F:\WINDOWS\ODBC.INI
[2004/09/17 16:37:42 | 000,061,440 | ---- | C] () -- F:\WINDOWS\System32\vuins32.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- F:\WINDOWS\System32\OUTLPERF.INI
========== Alternate Data Streams ========== @Alternate Data Stream - 123 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:D21D8AED
@Alternate Data Stream - 116 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >