No internet connection and slow load up/run time after maleware removal with MB

View previous topic View next topic Go down

No internet connection and slow load up/run time after maleware removal with MB

Post by Tiwin on Sun 15 Aug 2010, 1:02 am

We woke up and suddenly, after have some IE redirection pop up issues, my wifes computer had 6 new icons on the desk top with names like spyware, trojan, porntube.com, and nudetube.com. We pulled the connection, threw it into safemode and ran virus scans and malwarebytes. We found 19 infected files 2 days after getting a clean bill of health. Restarted the machine and ran it in regular mode and ran MB again this time no infections however start up is extreamly slow, the notification area shows no runnign programs other than soundmax, and she can not connect to the internet even with a working connection. I tried using wired and wireless and got a confirmed connection with the wireless. Also VMware just randomly started up. I was worried about that this meant so I have it disconnected from the net still just in case.

I loaded up Hijakthis on a USB drive and here is the resulting log file. If there is any other diagnostics I need please let me know and, as long as I can use the USB drive to get them there I'll run them.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:40:51 AM, on 8/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\OWNER~1.JAD\LOCALS~1\Temp\mcupdate_1281746678.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\system32\HPZipm12.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS.0\system32\vmnat.exe
C:\WINDOWS.0\system32\SearchIndexer.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\WINDOWS.0\system32\vmnetdhcp.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\WINDOWS.0\system32\SearchProtocolHost.exe
C:\WINDOWS.0\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Internet Explorer Plugin - {9FE088DC-C3B2-479C-A314-08F90CE5166F} - vecrits93.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [McAfee Update] C:\DOCUME~1\OWNER~1.JAD\LOCALS~1\Temp\mcupdate_1281746678.exe /syncfin C:\DOCUME~1\OWNER~1.JAD\LOCALS~1\Temp\mcupdate_1281746678.ini /insfin
O4 - HKUS\S-1-5-18\..\Run: [tlhdrlyn] C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\stfbonukh\fhljceutssd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [wgfeuigb] C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\knlcjobxx\uahuhsxtssd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [tlhdrlyn] C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\stfbonukh\fhljceutssd.exe (User 'Default user')
O4 - Global Startup: Amazon Unbox.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.0\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.0\system32\browseui.dll
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS.0\system32\HPZipm12.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS.0\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS.0\system32\vmnat.exe

--
End of file - 8636 bytes

Thanks for any assistance.

Tiwin

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2010-08-14
Operating System : Windows XP Pro

View user profile

Back to top Go down

Re: No internet connection and slow load up/run time after maleware removal with MB

Post by Belahzur on Sun 15 Aug 2010, 2:31 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O4 - HKUS\S-1-5-18\..\Run: [tlhdrlyn] C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\stfbonukh\fhljceutssd.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [wgfeuigb] C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\knlcjobxx\uahuhsxtssd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [tlhdrlyn] C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\stfbonukh\fhljceutssd.exe (User 'Default user')



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: No internet connection and slow load up/run time after maleware removal with MB

Post by Tiwin on Sun 15 Aug 2010, 3:01 am

Thanks for the prompt response. I followed your instructions and here is the resulting MBAM log. However I was not able to do an update past the previous update we had due ot lack of conectivity.

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4415

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/14/2010 10:51:39 AM
mbam-log-2010-08-14 (10-51-39).txt

Scan type: Quick scan
Objects scanned: 205888
Time elapsed: 9 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Something my just told me is that she did not have a password set up for her computer but now at startup it tells her that her password will expire in 11 days would she like to change it now. However this time when she started up this time the computer detected her Ethernet Controller as new hardware but can't find the drivers on her computer so we are getting farther.

Tiwin

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2010-08-14
Operating System : Windows XP Pro

View user profile

Back to top Go down

Re: No internet connection and slow load up/run time after maleware removal with MB

Post by Belahzur on Sun 15 Aug 2010, 7:04 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: No internet connection and slow load up/run time after maleware removal with MB

Post by Tiwin on Sun 15 Aug 2010, 10:58 am

OTL logfile created on: 8/14/2010 6:26:37 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 37.89 Gb Free Space | 16.27% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 954.05 Mb Total Space | 939.23 Mb Free Space | 98.45% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JADEFORLORN
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/14 18:19:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\OTL.com
PRC - [2010/06/16 21:24:02 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/03/04 13:00:56 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2010/02/11 13:36:12 | 000,562,928 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Owner.JADEFORLORN\Local Settings\Temp\mcupdate_1281746678.exe
PRC - [2009/10/22 04:44:24 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\WINDOWS.0\system32\vmnat.exe
PRC - [2009/10/22 04:44:08 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\WINDOWS.0\system32\vmnetdhcp.exe
PRC - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\explorer.exe
PRC - [2006/12/18 21:34:00 | 000,868,352 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/07/13 07:12:26 | 000,729,088 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
PRC - [2005/03/14 13:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS.0\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/08/14 18:19:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\OTL.com
MOD - [2010/08/13 01:06:08 | 000,047,616 | -H-- | M] () -- C:\WINDOWS.0\system32\autos-sd.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/04 13:00:56 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2009/10/22 04:44:24 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS.0\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 04:44:18 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 04:44:08 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS.0\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2005/03/14 13:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS.0\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/08/13 14:15:37 | 000,361,600 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS.0\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2009/10/22 04:45:06 | 000,032,688 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/10/22 04:45:02 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/10/22 04:45:00 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\vmci.sys -- (vmci)
DRV - [2009/10/22 04:45:00 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/10/22 04:44:58 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/10/22 03:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/10/22 00:13:32 | 000,016,560 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/10/12 14:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/05/16 03:58:46 | 004,069,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/16 09:09:00 | 000,293,888 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/12/18 11:30:08 | 000,556,832 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\aw5006.sys -- (AR2425)
DRV - [2006/03/17 17:18:00 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\senfilt.sys -- (SenFiltService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2009/07/13 13:23:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/17 10:03:02 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2009/06/17 10:03:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com

O1 HOSTS File: ([2010/07/22 21:26:29 | 000,414,972 | R--- | M]) - C:\WINDOWS.0\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14331 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Internet Explorer Plugin) - {9FE088DC-C3B2-479C-A314-08F90CE5166F} - File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [McAfee Update] C:\Documents and Settings\Owner.JADEFORLORN\Local Settings\Temp\mcupdate_1281746678.exe (McAfee, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Amazon Unbox.lnk = C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} [You must be registered and logged in to see this link.] (asusTek_sysctrl Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [You must be registered and logged in to see this link.] (DLM Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} [You must be registered and logged in to see this link.] (DDRevision Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.0\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS.0\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (qopmmk.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/08 07:18:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dmrereg - (C:\WINDOWS.0\system32\autos-sd.dll) - C:\WINDOWS.0\system32\autos-sd.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/14 08:39:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/13 20:05:03 | 000,000,000 | -HSD | C] -- C:\WINDOWS.0\CSC
[2010/08/08 22:56:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.JADEFORLORN\Recent
[2010/08/07 12:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.JADEFORLORN\My Documents\Electronic Arts
[2010/08/07 12:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.JADEFORLORN\Application Data\Electronic Arts
[2010/08/07 11:22:34 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010/08/06 13:15:43 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/08/06 10:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.JADEFORLORN\My Documents\Dresden Files
[2010/08/03 15:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.JADEFORLORN\Local Settings\Application Data\jZip
[2010/08/03 15:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\jZip
[2010/07/27 21:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.JADEFORLORN\Application Data\Malwarebytes
[2010/07/27 21:40:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS.0\System32\drivers\mbamswissarmy.sys
[2010/07/27 21:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes
[2010/07/27 21:40:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS.0\System32\drivers\mbam.sys
[2010/07/27 21:39:38 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.JADEFORLORN\Desktop\domi.exe
[2010/07/27 21:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[4 C:\WINDOWS.0\*.tmp files -> C:\WINDOWS.0\*.tmp -> ]
[3 C:\WINDOWS.0\System32\*.tmp files -> C:\WINDOWS.0\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/14 18:18:27 | 000,000,426 | -H-- | M] () -- C:\WINDOWS.0\tasks\User_Feed_Synchronization-{23A8C4CB-31E3-4E3D-8278-82E63D55F10A}.job
[2010/08/14 17:31:15 | 000,001,002 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1078081533-839522115-1003UA.job
[2010/08/14 17:29:05 | 000,000,884 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/14 10:57:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS.0\System32\wpa.dbl
[2010/08/14 10:55:52 | 000,000,880 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/14 10:54:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS.0\tasks\SA.DAT
[2010/08/14 10:54:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS.0\bootstat.dat
[2010/08/14 10:53:28 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Owner.JADEFORLORN\NTUSER.DAT
[2010/08/14 10:53:28 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner.JADEFORLORN\ntuser.ini
[2010/08/14 10:40:08 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\Owner.JADEFORLORN\Desktop\HiJackThis.lnk
[2010/08/13 23:36:06 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Owner.JADEFORLORN\Desktop\bob.msi
[2010/08/13 20:03:58 | 005,371,074 | -H-- | M] () -- C:\Documents and Settings\Owner.JADEFORLORN\Local Settings\Application Data\IconCache.db
[2010/08/13 19:58:35 | 000,558,818 | ---- | M] () -- C:\WINDOWS.0\System32\PerfStringBackup.INI
[2010/08/13 19:58:35 | 000,467,316 | ---- | M] () -- C:\WINDOWS.0\System32\perfh009.dat
[2010/08/13 19:58:35 | 000,080,110 | ---- | M] () -- C:\WINDOWS.0\System32\perfc009.dat
[2010/08/13 19:44:44 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\NTUSER.DAT
[2010/08/13 14:15:37 | 000,361,600 | ---- | M] () -- C:\WINDOWS.0\System32\drivers\tcpip.sys
[2010/08/13 01:56:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS.0\System32\d3d9caps.dat
[2010/08/13 01:06:08 | 000,047,616 | -H-- | M] () -- C:\WINDOWS.0\System32\autos-sd.dll
[2010/08/12 08:31:02 | 000,000,950 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1078081533-839522115-1003Core.job
[2010/08/10 23:31:36 | 000,002,374 | ---- | M] () -- C:\Documents and Settings\Owner.JADEFORLORN\Desktop\Google Chrome.lnk
[2010/08/10 23:31:36 | 000,002,352 | ---- | M] () -- C:\Documents and Settings\Owner.JADEFORLORN\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/09 20:36:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS.0\tasks\AppleSoftwareUpdate.job
[2010/08/07 11:22:34 | 000,000,910 | ---- | M] () -- C:\Documents and Settings\Owner.JADEFORLORN\Desktop\Dark Age of Camelot.lnk
[2010/08/05 17:37:08 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Owner.JADEFORLORN\Desktop\CCleaner.lnk
[2010/07/29 11:04:11 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/28 13:11:16 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Owner.JADEFORLORN\My Documents\Dark Tutelage fling.doc
[2010/07/27 21:39:42 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.JADEFORLORN\Desktop\domi.exe
[2010/07/26 16:20:28 | 000,042,980 | ---- | M] () -- C:\WINDOWS.0\System32\oiffl
[2010/07/26 16:20:27 | 000,105,472 | ---- | M] () -- C:\WINDOWS.0\System32\klgd.bmp
[2010/07/22 21:26:29 | 000,414,972 | R--- | M] () -- C:\WINDOWS.0\System32\drivers\etc\hosts
[2010/07/21 22:36:19 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Owner.JADEFORLORN\My Documents\Articaft deck skeleton.doc
[2010/07/21 09:16:38 | 000,011,976 | ---- | M] () -- C:\Documents and Settings\Owner.JADEFORLORN\My Documents\76uy kityi.docx
[2010/07/21 01:08:12 | 000,000,552 | ---- | M] () -- C:\WINDOWS.0\System32\d3d8caps.dat
[4 C:\WINDOWS.0\*.tmp files -> C:\WINDOWS.0\*.tmp -> ]
[3 C:\WINDOWS.0\System32\*.tmp files -> C:\WINDOWS.0\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/14 08:39:55 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\Owner.JADEFORLORN\Desktop\HiJackThis.lnk
[2010/08/14 08:36:10 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Owner.JADEFORLORN\Desktop\bob.msi
[2010/08/13 19:51:05 | 000,007,986 | ---- | C] () -- C:\Documents and Settings\Owner.JADEFORLORN\reset.log
[2010/08/13 19:44:44 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\NTUSER.DAT
[2010/08/13 19:44:44 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\NTUSER.DAT.LOG
[2010/08/13 01:06:08 | 000,047,616 | -H-- | C] () -- C:\WINDOWS.0\System32\autos-sd.dll
[2010/08/07 11:22:34 | 000,000,910 | ---- | C] () -- C:\Documents and Settings\Owner.JADEFORLORN\Desktop\Dark Age of Camelot.lnk
[2010/07/28 13:11:16 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Owner.JADEFORLORN\My Documents\Dark Tutelage fling.doc
[2010/07/27 21:40:43 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/26 16:20:28 | 000,042,980 | ---- | C] () -- C:\WINDOWS.0\System32\oiffl
[2010/07/26 16:20:27 | 000,105,472 | ---- | C] () -- C:\WINDOWS.0\System32\klgd.bmp
[2010/07/21 22:36:19 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Owner.JADEFORLORN\My Documents\Articaft deck skeleton.doc
[2010/07/21 09:16:36 | 000,011,976 | ---- | C] () -- C:\Documents and Settings\Owner.JADEFORLORN\My Documents\76uy kityi.docx
[2010/07/21 01:08:12 | 000,000,552 | ---- | C] () -- C:\WINDOWS.0\System32\d3d8caps.dat
[2010/07/20 17:15:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS.0\System32\d3d9caps.dat
[2009/08/30 13:54:40 | 000,000,754 | ---- | C] () -- C:\WINDOWS.0\WORDPAD.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS.0\System32\OGACheckControl.dll
[2008/02/13 12:24:52 | 000,077,824 | ---- | C] () -- C:\WINDOWS.0\System32\hpzids01.dll
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS.0\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS.0\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS.0\System32\gthrctr.ini
[2004/08/03 20:07:00 | 000,361,600 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\tcpip.sys
[2001/07/06 17:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS.0\System32\hptcpmon.ini
< End of report >

Tiwin

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2010-08-14
Operating System : Windows XP Pro

View user profile

Back to top Go down

Re: No internet connection and slow load up/run time after maleware removal with MB

Post by Tiwin on Sun 15 Aug 2010, 10:59 am

OTL Extras logfile created on: 8/14/2010 6:26:37 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 37.89 Gb Free Space | 16.27% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 954.05 Mb Total Space | 939.23 Mb Free Space | 98.45% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JADEFORLORN
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"56885:TCP" = 56885:TCP:*:Enabled:Pando Media Booster
"56885:UDP" = 56885:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\VMware\VMware Player\vmware-authd.exe" = C:\Program Files\VMware\VMware Player\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
"C:\Program Files\SquareEnix\FINAL FANTASY XIV Beta Version\ffxivboot.exe" = C:\Program Files\SquareEnix\FINAL FANTASY XIV Beta Version\ffxivboot.exe:*:Enabled:FINAL FANTASY XIV Beta Version BOOT -- (SQUARE ENIX CO., LTD.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{295941F1-484E-4C23-B43C-7EFDC3E6DF43}" = ASUS WiFi-AP Solo
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{71D9B000-CD43-4DE9-9729-49434415B8F7}" = F300Trb
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}" = FINAL FANTASY XIV Beta Version
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4552E28-AF1D-4C3E-9991-8112F40265F4}" = Adventure Tools
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online III
"{B0C60A57-0353-498B-BDF0-AE83BFE3B4B9}_is1" = championBuilder v0.4.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFE9EB66-DFD8-40B4-BC9C-F0CCEEBE8FE3}" = ASUS WiFi-AP Solo
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"Champions Online" = Champions Online
"COH" = City of Villains/City of Heroes (remove only)
"Dark Age of Camelot" = Dark Age of Camelot
"Defraggler" = Defraggler
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"HPExtendedCapabilities" = HP Extended Capabilities 6.1
"ie8" = Windows Internet Explorer 8
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"jZip" = jZip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROPLUS" = Microsoft Office Professional Plus 2007
"VMware_Player" = VMware Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"RPTools MapTool" = RPTools MapTool

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/14/2010 8:36:23 AM | Computer Name = JADEFORLORN | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/14/2010 9:05:18 AM | Computer Name = JADEFORLORN | Source = vmauthd | ID = 100
Description = Call to listen failed with error 10013.

Error - 7/14/2010 9:05:18 AM | Computer Name = JADEFORLORN | Source = vmauthd | ID = 100
Description = Call to listen failed with error 10013.

Error - 7/14/2010 9:05:18 AM | Computer Name = JADEFORLORN | Source = vmauthd | ID = 100
Description = Call to listen failed with error 10013.

Error - 7/14/2010 9:05:18 AM | Computer Name = JADEFORLORN | Source = vmauthd | ID = 100
Description = Call to listen failed with error 10013.

Error - 7/14/2010 9:05:18 AM | Computer Name = JADEFORLORN | Source = vmauthd | ID = 100
Description = Call to listen failed with error 10013.

Error - 7/14/2010 9:05:18 AM | Computer Name = JADEFORLORN | Source = vmauthd | ID = 100
Description = Failed to create event for listen socket: An attempt was made to access
a socket in a way forbidden by its access permissions (10013)

Error - 7/14/2010 10:35:55 AM | Computer Name = JADEFORLORN | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/20/2010 9:47:52 AM | Computer Name = JADEFORLORN | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/20/2010 9:47:52 AM | Computer Name = JADEFORLORN | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ ODiag Events ]
Error - 8/6/2010 2:16:01 PM | Computer Name = JADEFORLORN | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kd0. Error code: 800706BA

[ OSession Events ]
Error - 2/11/2010 4:49:42 PM | Computer Name = JADEFORLORN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6501.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 45
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/13/2010 9:12:29 PM | Computer Name = JADEFORLORN | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%2001

Error - 8/13/2010 9:12:29 PM | Computer Name = JADEFORLORN | Source = Service Control Manager | ID = 7000
Description = The TCP/IP Protocol Driver service failed to start due to the following
error: %%2001

Error - 8/13/2010 9:12:29 PM | Computer Name = JADEFORLORN | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%2001

Error - 8/13/2010 9:56:47 PM | Computer Name = JADEFORLORN | Source = Service Control Manager | ID = 7000
Description = The TCP/IP Protocol Driver service failed to start due to the following
error: %%2001

Error - 8/13/2010 9:56:47 PM | Computer Name = JADEFORLORN | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%2001

Error - 8/13/2010 10:09:42 PM | Computer Name = JADEFORLORN | Source = Service Control Manager | ID = 7000
Description = The TCP/IP Protocol Driver service failed to start due to the following
error: %%2001

Error - 8/13/2010 10:09:42 PM | Computer Name = JADEFORLORN | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%2001

Error - 8/13/2010 10:10:24 PM | Computer Name = JADEFORLORN | Source = Service Control Manager | ID = 7000
Description = The TCP/IP Protocol Driver service failed to start due to the following
error: %%2001

Error - 8/14/2010 9:34:52 AM | Computer Name = JADEFORLORN | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 8/14/2010 10:24:35 AM | Computer Name = JADEFORLORN | Source = Service Control Manager | ID = 7000
Description = The TCP/IP Protocol Driver service failed to start due to the following
error: %%2001


< End of report >

Tiwin

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2010-08-14
Operating System : Windows XP Pro

View user profile

Back to top Go down

Re: No internet connection and slow load up/run time after maleware removal with MB

Post by Belahzur on Sun 15 Aug 2010, 11:38 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O36 - AppCertDlls: dmrereg - (C:\WINDOWS.0\system32\autos-sd.dll) - C:\WINDOWS.0\system32\autos-sd.dll ()
    [2010/08/13 01:06:08 | 000,047,616 | -H-- | C] () -- C:\WINDOWS.0\System32\autos-sd.dll



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: No internet connection and slow load up/run time after maleware removal with MB

Post by Tiwin on Sun 15 Aug 2010, 12:12 pm

The latest log info:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\dmrereg:C:\WINDOWS.0\system32\autos-sd.dll deleted successfully.
C:\WINDOWS.0\system32\autos-sd.dll moved successfully.
C:\WINDOWS.0\system32\autos-sd.dll moved successfully.

OTL by OldTimer - Version 3.2.9.0 log created on 08142010_201104

Tiwin

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2010-08-14
Operating System : Windows XP Pro

View user profile

Back to top Go down

Re: No internet connection and slow load up/run time after maleware removal with MB

Post by Tiwin on Mon 16 Aug 2010, 12:30 am

Unfortunately I still have no internet connectivity. In the hardware profiles it says that some unknown Ethernet controller has no drivers, but then it also says that my actual Ethernet controller, a Marvell Yukon, is working perfectly fine and has fully updated drivers.

Tiwin

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2010-08-14
Operating System : Windows XP Pro

View user profile

Back to top Go down

Re: No internet connection and slow load up/run time after maleware removal with MB

Post by Belahzur on Mon 16 Aug 2010, 11:47 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: No internet connection and slow load up/run time after maleware removal with MB

Post by Sponsored content Today at 4:36 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum