GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Internet connected - but every few minutes the server can't be found

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Re: Internet connected - but every few minutes the server can't be found

Post by Dr Jay on Wed Dec 30, 2009 5:44 am

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    FCopy::
    C:\windows\system32\dllcache\user32.dll | C:\windows\system32\user32.dll

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by roseytaos on Wed Dec 30, 2009 6:09 am

ComboFix 09-12-29.04 - Andy 12/29/2009 22:58:06.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1501 [GMT -7:00]
Running from: c:\documents and settings\Andy\Desktop\commy.exe.exe
Command switches used :: c:\documents and settings\Andy\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Autorun.inf

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\user32.dll --> c:\windows\system32\user32.dll
.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-30 )))))))))))))))))))))))))))))))
.

2009-12-30 05:53 . 2009-12-30 05:53 -------- d-----w- c:\documents and settings\Andy\Application Data\AVG9
2009-12-27 22:32 . 2009-12-30 05:46 -------- d-----w- c:\windows\system32\NtmsData
2009-12-27 15:05 . 2009-12-27 15:05 -------- d-----w- c:\program files\ESET
2009-12-27 05:22 . 2009-12-27 05:24 -------- d-----w- C:\commy.exe
2009-12-22 17:39 . 2009-12-16 01:58 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2009-12-22 17:39 . 2009-12-16 01:58 4043032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-12-22 17:39 . 2009-12-16 01:58 3967256 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-22 17:39 . 2009-12-16 01:58 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2009-12-21 23:03 . 2009-12-21 23:03 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-21 22:59 . 2009-12-21 22:59 -------- d-sh--w- c:\documents and settings\Andy\IETldCache
2009-12-21 22:52 . 2009-12-22 01:09 -------- d-----w- c:\windows\ie8updates
2009-12-21 22:49 . 2009-12-21 22:50 -------- dc-h--w- c:\windows\ie8
2009-12-21 22:47 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-21 22:47 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-21 22:44 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-18 15:34 . 2009-12-18 15:34 294656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglngx.dll
2009-12-18 15:34 . 2009-12-16 01:58 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2009-12-16 23:25 . 2009-12-16 23:25 -------- d-----w- c:\program files\uTorrent
2009-12-16 23:24 . 2009-12-30 05:56 -------- d-----w- c:\documents and settings\Andy\Application Data\uTorrent
2009-12-16 04:56 . 2009-12-27 05:09 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2009-12-16 04:56 . 2009-12-16 04:56 -------- d-----w- c:\documents and settings\Andy\Application Data\OnlineArmor
2009-12-16 04:55 . 2009-12-05 14:28 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys
2009-12-16 04:55 . 2009-12-05 14:27 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys
2009-12-16 04:55 . 2009-12-05 14:27 223312 ----a-w- c:\windows\system32\drivers\OADriver.sys
2009-12-16 04:55 . 2009-12-16 04:55 -------- d-----w- c:\program files\Tall Emu
2009-12-16 01:59 . 2009-12-16 01:59 -------- d-----w- c:\documents and settings\Andy\Local Settings\Application Data\AVG Security Toolbar
2009-12-16 01:59 . 2009-12-25 01:55 -------- d-----w- C:\$AVG
2009-12-16 01:59 . 2009-12-16 01:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-16 01:59 . 2009-12-16 01:59 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-16 01:59 . 2009-12-16 01:59 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-16 01:59 . 2009-12-16 01:59 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-16 01:59 . 2009-12-30 05:38 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-16 01:58 . 2009-12-16 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-12-16 01:58 . 2009-12-16 01:58 -------- d-----w- c:\program files\AVG
2009-12-16 01:58 . 2009-12-16 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-16 01:58 . 2009-12-16 05:09 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-16 00:33 . 2009-12-16 00:33 -------- d-----w- c:\program files\Java
2009-12-16 00:33 . 2009-12-16 00:33 152576 ----a-w- c:\documents and settings\Andy\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-16 00:28 . 2009-12-16 00:28 79488 ----a-w- c:\documents and settings\Andy\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-12 14:20 . 2009-12-12 14:20 -------- d-----w- c:\documents and settings\Andy\Application Data\Malwarebytes
2009-12-12 14:20 . 2009-12-03 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-12 14:20 . 2009-12-12 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-12 14:20 . 2009-12-12 14:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-12 14:20 . 2009-12-03 23:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-12 03:32 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-12 03:32 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-12 03:32 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-12 03:32 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-12 03:32 . 2009-10-28 14:36 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-12 03:32 . 2009-03-08 11:11 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
2009-12-12 03:32 . 2009-03-08 11:31 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2009-12-12 03:32 . 2009-02-07 04:07 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 03:55 . 2009-11-12 15:58 1 ----a-w- c:\documents and settings\Andy\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-28 14:08 . 2009-09-23 18:44 16504 ----a-w- c:\documents and settings\Andy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-16 00:33 . 2009-10-11 23:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-18 17:46 . 2009-11-18 17:46 -------- d-----w- c:\documents and settings\Andy\Application Data\HorizonWimba
2009-11-12 05:27 . 2009-11-12 05:27 -------- d-----w- c:\documents and settings\Andy\Application Data\OpenOffice.org
2009-11-12 05:18 . 2009-11-12 05:18 -------- d-----w- c:\program files\JRE
2009-11-12 05:18 . 2009-11-12 05:18 -------- d-----w- c:\program files\OpenOffice.org 3
2009-11-03 03:42 . 2009-09-23 19:00 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:45 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2008-04-14 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2008-04-14 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-12-27_14.42.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-30 05:46 . 2009-12-30 05:46 16384 c:\windows\Temp\Perflib_Perfdata_184.dat
- 2008-04-14 12:00 . 2009-12-27 14:23 38162 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2009-12-30 05:50 38162 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2009-12-30 05:50 305886 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2009-12-27 14:23 305886 c:\windows\system32\perfh009.dat
+ 2009-09-23 12:17 . 2009-12-27 23:40 107808 c:\windows\system32\FNTCACHE.DAT
- 2009-09-23 12:17 . 2009-11-12 10:16 107808 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 20:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-16 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 138008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1024000]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-25 2220032]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-16 149280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-16 2033432]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920]

c:\documents and settings\Andy\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-16 01:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/15/2009 6:59 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/15/2009 6:59 PM 360584]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [12/15/2009 9:55 PM 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [12/15/2009 9:55 PM 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [12/15/2009 9:55 PM 29776]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [12/15/2009 6:58 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/15/2009 6:58 PM 285392]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [12/15/2009 9:55 PM 1282248]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [12/15/2009 9:55 PM 3291336]
S0 cerc6;cerc6; [x]
S2 gupdate1ca4c562023c416;Google Update Service (gupdate1ca4c562023c416);c:\program files\Google\Update\GoogleUpdate.exe [10/13/2009 3:40 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 22:40]

2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 22:40]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Andy\Application Data\Mozilla\Firefox\Profiles\5jh9bcfd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-29 23:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-12-29 23:08:26
ComboFix-quarantined-files.txt 2009-12-30 06:08
ComboFix2.txt 2009-12-27 14:45
ComboFix3.txt 2009-12-13 14:01

Pre-Run: 231,359,102,976 bytes free
Post-Run: 231,327,371,264 bytes free

- - End Of File - - B71ACEA0542DF9CC3C5F4E55F0FA1AB6

roseytaos
Intermediate
Intermediate

Status :
Online
Offline

Posts : 120
Joined : 2009-12-12
OS : xp
Points : 27391
# Likes : 0

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by Dr Jay on Wed Dec 30, 2009 6:21 am

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by roseytaos on Wed Dec 30, 2009 2:16 pm

OTL logfile created on: 12/30/2009 7:09:32 AM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Andy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 215.46 Gb Free Space | 92.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931.51 Gb Total Space | 613.90 Gb Free Space | 65.90% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDY-A23018BC95
Current User Name: Andy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/30 07:08:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andy\Desktop\OTL.exe
PRC - [2009/12/16 16:25:06 | 00,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/12/15 18:58:53 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/12/15 18:58:53 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/15 18:58:53 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/15 18:58:51 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/15 18:58:51 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/12/15 18:58:48 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/12/15 18:58:47 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/12/15 17:33:47 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/12/15 17:33:46 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/05 07:53:40 | 03,042,504 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oahlp.exe
PRC - [2009/12/05 07:53:38 | 06,622,920 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe
PRC - [2009/12/05 07:53:38 | 03,291,336 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe
PRC - [2009/12/05 07:53:38 | 01,282,248 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe
PRC - [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/19 10:23:24 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 10:23:22 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/24 17:00:34 | 02,220,032 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2008/10/24 17:00:34 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2008/10/24 17:00:28 | 01,961,984 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2008/04/14 05:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/26 13:14:48 | 01,024,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/07/20 15:55:46 | 01,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/05/16 15:50:52 | 00,162,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007/05/16 15:50:22 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2007/05/16 15:50:12 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2007/05/10 09:22:32 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2009/12/30 07:08:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andy\Desktop\OTL.exe
MOD - [2009/12/05 07:53:38 | 00,941,256 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oawatch.dll
MOD - [2008/04/14 05:00:00 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/14 05:00:00 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/14 05:00:00 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/15 18:58:48 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/12/15 18:58:47 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/15 17:33:46 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/12/05 07:53:38 | 03,291,336 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2009/12/05 07:53:38 | 01,282,248 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat)
SRV - [2009/10/13 15:40:05 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca4c562023c416) Google Update Service (gupdate1ca4c562023c416)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/24 17:00:34 | 00,024,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2008/07/31 15:16:28 | 00,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)


========== Driver Services (SafeList) ==========

DRV - [2009/12/15 18:59:11 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/12/15 18:59:05 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/12/15 18:59:04 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/12/05 07:28:06 | 00,024,656 | ---- | M] (Tall Emu) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2009/12/05 07:27:56 | 00,029,776 | ---- | M] (Tall Emu Pty Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2009/12/05 07:27:52 | 00,223,312 | ---- | M] (Tall Emu) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/10/24 17:00:32 | 01,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/07/31 15:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/14 05:00:00 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 05:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2007/10/26 12:57:18 | 00,216,800 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/08/02 16:35:12 | 00,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/08/02 16:34:30 | 00,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/02 16:34:26 | 00,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/05/16 17:14:58 | 05,707,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/05/10 09:24:34 | 01,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/11/21 03:25:44 | 00,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/14 23:16:24 | 00,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 18:42:46 | 00,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 16:35:20 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/06/19 13:26:58 | 00,012,672 | R--- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/08/12 16:50:46 | 00,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.openofficestart.com/?cfg=1-2-1-krs"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p="


FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/15 18:58:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/12/15 18:58:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/17 21:48:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 21:48:41 | 00,000,000 | ---D | M]

[2009/09/23 15:53:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Mozilla\Extensions
[2009/12/15 21:50:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\5jh9bcfd.default\extensions
[2009/11/11 22:18:01 | 00,001,725 | ---- | M] () -- C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\5jh9bcfd.default\searchplugins\ask.uk.xml
[2009/10/15 07:59:00 | 00,002,236 | ---- | M] () -- C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\5jh9bcfd.default\searchplugins\askcom.xml

O1 HOSTS File: (736 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.188.112.3 63.81.160.11
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/23 11:32:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/30 07:08:03 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andy\Desktop\OTL.exe
[2009/12/29 22:53:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\AVG9
[2009/12/27 15:32:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/12/27 08:05:44 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/12/27 07:34:14 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/27 07:34:14 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/27 07:34:14 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/27 07:34:14 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/21 15:59:09 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Andy\IETldCache
[2009/12/21 15:52:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/12/21 15:49:17 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/12/16 16:25:06 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/12/16 16:24:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\uTorrent
[2009/12/16 09:10:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andy\My Documents\Paula_files
[2009/12/15 21:56:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\OnlineArmor
[2009/12/15 21:56:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2009/12/15 21:55:46 | 00,024,656 | ---- | C] (Tall Emu) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2009/12/15 21:55:45 | 00,223,312 | ---- | C] (Tall Emu) -- C:\WINDOWS\System32\drivers\OADriver.sys
[2009/12/15 21:55:45 | 00,029,776 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2009/12/15 21:55:44 | 00,000,000 | ---D | C] -- C:\Program Files\Tall Emu
[2009/12/15 18:59:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Local Settings\Application Data\AVG Security Toolbar
[2009/12/15 18:59:13 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/12/15 18:59:11 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/12/15 18:59:05 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/12/15 18:59:04 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/12/15 18:59:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/12/15 18:58:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/12/15 18:58:47 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/12/15 18:58:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/15 18:58:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/12/15 18:52:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/15 18:52:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/15 18:52:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/15 18:52:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/15 17:33:58 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/15 17:33:58 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/15 17:33:58 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/15 17:33:58 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/15 17:33:42 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/12/13 06:55:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/12 07:20:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Malwarebytes
[2009/12/12 07:20:42 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/12 07:20:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/12 07:20:39 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/12 07:20:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/11 20:32:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2009/12/11 20:32:32 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/12/11 20:32:32 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/12/11 20:32:31 | 11,069,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/12/11 20:32:31 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/12/11 20:32:31 | 01,241,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2009/12/11 20:32:31 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2009/12/11 20:32:31 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2009/12/11 20:32:30 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2009/12/11 20:32:30 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2009/12/11 20:32:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/12/11 20:30:56 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2009/12/11 20:30:41 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2009/12/11 20:30:23 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2009/10/23 16:58:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/10/13 17:21:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/10/13 15:40:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/09/23 11:46:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/09/23 11:44:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/30 07:08:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andy\Desktop\OTL.exe
[2009/12/30 07:07:16 | 00,347,268 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/30 07:07:16 | 00,305,886 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/30 07:07:16 | 00,038,162 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/30 07:06:34 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/12/30 07:02:50 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/30 07:02:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/30 07:02:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/30 07:02:39 | 21,370,38848 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/29 23:12:12 | 03,407,872 | -H-- | M] () -- C:\Documents and Settings\Andy\NTUSER.DAT
[2009/12/29 23:11:49 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Andy\ntuser.ini
[2009/12/29 23:05:22 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/29 22:56:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/29 22:55:11 | 03,869,488 | R--- | M] () -- C:\Documents and Settings\Andy\Desktop\commy.exe.exe
[2009/12/29 22:38:25 | 47,210,285 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/29 12:58:43 | 00,128,231 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/28 21:18:22 | 00,009,728 | ---- | M] () -- C:\Documents and Settings\Andy\My Documents\Ski Revised 2.xls
[2009/12/28 07:08:56 | 00,016,504 | ---- | M] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/27 16:40:43 | 00,107,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/27 16:36:39 | 02,105,344 | ---- | M] () -- C:\WINDOWS\System32\secsetup.sdb
[2009/12/27 15:20:22 | 00,441,856 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\CKScanner.exe
[2009/12/25 17:58:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/22 23:42:41 | 00,243,200 | ---- | M] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/21 15:52:26 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/16 16:25:12 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2009/12/16 13:56:29 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/12/16 09:10:56 | 00,048,770 | ---- | M] () -- C:\Documents and Settings\Andy\My Documents\Paula.htm
[2009/12/15 21:56:19 | 00,000,052 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.idx
[2009/12/15 18:59:13 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/12/15 18:59:13 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/12/15 18:59:11 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/12/15 18:59:05 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/12/15 18:59:04 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/12/15 18:59:04 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/12/15 18:59:01 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/12/15 18:59:01 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/12/15 18:57:02 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\Andy\My Documents\SFCOC revised.doc
[2009/12/15 17:33:46 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/15 17:33:45 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/15 17:33:45 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/15 17:33:45 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/15 17:33:45 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/15 09:06:56 | 00,012,288 | ---- | M] () -- C:\Documents and Settings\Andy\My Documents\Cooking Club hrs.doc
[2009/12/13 06:57:37 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/12/12 07:20:46 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/11 21:48:28 | 00,016,449 | ---- | M] () -- C:\Documents and Settings\Andy\My Documents\why%20draft.doc_1.odt
[2009/12/11 21:17:54 | 00,000,145 | -H-- | M] () -- C:\Documents and Settings\Andy\My Documents\.~lock.why draft.doc#
[2009/12/11 19:14:03 | 00,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/12/09 10:00:48 | 00,014,336 | ---- | M] () -- C:\Documents and Settings\Andy\My Documents\Taos Cooking Film Contacts.xls
[2009/12/08 22:25:07 | 00,008,192 | ---- | M] () -- C:\Documents and Settings\Andy\My Documents\New Mexico youth ultimate.xls
[2009/12/08 17:57:49 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Andy\My Documents\Woogaboo Casion Proposal Dec 2009.doc
[2009/12/08 10:01:43 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Andy\My Documents\09-10 Pueblo Kids Skiing 2.doc
[2009/12/05 07:28:06 | 00,024,656 | ---- | M] (Tall Emu) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2009/12/05 07:27:56 | 00,029,776 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2009/12/05 07:27:52 | 00,223,312 | ---- | M] (Tall Emu) -- C:\WINDOWS\System32\drivers\OADriver.sys
[2009/12/04 17:40:16 | 00,018,432 | ---- | M] () -- C:\Documents and Settings\Andy\My Documents\09-10 Pueblo Kids Skiing.doc
[2009/12/04 16:12:16 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Andy\My Documents\09-10 Pueblo Kids.doc
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/03 11:30:52 | 00,668,215 | ---- | M] () -- C:\Documents and Settings\Andy\My Documents\rock radio 121908.mp3
[2009/12/01 22:42:01 | 00,012,800 | ---- | M] () -- C:\Documents and Settings\Andy\My Documents\why draft.doc
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/28 18:18:55 | 00,009,728 | ---- | C] () -- C:\Documents and Settings\Andy\My Documents\Ski Revised 2.xls
[2009/12/27 15:20:20 | 00,441,856 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\CKScanner.exe
[2009/12/27 15:16:01 | 02,105,344 | ---- | C] () -- C:\WINDOWS\System32\secsetup.sdb
[2009/12/27 07:34:14 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/27 07:34:14 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/27 07:34:14 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/27 07:34:14 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/27 07:34:14 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/27 07:24:38 | 03,869,488 | R--- | C] () -- C:\Documents and Settings\Andy\Desktop\commy.exe.exe
[2009/12/16 16:25:12 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2009/12/16 09:10:50 | 00,048,770 | ---- | C] () -- C:\Documents and Settings\Andy\My Documents\Paula.htm
[2009/12/15 18:59:13 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/12/15 18:59:04 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/12/15 18:59:01 | 47,210,285 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/15 18:59:01 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/12/15 18:59:01 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/12/15 18:59:01 | 00,128,231 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/15 11:37:07 | 00,015,872 | ---- | C] () -- C:\Documents and Settings\Andy\My Documents\SFCOC revised.doc
[2009/12/12 07:20:46 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/12 07:17:11 | 00,016,449 | ---- | C] () -- C:\Documents and Settings\Andy\My Documents\why%20draft.doc_1.odt
[2009/12/11 21:17:54 | 00,000,145 | -H-- | C] () -- C:\Documents and Settings\Andy\My Documents\.~lock.why draft.doc#
[2009/12/08 22:25:05 | 00,008,192 | ---- | C] () -- C:\Documents and Settings\Andy\My Documents\New Mexico youth ultimate.xls
[2009/12/08 17:57:46 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Andy\My Documents\Woogaboo Casion Proposal Dec 2009.doc
[2009/12/08 09:42:02 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Andy\My Documents\09-10 Pueblo Kids Skiing 2.doc
[2009/12/04 17:40:15 | 00,018,432 | ---- | C] () -- C:\Documents and Settings\Andy\My Documents\09-10 Pueblo Kids Skiing.doc
[2009/12/04 16:12:14 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Andy\My Documents\09-10 Pueblo Kids.doc
[2009/12/03 11:30:45 | 00,668,215 | ---- | C] () -- C:\Documents and Settings\Andy\My Documents\rock radio 121908.mp3
[2009/12/01 11:23:10 | 00,012,800 | ---- | C] () -- C:\Documents and Settings\Andy\My Documents\why draft.doc
[2009/11/10 21:50:37 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/09/26 17:37:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2009/09/25 17:10:31 | 00,243,200 | ---- | C] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/23 11:50:42 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/09/23 11:50:41 | 00,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/09/23 11:39:40 | 00,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2009/09/23 11:39:40 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2009/09/23 11:38:48 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
< End of report >

roseytaos
Intermediate
Intermediate

Status :
Online
Offline

Posts : 120
Joined : 2009-12-12
OS : xp
Points : 27391
# Likes : 0

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by roseytaos on Wed Dec 30, 2009 2:17 pm

OTL Extras logfile created on: 12/30/2009 7:09:32 AM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Andy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 215.46 Gb Free Space | 92.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931.51 Gb Total Space | 613.90 Gb Free Space | 65.90% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDY-A23018BC95
Current User Name: Andy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Camera Window
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow" = ffdshow (remove only)
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.2
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnlineArmor_is1" = Online Armor 4.0
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Dell Touchpad
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/27/2009 11:09:24 AM | Computer Name = ANDY-A23018BC95 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3622, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2009 11:11:21 AM | Computer Name = ANDY-A23018BC95 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3622, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2009 11:12:02 AM | Computer Name = ANDY-A23018BC95 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3622, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2009 11:12:18 AM | Computer Name = ANDY-A23018BC95 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3622, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2009 11:12:41 AM | Computer Name = ANDY-A23018BC95 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3622, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2009 11:12:45 AM | Computer Name = ANDY-A23018BC95 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3622, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2009 11:12:45 AM | Computer Name = ANDY-A23018BC95 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3622, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2009 6:25:18 PM | Computer Name = ANDY-A23018BC95 | Source = Application Hang | ID = 1002
Description = Hanging application CKScanner.exe, version 1.4.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2009 7:02:57 PM | Computer Name = ANDY-A23018BC95 | Source = Google Update | ID = 20
Description =

Error - 12/28/2009 6:59:37 PM | Computer Name = ANDY-A23018BC95 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 12/22/2009 9:20:57 PM | Computer Name = ANDY-A23018BC95 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 12/26/2009 9:22:36 PM | Computer Name = ANDY-A23018BC95 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 12/27/2009 2:11:39 AM | Computer Name = ANDY-A23018BC95 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 12/27/2009 2:11:42 AM | Computer Name = ANDY-A23018BC95 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 12/27/2009 2:11:45 AM | Computer Name = ANDY-A23018BC95 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 12/27/2009 10:35:19 AM | Computer Name = ANDY-A23018BC95 | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/27/2009 8:44:35 PM | Computer Name = ANDY-A23018BC95 | Source = Service Control Manager | ID = 7024
Description = The Messenger service terminated with service-specific error 2270
(0x8DE).

Error - 12/27/2009 9:16:54 PM | Computer Name = ANDY-A23018BC95 | Source = Service Control Manager | ID = 7024
Description = The Messenger service terminated with service-specific error 2270
(0x8DE).

Error - 12/28/2009 7:25:25 PM | Computer Name = ANDY-A23018BC95 | Source = Service Control Manager | ID = 7024
Description = The Messenger service terminated with service-specific error 2270
(0x8DE).

Error - 12/30/2009 1:57:18 AM | Computer Name = ANDY-A23018BC95 | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >

roseytaos
Intermediate
Intermediate

Status :
Online
Offline

Posts : 120
Joined : 2009-12-12
OS : xp
Points : 27391
# Likes : 0

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by Dr Jay on Wed Dec 30, 2009 8:59 pm

How is your computer running? Seems as if the malware is gone, by what the log says.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by roseytaos on Thu Dec 31, 2009 4:15 am

Seems to be working fine. Dragonslayer Jay you are indeed a wizard. I am again hugely grateful. Wishing you and yours a happy healthy new year!

roseytaos
Intermediate
Intermediate

Status :
Online
Offline

Posts : 120
Joined : 2009-12-12
OS : xp
Points : 27391
# Likes : 0

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by Dr Jay on Thu Dec 31, 2009 4:28 am

Thanks. You as well. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by roseytaos on Thu Jan 14, 2010 6:52 pm

Dragon Master - *REMOVED* It's happening again!! Same thing! I swear it's not just that I missed you! I ran my malwarebytes and avg scans and they see nothing. Was the bug hiding and sleeping??? Could it be designed to come back??

roseytaos
Intermediate
Intermediate

Status :
Online
Offline

Posts : 120
Joined : 2009-12-12
OS : xp
Points : 27391
# Likes : 0

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by Dr Jay on Thu Jan 14, 2010 10:29 pm

Please download and run Rootkit Unhooker: [You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by roseytaos on Thu Jan 14, 2010 11:44 pm

Here is the report. On the bottom it says "possible rootkit activity detected!!"

>SSDT State
NtAllocateVirtualMemory
Actual Address 0xA8C9C420
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtAssignProcessToJobObject
Actual Address 0xA8C9CC60
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtConnectPort
Actual Address 0xA8C9AA90
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtCreateFile
Actual Address 0xA8CA9CB0
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtCreatePort
Actual Address 0xA8C9A740
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtCreateProcess
Actual Address 0xA8C97320
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtCreateProcessEx
Actual Address 0xA8C97710
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtCreateSection
Actual Address 0xA8C96DE0
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtCreateThread
Actual Address 0xA8C98CA0
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtDebugActiveProcess
Actual Address 0xA8C99900
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtDuplicateObject
Actual Address 0xA8C9A410
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtLoadDriver
Actual Address 0xA8C9BB40
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtOpenFile
Actual Address 0xA8CAA420
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtOpenProcess
Actual Address 0xA8C98630
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtOpenSection
Actual Address 0xA8C97080
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtOpenThread
Actual Address 0xA8C991C0
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtProtectVirtualMemory
Actual Address 0xA8C9C8A0
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtQueryDirectoryFile
Actual Address 0xA8C9BFB0
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtQueueApcThread
Actual Address 0xA8C9CE00
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtRequestWaitReplyPort
Actual Address 0xA8C9B690
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtRestoreKey
Actual Address 0xA8CA9940
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtResumeThread
Actual Address 0xA8C9A060
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtSecureConnectPort
Actual Address 0xA8C9AE80
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtSetContextThread
Actual Address 0xA8C996E0
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtSetSystemInformation
Actual Address 0xA8C99AA0
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtShutdownSystem
Actual Address 0xA8C9BA10
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtSuspendProcess
Actual Address 0xA8C9A240
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtSuspendThread
Actual Address 0xA8C99E60
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtSystemDebugControl
Actual Address 0xA8C99C90
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtTerminateProcess
Actual Address 0xA8C98A30
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtTerminateThread
Actual Address 0xA8C994B0
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtUnloadDriver
Actual Address 0xA8C9BD70
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtWriteVirtualMemory
Actual Address 0xA8C9CA70
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

>Shadow
NtGdiBitBlt
Actual Address 0xA8C955C0
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtGdiOpenDCW
Actual Address 0xA8C95940
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtUserAttachThreadInput
Actual Address 0xA8C92470
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtUserBlockInput
Actual Address 0xA8C942B0
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtUserCallHwndParamLock
Actual Address 0xA8C93DF0
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtUserCallTwoParam
Actual Address 0xA8C94E30
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtUserGetAsyncKeyState
Actual Address 0xA8C92F00
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtUserGetClipboardData
Actual Address 0xA8C945B0
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtUserGetDC
Actual Address 0xA8C95270
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtUserGetKeyboardState
Actual Address 0xA8C92DD0
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtUserGetKeyState
Actual Address 0xA8C92CA0
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtUserGetWindowDC
Actual Address 0xA8C95410
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtUserMessageCall
Actual Address 0xA8C93030
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtUserMoveWindow
Actual Address 0xA8C94950
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtUserPostMessage
Actual Address 0xA8C935B0
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtUserPostThreadMessage
Actual Address 0xA8C93A10
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtUserRegisterRawInputDevices
Actual Address 0xA8C922F0
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtUserSendInput
Actual Address 0xA8C94050
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtUserSetClipboardViewer
Actual Address 0xA8C94450
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtUserSetParent
Actual Address 0xA8C94720
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtUserSetWindowPos
Actual Address 0xA8C94CE0
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtUserSetWindowsHookAW
Actual Address 0xA8C91E10
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtUserSetWindowsHookEx
Actual Address 0xA8C91A20
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtUserSetWinEventHook
Actual Address 0xA8C92080
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

NtUserShowWindow
Actual Address 0xA8C94BF0
Hooked by: C:\WINDOWS\system32\drivers\OADriver.sys

>Processes
>Drivers
>Stealth
>Files
Suspect File: C:\$AVG\$CHJW\2039a04a-d9f3-40bb-98c5-20da78ac9440 Status: hȋdden
Suspect File: C:\$AVG\$CHJW\8cbcc8bd-c17e-4d29-ba9b-28266b4d4961 Status: hȋdden
>Hooks
ntkrnlpa.exe+0x0002D518, Type: Inline - reƖative at address 0x80504518 hook handler located in [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D878, Type: Inline - reƖative at address 0x80504878 hook handler located in [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D8B4, Type: Inline - reƖative at address 0x805048B4 hook handler located in [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006EC7E, Type: Inline - reƖative at address 0x80545C7E hook handler located in [ntkrnlpa.exe]
tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification at address 0xA8E22428 hook handler located in [OAnet.sys]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification at address 0xA8E22454 hook handler located in [OAnet.sys]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification at address 0xA8E22460 hook handler located in [OAnet.sys]
wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification at address 0xBA17DB4C hook handler located in [OAnet.sys]
wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification at address 0xBA17DB1C hook handler located in [OAnet.sys]
wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification at address 0xBA17DB3C hook handler located in [OAnet.sys]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification at address 0xBA17DB28 hook handler located in [OAnet.sys]
[132]oaui.exe-->user32.dll-->LoadStringA, Type: Inline - DirectJump at address 0x7E42C908 hook handler located in [unknown_code_page]
[132]oaui.exe-->user32.dll-->LoadStringW, Type: Inline - DirectJump at address 0x7E419E36 hook handler located in [unknown_code_page]
[1520]oasrv.exe-->user32.dll-->LoadStringA, Type: Inline - DirectJump at address 0x7E42C908 hook handler located in [unknown_code_page]
[1520]oasrv.exe-->user32.dll-->LoadStringW, Type: Inline - DirectJump at address 0x7E419E36 hook handler located in [unknown_code_page]
[1652]iTunes.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x7C80236B hook handler located in [unknown_code_page]
[1652]iTunes.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x7C802336 hook handler located in [unknown_code_page]
[1652]iTunes.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump at address 0x7E45A275 hook handler located in [unknown_code_page]
[1664]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x7C80236B hook handler located in [unknown_code_page]
[1664]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x7C802336 hook handler located in [unknown_code_page]
[1664]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification at address 0x01001268 hook handler located in [shimeng.dll]
[1664]explorer.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump at address 0x7E45A275 hook handler located in [unknown_code_page]
[2588]firefox.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x7C80236B hook handler located in [unknown_code_page]
[2588]firefox.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x7C802336 hook handler located in [unknown_code_page]
[2588]firefox.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump at address 0x7E45A275 hook handler located in [unknown_code_page]
[3020]soffice.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x7C80236B hook handler located in [unknown_code_page]
[3020]soffice.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x7C802336 hook handler located in [unknown_code_page]
[3020]soffice.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump at address 0x7E45A275 hook handler located in [unknown_code_page]
[3024]oahlp.exe-->user32.dll-->LoadStringA, Type: Inline - DirectJump at address 0x7E42C908 hook handler located in [unknown_code_page]
[3024]oahlp.exe-->user32.dll-->LoadStringW, Type: Inline - DirectJump at address 0x7E419E36 hook handler located in [unknown_code_page]
[3132]hkcmd.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x7C80236B hook handler located in [unknown_code_page]
[3132]hkcmd.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x7C802336 hook handler located in [unknown_code_page]
[3132]hkcmd.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump at address 0x7E45A275 hook handler located in [unknown_code_page]
[3176]igfxpers.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x7C80236B hook handler located in [unknown_code_page]
[3176]igfxpers.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x7C802336 hook handler located in [unknown_code_page]
[3176]igfxpers.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump at address 0x7E45A275 hook handler located in [unknown_code_page]
[3240]quickset.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x7C80236B hook handler located in [unknown_code_page]
[3240]quickset.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x7C802336 hook handler located in [unknown_code_page]
[3240]quickset.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump at address 0x7E45A275 hook handler located in [unknown_code_page]
[3300]stsystra.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x7C80236B hook handler located in [unknown_code_page]
[3300]stsystra.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x7C802336 hook handler located in [unknown_code_page]
[3300]stsystra.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump at address 0x7E45A275 hook handler located in [unknown_code_page]
[3324]soffice.bin-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x7C80236B hook handler located in [unknown_code_page]
[3324]soffice.bin-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x7C802336 hook handler located in [unknown_code_page]
[3324]soffice.bin-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump at address 0x7E45A275 hook handler located in [unknown_code_page]
[3332]igfxsrvc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x7C80236B hook handler located in [unknown_code_page]
[3332]igfxsrvc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x7C802336 hook handler located in [unknown_code_page]
[3332]igfxsrvc.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump at address 0x7E45A275 hook handler located in [unknown_code_page]
[3388]SynTPEnh.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x7C80236B hook handler located in [unknown_code_page]
[3388]SynTPEnh.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x7C802336 hook handler located in [unknown_code_page]
[3388]SynTPEnh.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump at address 0x7E45A275 hook handler located in [unknown_code_page]
[3476]WLTRAY.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x7C80236B hook handler located in [unknown_code_page]
[3476]WLTRAY.EXE-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x7C802336 hook handler located in [unknown_code_page]
[3476]WLTRAY.EXE-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump at address 0x7E45A275 hook handler located in [unknown_code_page]
[3804]iTunesHelper.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x7C80236B hook handler located in [unknown_code_page]
[3804]iTunesHelper.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x7C802336 hook handler located in [unknown_code_page]
[3804]iTunesHelper.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump at address 0x7E45A275 hook handler located in [unknown_code_page]
[3884]jusched.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x7C80236B hook handler located in [unknown_code_page]
[3884]jusched.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x7C802336 hook handler located in [unknown_code_page]
[3884]jusched.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump at address 0x7E45A275 hook handler located in [unknown_code_page]
[4036]avgtray.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump at address 0x7C80236B hook handler located in [unknown_code_page]
[4036]avgtray.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump at address 0x7C802336 hook handler located in [unknown_code_page]
[4036]avgtray.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump at address 0x7E45A275 hook handler located in [unknown_code_page]
!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

roseytaos
Intermediate
Intermediate

Status :
Online
Offline

Posts : 120
Joined : 2009-12-12
OS : xp
Points : 27391
# Likes : 0

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by Dr Jay on Fri Jan 15, 2010 1:18 am

Hehe...it is important to do this correctly, and that all results are fresh.

Jotti File Submission:
  • Please go to [You must be registered and logged in to see this link.]

  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\WINDOWS\SYSTEM32\netlogon.dll


  • Click on the submit button.
    Make sure to re-scan them, not get a past analysis.

  • Please post the results (URL) in your next reply.

  • Do the same for the following files:
    C:\windows\system32\drivers\atapi.sys
    C:\windows\system32\user32.dll
    C:\windows\system32\drivers\beep.sys
    C:\windows\system32\userinit.exe
    C:\windows\explorer.exe
    C:\windows\system32\scecli.dll


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by roseytaos on Fri Jan 15, 2010 1:26 am

DM - that box is letting me neither paste nor type in anything....I can only use the browse tab. How can I find those files using the browse function?

roseytaos
Intermediate
Intermediate

Status :
Online
Offline

Posts : 120
Joined : 2009-12-12
OS : xp
Points : 27391
# Likes : 0

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by Dr Jay on Fri Jan 15, 2010 1:32 am

Navigate to the folders.

C:\ is your drive.

Windows is one folder. You will find files in there.

System32 is the next folder. You will find files in there.

Drivers is the next folder. You will find file in there.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by roseytaos on Fri Jan 15, 2010 1:54 am

Performed all the 20 scans on all those files. Nothing was found on any of them. Do you still need the urls?


[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

roseytaos
Intermediate
Intermediate

Status :
Online
Offline

Posts : 120
Joined : 2009-12-12
OS : xp
Points : 27391
# Likes : 0

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by Dr Jay on Fri Jan 15, 2010 4:32 am

No need.

Please download [You must be registered and logged in to see this link.] by DragonMaster Jay and save it to your Desktop.
  • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by roseytaos on Fri Jan 15, 2010 2:11 pm

SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows XP [Version 5.1.2600]

********************Drivers list********************


Volume in drive C has no label.
Volume Serial Number is 5CB0-4D7F

Directory of C:\Windows\System32\Drivers

01/14/2010 04:25 PM .
01/14/2010 04:25 PM ..
04/14/2008 05:00 AM 53,376 1394bus.sys
04/14/2008 05:00 AM 187,776 acpi.sys
04/14/2008 05:00 AM 11,648 acpiec.sys
04/13/2008 09:09 PM 142,592 aec.sys
08/14/2008 03:04 AM 138,496 afd.sys
04/14/2008 05:00 AM 37,376 amdk6.sys
04/14/2008 05:00 AM 37,760 amdk7.sys
08/12/2005 04:50 PM 16,128 APPDRV.SYS
04/14/2008 05:00 AM 60,800 arp1394.sys
04/14/2008 05:00 AM 14,336 asyncmac.sys
04/13/2008 11:10 PM 96,512 atapi.sys
04/14/2008 05:00 AM 59,904 atmarpc.sys
04/14/2008 05:00 AM 31,360 atmepvc.sys
04/14/2008 05:00 AM 55,808 atmlane.sys
04/14/2008 05:00 AM 352,256 atmuni.sys
08/17/2001 06:59 AM 3,072 audstub.sys
01/14/2010 05:44 PM Avg
12/15/2009 06:59 PM 333,192 avgldx86.sys
12/15/2009 06:59 PM 28,424 avgmfx86.sys
12/15/2009 06:59 PM 360,584 avgtdix.sys
04/13/2008 05:06 PM 14,208 battc.sys
11/21/2006 03:25 AM 45,568 bcm4sbxp.sys
10/24/2008 05:00 PM 1,287,552 BCMWL5.SYS
10/24/2008 05:00 PM 33,664 BCMWLNPF.SYS
04/14/2008 05:00 AM 4,224 beep.sys
04/14/2008 05:00 AM 71,552 bridge.sys
06/13/2008 04:05 AM 272,128 bthport.sys
04/14/2008 05:00 AM 13,952 cbidf2k.sys
04/14/2008 05:00 AM 18,688 cdaudio.sys
04/14/2008 05:00 AM 63,744 cdfs.sys
07/31/2008 03:17 PM 9,072 cdr4_xp.sys
07/31/2008 03:17 PM 9,200 cdralw2k.sys
04/14/2008 05:00 AM 62,976 cdrom.sys
12/21/2004 03:29 PM 39,904 cercsr6.sys
04/14/2008 05:00 AM 262,528 cinemst2.sys
04/14/2008 05:00 AM 49,536 classpnp.sys
04/13/2008 05:06 PM 13,952 CmBatt.sys
04/13/2008 05:06 PM 10,240 compbatt.sys
04/14/2008 05:00 AM 11,776 cpqdap01.sys
04/14/2008 05:00 AM 36,736 crusoe.sys
09/06/2007 01:04 PM 143,891 del1028.cty
09/23/2009 05:09 AM disdn
04/14/2008 05:00 AM 36,352 disk.sys
04/14/2008 05:00 AM 14,208 diskdump.sys
04/14/2008 05:00 AM 799,744 dmboot.sys
04/14/2008 05:00 AM 153,344 dmio.sys
04/14/2008 05:00 AM 5,888 dmload.sys
04/13/2008 11:15 PM 52,864 DMusic.sys
04/13/2008 11:15 PM 60,160 drmk.sys
04/13/2008 11:15 PM 2,944 drmkaud.sys
04/14/2008 05:00 AM 10,496 dxapi.sys
04/14/2008 05:00 AM 71,168 dxg.sys
04/14/2008 05:00 AM 3,328 dxgthk.sys
08/17/2001 06:46 AM 6,400 enum1394.sys
12/15/2009 09:56 PM etc
04/14/2008 05:00 AM 143,744 fastfat.sys
04/14/2008 05:00 AM 27,392 fdc.sys
04/14/2008 05:00 AM 44,544 fips.sys
04/14/2008 05:00 AM 20,480 flpydisk.sys
04/14/2008 05:00 AM 129,792 fltMgr.sys
04/14/2008 05:00 AM 12,160 fsvga.sys
04/14/2008 05:00 AM 7,936 fs_rec.sys
04/14/2008 05:00 AM 125,056 ftdisk.sys
05/18/2009 01:17 PM 26,600 GEARAspiWDM.sys
04/14/2008 05:00 AM 3,440,660 gm.dls
04/14/2008 05:00 AM 646 gmreadme.txt
04/14/2008 05:00 AM 144,384 hdaudbus.sys
04/14/2008 05:00 AM 36,864 hidclass.sys
04/14/2008 05:00 AM 24,960 hidparse.sys
08/02/2007 04:34 PM 211,200 HSFHWAZL.sys
08/02/2007 04:34 PM 731,136 HSF_CNXT.sys
08/02/2007 04:35 PM 989,952 HSF_DPV.sys
10/20/2009 09:20 AM 265,728 http.sys
04/14/2008 05:00 AM 52,480 i8042prt.sys
05/16/2007 05:14 PM 5,707,744 igxpmp32.sys
04/14/2008 05:00 AM 42,112 imapi.sys
04/14/2008 05:00 AM 36,352 intelppm.sys
04/14/2008 05:00 AM 36,608 ip6fw.sys
04/14/2008 05:00 AM 32,896 ipfltdrv.sys
04/14/2008 05:00 AM 20,864 ipinip.sys
04/14/2008 05:00 AM 152,832 ipnat.sys
04/14/2008 05:00 AM 75,264 ipsec.sys
04/14/2008 05:00 AM 11,264 irenum.sys
04/13/2008 11:06 PM 37,248 isapnp.sys
04/14/2008 05:00 AM 24,576 kbdclass.sys
04/13/2008 11:15 PM 172,416 kmixer.sys
04/13/2008 11:46 PM 141,056 ks.sys
06/24/2009 04:18 AM 92,928 ksecdd.sys
12/03/2009 04:13 PM 19,160 mbam.sys
12/03/2009 04:14 PM 38,224 mbamswissarmy.sys
04/14/2008 05:00 AM 7,680 mcd.sys
06/19/2006 01:26 PM 12,672 mdmxsdk.sys
04/14/2008 05:00 AM 63,744 mf.sys
04/14/2008 05:00 AM 4,224 mnmdd.sys
04/14/2008 05:00 AM 30,080 modem.sys
04/14/2008 05:00 AM 23,040 mouclass.sys
04/14/2008 05:00 AM 42,368 mountmgr.sys
04/14/2008 05:00 AM 180,608 mrxdav.sys
10/24/2008 04:21 AM 455,296 mrxsmb.sys
04/14/2008 05:00 AM 19,072 msfs.sys
04/14/2008 05:00 AM 35,072 msgpc.sys
04/13/2008 11:09 PM 7,552 MSKSSRV.sys
04/13/2008 11:09 PM 5,376 MSPCLOCK.sys
04/13/2008 11:09 PM 4,992 MSPQM.sys
04/14/2008 05:00 AM 15,488 mssmbios.sys
04/14/2008 05:00 AM 105,344 mup.sys
04/14/2008 05:00 AM 182,656 ndis.sys
04/14/2008 05:00 AM 10,112 ndistapi.sys
04/14/2008 05:00 AM 14,592 ndisuio.sys
04/14/2008 05:00 AM 91,520 ndiswan.sys
04/14/2008 05:00 AM 40,576 ndproxy.sys
04/14/2008 05:00 AM 34,688 netbios.sys
04/14/2008 05:00 AM 162,816 netbt.sys
04/14/2008 05:00 AM 61,824 nic1394.sys
04/14/2008 05:00 AM 12,032 nikedrv.sys
04/14/2008 05:00 AM 40,320 nmnt.sys
04/14/2008 05:00 AM 30,848 npfs.sys
04/14/2008 05:00 AM 574,976 ntfs.sys
04/14/2008 05:00 AM 2,944 null.sys
04/14/2008 05:00 AM 12,416 nwlnkflt.sys
04/14/2008 05:00 AM 32,512 nwlnkfwd.sys
04/14/2008 05:00 AM 88,320 nwlnkipx.sys
04/14/2008 05:00 AM 63,232 nwlnknb.sys
04/14/2008 05:00 AM 55,936 nwlnkspx.sys
12/05/2009 07:27 AM 223,312 OADriver.sys
12/05/2009 07:28 AM 24,656 OAmon.sys
12/05/2009 07:27 AM 29,776 OAnet.sys
04/14/2008 05:00 AM 61,696 ohci1394.sys
04/14/2008 05:00 AM 3,456 oprghdlr.sys
04/14/2008 05:00 AM 42,752 p3.sys
04/14/2008 05:00 AM 80,128 parport.sys
04/14/2008 05:00 AM 19,712 partmgr.sys
04/14/2008 05:00 AM 6,784 parvdm.sys
04/13/2008 11:06 PM 68,224 pci.sys
08/17/2001 12:51 PM 3,328 pciide.sys
04/13/2008 11:10 PM 24,960 pciidex.sys
04/14/2008 05:00 AM 120,192 pcmcia.sys
04/13/2008 11:49 PM 146,048 portcls.sys
04/14/2008 05:00 AM 35,840 processr.sys
04/14/2008 05:00 AM 69,120 psched.sys
04/14/2008 05:00 AM 17,792 ptilink.sys
07/31/2008 03:17 PM 43,872 pxhelp20.sys
04/14/2008 05:00 AM 8,832 rasacd.sys
04/14/2008 05:00 AM 51,328 rasl2tp.sys
04/14/2008 05:00 AM 41,472 raspppoe.sys
04/14/2008 05:00 AM 48,384 raspptp.sys
04/14/2008 05:00 AM 16,512 raspti.sys
04/14/2008 05:00 AM 34,432 rawwan.sys
04/14/2008 05:00 AM 175,744 rdbss.sys
04/14/2008 05:00 AM 4,224 rdpcdd.sys
04/13/2008 11:02 PM 196,224 rdpdr.sys
04/14/2008 05:00 AM 139,656 rdpwd.sys
04/13/2008 05:10 PM 57,600 redbook.sys
11/14/2006 11:16 PM 32,256 rimmptsk.sys
11/14/2006 06:42 PM 43,520 rimsptsk.sys
04/14/2008 05:00 AM 12,032 rio8drv.sys
04/14/2008 05:00 AM 12,032 riodrv.sys
11/14/2006 04:35 PM 37,376 rixdptsk.sys
05/08/2008 07:02 AM 203,136 rmcast.sys
04/14/2008 05:00 AM 30,592 rndismp.sys
04/14/2008 05:00 AM 5,888 rootmdm.sys
04/14/2008 05:00 AM 96,384 scsiport.sys
04/14/2008 05:00 AM 79,232 sdbus.sys
04/14/2008 05:00 AM 20,480 secdrv.sys
04/14/2008 05:00 AM 15,744 serenum.sys
04/14/2008 05:00 AM 64,512 serial.sys
04/14/2008 05:00 AM 11,904 sffdisk.sys
04/14/2008 05:00 AM 10,240 sffp_mmc.sys
04/14/2008 05:00 AM 11,008 sffp_sd.sys
04/14/2008 05:00 AM 11,392 sfloppy.sys
04/14/2008 05:00 AM 14,592 smclib.sys
04/14/2008 05:00 AM 25,344 sonydcam.sys
04/13/2008 11:15 PM 6,272 splitter.sys
04/14/2008 05:00 AM 73,472 sr.sys
12/11/2008 03:57 AM 333,952 srv.sys
05/10/2007 09:24 AM 1,222,840 sthda.sys
04/13/2008 11:15 PM 49,408 stream.sys
04/14/2008 05:00 AM 4,352 swenum.sys
04/13/2008 11:15 PM 56,576 swmidi.sys
10/26/2007 12:57 PM 216,800 SynTP.sys
04/13/2008 11:45 PM 60,800 sysaudio.sys
04/14/2008 05:00 AM 14,976 tape.sys
06/20/2008 04:51 AM 361,600 tcpip.sys
06/20/2008 04:08 AM 225,856 tcpip6.sys
04/14/2008 05:00 AM 19,072 tdi.sys
04/14/2008 05:00 AM 12,040 tdpipe.sys
04/14/2008 05:00 AM 21,896 tdtcp.sys
04/14/2008 04:43 AM 40,840 termdd.sys
04/14/2008 05:00 AM 51,712 tosdvd.sys
04/14/2008 05:00 AM 21,376 tsbvcap.sys
04/14/2008 05:00 AM 12,288 tunmp.sys
04/14/2008 05:00 AM 66,048 udfs.sys
10/13/2009 04:10 PM UMDF
04/14/2008 05:00 AM 384,768 update.sys
04/14/2008 05:00 AM 12,800 usb8023.sys
08/28/2009 06:42 PM 40,448 usbaapl.sys
04/14/2008 05:00 AM 25,600 usbcamd.sys
04/14/2008 05:00 AM 25,728 usbcamd2.sys
04/14/2008 05:00 AM 4,736 usbd.sys
04/13/2008 11:15 PM 30,208 usbehci.sys
04/13/2008 11:15 PM 59,520 usbhub.sys
04/14/2008 05:00 AM 15,872 usbintel.sys
04/13/2008 11:15 PM 143,872 usbport.sys
04/13/2008 11:15 PM 15,104 usbscan.sys
04/13/2008 11:15 PM 26,368 USBSTOR.SYS
04/13/2008 11:15 PM 20,608 usbuhci.sys
04/14/2008 05:00 AM 58,112 vdmindvd.sys
04/14/2008 05:00 AM 20,992 vga.sys
04/14/2008 05:00 AM 81,664 videoprt.sys
04/14/2008 05:00 AM 52,352 volsnap.sys
04/14/2008 05:00 AM 34,560 wanarp.sys
04/13/2008 11:47 PM 83,072 wdmaud.sys
04/13/2008 05:06 PM 8,832 wmiacpi.sys
04/14/2008 05:00 AM 4,352 wmilib.sys
10/18/2006 07:00 PM 38,528 wpdusb.sys
04/14/2008 05:00 AM 12,032 ws2ifsl.sys
09/28/2006 05:55 PM 77,568 WudfPf.sys
09/28/2006 06:00 PM 82,944 WudfRd.sys
214 File(s) 28,082,109 bytes

Directory of C:\Windows\System32\Drivers\Avg

01/14/2010 05:44 PM .
01/14/2010 05:44 PM ..
12/15/2009 06:59 PM 6,061,540 avi7.avg
12/15/2009 06:59 PM 113,461 iavichjw.avm
01/14/2010 05:44 PM 47,848,873 incavi.avm
01/14/2010 05:43 PM 139,554 microavi.avg
12/15/2009 06:59 PM 492,629 miniavi.avg
5 File(s) 54,656,057 bytes

roseytaos
Intermediate
Intermediate

Status :
Online
Offline

Posts : 120
Joined : 2009-12-12
OS : xp
Points : 27391
# Likes : 0

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by roseytaos on Fri Jan 15, 2010 2:12 pm

Directory of C:\Windows\System32\Drivers\disdn

09/23/2009 05:09 AM .
09/23/2009 05:09 AM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\etc

12/15/2009 09:56 PM .
12/15/2009 09:56 PM ..
12/11/2009 07:14 PM 736 hosts
04/14/2008 05:00 AM 734 hosts.bak
12/15/2009 09:56 PM 52 hosts.idx
04/14/2008 05:00 AM 3,683 lmhosts.sam
04/14/2008 05:00 AM 407 networks
04/14/2008 05:00 AM 799 protocol
04/14/2008 05:00 AM 7,116 services
7 File(s) 13,527 bytes

Directory of C:\Windows\System32\Drivers\UMDF

10/13/2009 04:10 PM .
10/13/2009 04:10 PM ..
10/18/2006 08:47 PM 671,232 wpdmtpdr.dll
1 File(s) 671,232 bytes

Total Files Listed:
227 File(s) 83,422,925 bytes
14 Dir(s) 228,250,456,064 bytes free


***********************Hidden Drivers********************
Volume in drive C has no label.
Volume Serial Number is 5CB0-4D7F

Directory of C:\Windows\System32\Drivers



*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 468 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 516 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 544 High C:\WINDOWS\system32\winlogon.exe
services.exe 588 Normal C:\WINDOWS\system32\services.exe
lsass.exe 600 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 780 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 828 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 868 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 956 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 984 Normal C:\WINDOWS\system32\svchost.exe
avgchsvx.exe 1128 Normal C:\Program Files\AVG\AVG9\avgchsvx.exe
avgrsx.exe 1136 Normal C:\Program Files\AVG\AVG9\avgrsx.exe
WLTRYSVC.EXE 1196 Normal C:\WINDOWS\System32\WLTRYSVC.EXE
bcmwltry.exe 1208 Normal C:\WINDOWS\System32\bcmwltry.exe
OAcat.exe 1216 Normal C:\Program Files\Tall Emu\Online Armor\OAcat.exe
avgcsrvx.exe 1300 Normal C:\Program Files\AVG\AVG9\avgcsrvx.exe
oasrv.exe 1520 High C:\Program Files\Tall Emu\Online Armor\oasrv.exe
Explorer.EXE 1664 Normal C:\WINDOWS\Explorer.EXE
spoolsv.exe 1900 Normal C:\WINDOWS\system32\spoolsv.exe
svchost.exe 1972 Normal C:\WINDOWS\system32\svchost.exe
AppleMobileDeviceService.exe 2004 Normal C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
avgwdsvc.exe 2016 Normal C:\Program Files\AVG\AVG9\avgwdsvc.exe
mDNSResponder.exe 200 Normal C:\Program Files\Bonjour\mDNSResponder.exe
jqs.exe 420 Idle C:\Program Files\Java\jre6\bin\jqs.exe
svchost.exe 788 Normal C:\WINDOWS\system32\svchost.exe
avgemc.exe 1096 Normal C:\Program Files\AVG\AVG9\avgemc.exe
avgnsx.exe 1492 Normal C:\Program Files\AVG\AVG9\avgnsx.exe
avgcsrvx.exe 2440 Normal C:\Program Files\AVG\AVG9\avgcsrvx.exe
alg.exe 2844 Normal C:\WINDOWS\System32\alg.exe
hkcmd.exe 3132 Normal C:\WINDOWS\system32\hkcmd.exe
igfxpers.exe 3176 Normal C:\WINDOWS\system32\igfxpers.exe
quickset.exe 3240 Normal C:\Program Files\Dell\QuickSet\quickset.exe
stsystra.exe 3300 Normal C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
igfxsrvc.exe 3332 Normal C:\WINDOWS\system32\igfxsrvc.exe
SynTPEnh.exe 3388 Above Normal C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
WLTRAY.exe 3476 Normal C:\WINDOWS\system32\WLTRAY.exe
iTunesHelper.exe 3804 Normal C:\Program Files\iTunes\iTunesHelper.exe
jusched.exe 3884 Normal C:\Program Files\Java\jre6\bin\jusched.exe
avgtray.exe 4036 Normal C:\PROGRA~1\AVG\AVG9\avgtray.exe
oaui.exe 132 Normal C:\Program Files\Tall Emu\Online Armor\oaui.exe
wmiprvse.exe 2660 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe
OAhlp.exe 3024 Normal C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
soffice.exe 3020 Normal C:\Program Files\OpenOffice.org 3\program\soffice.exe
soffice.bin 3324 Normal C:\Program Files\OpenOffice.org 3\program\soffice.bin
iPodService.exe 3684 Normal C:\Program Files\iPod\bin\iPodService.exe
svchost.exe 3724 Normal C:\WINDOWS\System32\svchost.exe
iTunes.exe 1652 Normal C:\Program Files\iTunes\iTunes.exe
firefox.exe 3500 Normal C:\Program Files\Mozilla Firefox\firefox.exe
cmd.exe 2740 Normal C:\WINDOWS\system32\cmd.exe
processes.exe 4016 Normal C:\Documents and Settings\Andy\Desktop\SpiderKill\processes.exe


Module information for 'Explorer.EXE'(1664)
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1044480 C:\WINDOWS\Explorer.EXE 6.00.2900.5512 (xpsp.080413-2105) Windows Explorer
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
SHDOCVW.dll 7e290000 1519616 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.5897 (xpsp_sp3_gdr.091028-1650) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 610304 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.5875 (xpsp_sp3_gdr.090904-1413) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust UI Provider
NETAPI32.dll 5b860000 348160 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) Net Win32 API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
WININET.dll 3d930000 942080 C:\WINDOWS\system32\WININET.dll 8.00.6001.18854 (longhorn_ie8_gdr.091026-1700) Internet Extensions for Win32
Normaliz.dll 400000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
urlmon.dll 78130000 1253376 C:\WINDOWS\system32\urlmon.dll 8.00.6001.18854 (longhorn_ie8_gdr.091026-1700) OLE32 Extensions for Win32
iertutil.dll 3dfd0000 1998848 C:\WINDOWS\system32\iertutil.dll 8.00.6001.18854 (longhorn_ie8_gdr.091026-1700) Run time utility for Internet Explorer
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.5512 (xpsp.080413-2105) Windows NT Image Helper
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
msctfime.ime 755c0000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Text Frame Work Service IME
appHelp.dll 77b40000 139264 C:\WINDOWS\system32\appHelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.5512 (xpsp.080413-2105) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.5512 (xpsp.080413-2111) Offline Network Agent
themeui.dll 5ba60000 462848 C:\WINDOWS\system32\themeui.dll 6.00.2900.5512 (xpsp.080413-2105) Windows Theme API
MSIMG32.dll 76380000 20480 C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.5512 (xpsp.080413-2105) GDIEXT Client DLL
xpsp2res.dll 1160000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
OAwatch.dll 18a0000 962560 C:\Program Files\Tall Emu\Online Armor\OAwatch.dll 4.0.0.15 Online Armor Component
wsock32.dll 71ad0000 36864 C:\WINDOWS\system32\wsock32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 32-Bit DLL
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
wtsapi32.dll 76f50000 32768 C:\WINDOWS\system32\wtsapi32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Terminal Server SDK APIs
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.5512 (xpsp.080413-2105) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
msi.dll 7d1e0000 2867200 C:\WINDOWS\system32\msi.dll 3.1.4001.5512 Windows Installer
ieframe.dll 3e1c0000 11087872 C:\WINDOWS\system32\ieframe.dll 8.00.6001.18854 (longhorn_ie8_gdr.091026-1700) Internet Explorer
NETSHELL.dll 76400000 1724416 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Shell
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.5512 (xpsp.080413-2113) Credential Manager User Interface
dot3api.dll 478c0000 40960 C:\WINDOWS\system32\dot3api.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 Autoconfiguration API
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.5512 (xpsp.080413-0852) Routing Utilities
dot3dlg.dll 736d0000 24576 C:\WINDOWS\system32\dot3dlg.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 UI Helper
OneX.DLL 5dca0000 163840 C:\WINDOWS\system32\OneX.DLL 5.1.2600.5512 (xpsp.080413-0852) IEEE 802.1X supplicant library
eappcfg.dll 745b0000 139264 C:\WINDOWS\system32\eappcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Eap Peer Config
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
eappprxy.dll 5dcd0000 57344 C:\WINDOWS\system32\eappprxy.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPHost Peer Client DLL
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.5512 (xpsp.080413-2105) Windows Volume Tracking
rsaenh.dll 68000000 221184 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
webcheck.dll 2450000 249856 C:\WINDOWS\system32\webcheck.dll 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) Web Site Monitor
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.5512 (xpsp.080413-2105) Multi Language Support DLL
stobject.dll 76280000 135168 C:\WINDOWS\system32\stobject.dll 5.1.2600.5512 (xpsp.080413-2105) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINDOWS\system32\BatMeter.dll 6.00.2900.5512 (xpsp.080413-2105) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINDOWS\system32\POWRPROF.dll 6.00.2900.5512 (xpsp.080413-2105) Power Profile Helper DLL
WPDShServiceObj.dll 164a0000 143360 C:\WINDOWS\system32\WPDShServiceObj.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device Shell Service Object
WINHTTP.dll 4d4f0000 364544 C:\WINDOWS\system32\WINHTTP.dll 5.1.2600.5868 (xpsp_sp3_gdr.090824-1328) Windows HTTP Services
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.5512 (xpsp.080413-2108) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft MIDI Mapper
WZCSAPI.DLL 73030000 65536 C:\WINDOWS\system32\WZCSAPI.DLL 5.1.2600.5512 (xpsp.080413-0852) Wireless Zero Configuration service API
mydocs.dll 72410000 106496 C:\WINDOWS\system32\mydocs.dll 6.00.2900.5512 (xpsp.080413-2105) My Documents Folder UI
PortableDeviceTypes.dll 109c0000 180224 C:\WINDOWS\system32\PortableDeviceTypes.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device (Parameter) Types Component
PortableDeviceApi.dll 10930000 299008 C:\WINDOWS\system32\PortableDeviceApi.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device API Components
wzcdlg.dll 5df10000 393216 C:\WINDOWS\system32\wzcdlg.dll 5.1.2600.5512 (xpsp.080413-0852) Wireless Zero Configuration Service UI
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.5512 (xpsp.080413-0852) Multiple Provider Router DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft® Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.5512 (xpsp.080413-2113) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 40960 C:\WINDOWS\System32\davclnt.dll 5.1.2600.5512 (xpsp.080413-2111) Web DAV Client DLL
browselc.dll 71600000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
gdiplus.dll 4ec50000 1748992 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll 5.2.6001.22319 (vistasp1_ldr.081126-1506) Microsoft GDI+
DUSER.dll 6c1b0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.5512 (xpsp.080413-2105) Windows DirectUser Engine
mscms.dll 73b30000 86016 C:\WINDOWS\system32\mscms.dll 5.1.2600.5627 (xpsp_sp3_gdr.080624-1245) Microsoft Color Matching System DLL
WINSPOOL.DRV 73000000 155648 C:\WINDOWS\system32\WINSPOOL.DRV 5.1.2600.5512 (xpsp.080413-0852) Windows Spooler Driver
shlxthdl.dll 5ee60000 389120 C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll 3.01 3.01
MSVCR90.dll 78520000 667648 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\MSVCR90.dll 9.00.21022.8 Microsoft® C Runtime Library
stlport_vc7145.dll 5e470000 618496 C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\stlport_vc7145.dll 4.5.2003.0120 STLport
PDFShell.dll 10000000 372736 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 9.3.0.148 PDF Shell Extension
MSVCR80.dll 2e90000 634880 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll 8.00.50727.4053 Microsoft® C Runtime Library
igfxpph.dll 2bb0000 208896 C:\WINDOWS\system32\igfxpph.dll 6.14.10.4831 igfxpph Module
hccutils.DLL 2c70000 106496 C:\WINDOWS\system32\hccutils.DLL 6.14.10.4831 hccutils Module
dadkeyb.dll 2b70000 106496 C:\Program Files\Dell\QuickSet\dadkeyb.dll
igfxres.dll 2cc0000 172032 C:\WINDOWS\system32\igfxres.dll 6.14.10.4831 igfxres Module
igfxress.dll 3230000 3293184 C:\WINDOWS\system32\igfxress.dll 6.14.10.4831 igfxress Module
igfxsrvc.dll 2e10000 69632 C:\WINDOWS\system32\igfxsrvc.dll 6.14.10.4831 igfxsrvc Module
NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
wmvcore.dll 15110000 2473984 C:\WINDOWS\system32\wmvcore.dll 11.0.5721.5265 (WMP_11.090519-2220) Windows Media Playback/Authoring DLL
WMASF.DLL 11c70000 237568 C:\WINDOWS\system32\WMASF.DLL 11.0.5721.5238 (WMP_11.071025-0642) Windows Media ASF DLL
MPRAPI.dll 76d40000 98304 C:\WINDOWS\system32\MPRAPI.dll 5.1.2600.5512 (xpsp.080413-0852) Windows NT MP Router Administration DLL
ACTIVEDS.dll 77cc0000 204800 C:\WINDOWS\system32\ACTIVEDS.dll 5.1.2600.5512 (xpsp.080413-2113) ADs Router Layer DLL
adsldpc.dll 76e10000 151552 C:\WINDOWS\system32\adsldpc.dll 5.1.2600.5512 (xpsp.080413-2113) ADs LDAP Provider C DLL
DNSAPI.dll 76f20000 159744 C:\WINDOWS\system32\DNSAPI.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) DNS Client API DLL
DHCPCSVC.DLL 7d4b0000 139264 C:\WINDOWS\system32\DHCPCSVC.DLL 5.1.2600.5512 (xpsp.080413-0852) DHCP Client Service
DSOUND.dll 73f10000 376832 C:\WINDOWS\system32\DSOUND.dll 5.3.2600.5512 (xpsp.080413-0845) DirectSound
shdoclc.dll 71800000 557056 C:\WINDOWS\system32\shdoclc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Doc Object and Control Library
RASDLG.dll 768d0000 671744 C:\WINDOWS\system32\RASDLG.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access Common Dialog API
RASAPI32.dll 76ee0000 245760 C:\WINDOWS\system32\RASAPI32.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access API
rasman.dll 76e90000 73728 C:\WINDOWS\system32\rasman.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access Connection Manager
TAPI32.dll 76eb0000 192512 C:\WINDOWS\system32\TAPI32.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft® Windows(TM) Telephony API Client DLL
netman.dll 77d00000 208896 C:\WINDOWS\system32\netman.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Manager
WZCSvc.DLL 7db10000 573440 C:\WINDOWS\system32\WZCSvc.DLL 5.1.2600.5512 (xpsp.080413-0852) Wireless Zero Configuration Service
WMI.dll 76d30000 16384 C:\WINDOWS\system32\WMI.dll 5.1.2600.5512 (xpsp.080413-2113) WMI DC and DP functionality
EapolQec.dll 72810000 45056 C:\WINDOWS\system32\EapolQec.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPOL NAP Enforcement Client
QUtil.dll 726c0000 90112 C:\WINDOWS\system32\QUtil.dll 5.1.2600.5512 (xpsp.080413-0852) Quarantine Utilities
ESENT.dll 606b0000 1101824 C:\WINDOWS\system32\ESENT.dll 5.1.2600.5512 (xpsp.080413-2113) Server Database Storage Engine
zipfldr.dll 73380000 356352 C:\WINDOWS\system32\zipfldr.dll 6.00.2900.5512 (xpsp.080413-2105) Compressed (zipped) Folders
7-zip.dll 2d60000 81920 C:\Program Files\7-Zip\7-zip.dll 4.65 7-Zip Shell Extension
oaevent.dll d00000 954368 C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll 4.0.0.15 Online Armor Component
shmedia.dll 5cad0000 159744 C:\WINDOWS\system32\shmedia.dll 6.00.2900.5512 (xpsp.080413-2105) Media File Property Extractor Shell Extension
MSVFW32.dll 75a70000 135168 C:\WINDOWS\system32\MSVFW32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft Video for Windows DLL
AVIFIL32.dll 73b50000 94208 C:\WINDOWS\system32\AVIFIL32.dll 5.1.2600.5827 (xpsp_sp3_gdr.090610-1300) Microsoft AVI File support library
MSISIP.DLL 605f0000 28672 C:\WINDOWS\system32\MSISIP.DLL 3.1.4001.5512 MSI Signature SIP Provider
wshext.dll 7dfa0000 90112 C:\WINDOWS\system32\wshext.dll 5.7.0.18066 Microsoft (R) Shell Extension for Windows script Host



******************************************
EOF

roseytaos
Intermediate
Intermediate

Status :
Online
Offline

Posts : 120
Joined : 2009-12-12
OS : xp
Points : 27391
# Likes : 0

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by Dr Jay on Fri Jan 15, 2010 9:44 pm

Please download [You must be registered and logged in to see this link.] and save to your Desktop.
  • Double-click on it to start the program.
  • For connection speed, if you know it, go ahead and drag the slider to the speed for which you are subscribed to. (For example, if your connection speed is 1 MBPS, then set it at 1024 KB.)
  • At the bottom right of the window, click Optimal Settings, then click Apply.
  • Then, click on Exit. Please restart your computer for the changes to take effect.


==

This will help to reverse any changes that any malware has made in the past. Let me know if the problem persists.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by roseytaos on Fri Jan 15, 2010 10:12 pm

DM - Unfortunately, the problem is persisting...

roseytaos
Intermediate
Intermediate

Status :
Online
Offline

Posts : 120
Joined : 2009-12-12
OS : xp
Points : 27391
# Likes : 0

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by Dr Jay on Fri Jan 15, 2010 11:55 pm

Reset internet protocol:
[You must be registered and logged in to see this link.]

See section, Fix it for me.

Download and run the tool.

==

Restart your computer. Then, let me know if the problem persists.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by roseytaos on Sat Jan 16, 2010 12:35 am

Worked well for about 30 min then boom - kicked me off again.

roseytaos
Intermediate
Intermediate

Status :
Online
Offline

Posts : 120
Joined : 2009-12-12
OS : xp
Points : 27391
# Likes : 0

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by roseytaos on Sat Jan 16, 2010 12:40 am

I clicked "repair" to get back connected and now I'm back to being kicked off every 5 min or so...

roseytaos
Intermediate
Intermediate

Status :
Online
Offline

Posts : 120
Joined : 2009-12-12
OS : xp
Points : 27391
# Likes : 0

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by Dr Jay on Sat Jan 16, 2010 12:47 am

Must be a problem in the modem/router.

Please list all of your networking equipment in your next reply:

Modem/Router
The name of it, brand (example: wrt54g), etc.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by roseytaos on Sat Jan 16, 2010 12:53 am

I read this off the netgear wireless router: WGR614v7
My wife is also using this with her laptop and it is working fine for her.
What other info can I give you?

roseytaos
Intermediate
Intermediate

Status :
Online
Offline

Posts : 120
Joined : 2009-12-12
OS : xp
Points : 27391
# Likes : 0

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by Dr Jay on Sat Jan 16, 2010 3:10 am

Please create a Windows Restore Point!
  • Download [You must be registered and logged in to see this link.] by [You must be registered and logged in to see this link.].
  • Save the download to your Desktop. Then, double-click it and Extract all.
  • To Extract, click the Next button repeatedly. Then, it will finish.
  • Double-click the Folder, and then double-click QuickRestoreMaker.exe.
  • It will create a Windows Restore Point. Click Exit when done.


==

Please copy and paste the following in to Notepad:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"GlobalMaxTcpWindowSize"="256960"
"TcpWindowSize"="256960"
"DefaultTTL"="64"
"EnablePMTUDiscovery"="1"
"DisableTaskOffload"="0"

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPerServer"=dword:00000010
"MaxConnectionsPer1_0Server"=dword:00000010

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPerServer"=dword:00000010
"MaxConnectionsPer1_0Server"=dword:00000010

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters]
"SizReqBuf"="16384"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"MaxCmds"=dword:00000064
"MaxThreads"=dword:00000064
"MaxCollectionCount"="65535"
Then click File > Save as
File name: internetFIX.reg
Save as type: All Files
Location: Desktop

==

Once saved, Exit Notepad, and double-click on internetFIX.reg and confirm the prompts.

Then, restart your computer.

Let me know if this works or not.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by roseytaos on Sat Jan 16, 2010 3:29 am

When I tried to run the program, I got:
Application Error - failed to initialize properly (0xc0000135)
I tried this several times and always get this result! What am I doing wrong?

roseytaos
Intermediate
Intermediate

Status :
Online
Offline

Posts : 120
Joined : 2009-12-12
OS : xp
Points : 27391
# Likes : 0

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by Dr Jay on Sat Jan 16, 2010 4:34 am

This gets weirder repeatedly. You're not doing anything wrong. I just ran that program yesterday.

Go Start and then to Run,
Type in: sfc /scannow
Click OK.
Have Windows CD/DVD handy.
If System File Checker (sfc) finds any errors, it may ask you for the CD/DVD.
If sfc does not find any errors in Windows XP, it will simply quit, without any message.

If you don't have Windows CD....

Go Start and then Run
type in regedit and click OK


Navigate to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup

On the right hand side, find: SourcePath

It probably has an entry pointing to your CD-ROM drive, usually D and that is why it is asking for the XP CD.
All we need to do is change it to: C:
Now, double click the SourcePath setting and a new box will pop up.
Change the drive letter from your CD drive to your root drive, usually C:
Close Registry Editor.

Now restart your computer and try sfc /scannow again!

After the first run, reboot your computer. Do a second run. Now the scan and fix is finished.

==

Go to Start > All Programs > Accessories > System Tools > System Restore.

Follow instructions to create a Restore Point.

Then, do this:

Please copy and paste the following in to Notepad:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"GlobalMaxTcpWindowSize"="256960"
"TcpWindowSize"="256960"
"DefaultTTL"="64"
"EnablePMTUDiscovery"="1"
"DisableTaskOffload"="0"

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPerServer"=dword:00000010
"MaxConnectionsPer1_0Server"=dword:00000010

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPerServer"=dword:00000010
"MaxConnectionsPer1_0Server"=dword:00000010

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters]
"SizReqBuf"="16384"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"MaxCmds"=dword:00000064
"MaxThreads"=dword:00000064
"MaxCollectionCount"="65535"
Then click File > Save as
File name: internetFIX.reg
Save as type: All Files
Location: Desktop

==

Once saved, Exit Notepad, and double-click on internetFIX.reg and confirm the prompts.

Then, restart your computer.

Let me know if this works or not.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by roseytaos on Sat Jan 16, 2010 5:34 am

After rebooting and trying to run sfc/scan, I was still asked to insert the windows cd's - which I don't have. This same thing happened back on page 3 of this thread, at which point you had me download sytem look and do something with some mirrors.
Would you like me to do that system tools>system restore thing anyway, even if I haven't run the sfc scan?

roseytaos
Intermediate
Intermediate

Status :
Online
Offline

Posts : 120
Joined : 2009-12-12
OS : xp
Points : 27391
# Likes : 0

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by roseytaos on Sat Jan 16, 2010 5:40 am

BTW - I read the "read this" instructions with the restore maker and it says to "place the program folder in your Program Files folder and the shortcut of its exe file to your Start Menu." I didn't do that (nor would I really know how to) - I just clicked run and got the application error....

roseytaos
Intermediate
Intermediate

Status :
Online
Offline

Posts : 120
Joined : 2009-12-12
OS : xp
Points : 27391
# Likes : 0

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by Dr Jay on Sat Jan 16, 2010 6:16 am

How did the Internet Fix go?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by roseytaos on Sat Jan 16, 2010 6:34 am

Well, i confirmed that I wanted internet fix added to the registry, restarted and the same nonsense happened after about 2 min. Did you see my questions about the sfc scan and restore maker? Also - I assume it didn't really matter what I called the restore pt? (I called it Dragon Master)

roseytaos
Intermediate
Intermediate

Status :
Online
Offline

Posts : 120
Joined : 2009-12-12
OS : xp
Points : 27391
# Likes : 0

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by Dr Jay on Sat Jan 16, 2010 7:59 am

Ok. No biggie.

We have two choices now.

Either A: Reinstall of Windows
or B: have the network card tested at a computer repair shop.

If A, what type of computer do you have?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by roseytaos on Sat Jan 16, 2010 1:58 pm

Bummer. I have a Vostro 1500. Last summer I had windows reinstalled after inadvertently allowing something nasty into the works. What is a network card and how would I have it checked? There is a local guy who I guess I could go to....but that's a drag re time and $!

roseytaos
Intermediate
Intermediate

Status :
Online
Offline

Posts : 120
Joined : 2009-12-12
OS : xp
Points : 27391
# Likes : 0

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by roseytaos on Sat Jan 16, 2010 11:48 pm

And now all of a sudden it seems to be working fine. i don't want to get my hopes up too high - but i've been online for about 1/2 hr and no problems. could one of those actions have taken a few reboots to kick in?

roseytaos
Intermediate
Intermediate

Status :
Online
Offline

Posts : 120
Joined : 2009-12-12
OS : xp
Points : 27391
# Likes : 0

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by roseytaos on Mon Jan 18, 2010 2:08 pm

No problems in the last couple of days!!!

roseytaos
Intermediate
Intermediate

Status :
Online
Offline

Posts : 120
Joined : 2009-12-12
OS : xp
Points : 27391
# Likes : 0

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by roseytaos on Tue Jan 19, 2010 11:50 pm

Dragon Master - Mil Gracias! All seems to be well. You are the coolest.
R

roseytaos
Intermediate
Intermediate

Status :
Online
Offline

Posts : 120
Joined : 2009-12-12
OS : xp
Points : 27391
# Likes : 0

View user profile

Back to top Go down

Re: Internet connected - but every few minutes the server can't be found

Post by bookergr on Wed Jan 20, 2010 2:05 am

i have read through this, and got lost, what is the fix to remove those files?

java/selace.a
java/selace.b
java/cve-2008-5353.b

bookergr
Beginner
Beginner

Status :
Online
Offline

Posts : 1
Joined : 2010-01-20
OS : vista
Points : 25095
# Likes : 0

View user profile

Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum