win32.ramnit.H and .C

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

win32.ramnit.H and .C

Post by sweetdebora_17 on Fri 19 Nov 2010, 8:04 am

Hi,

I am new to your site but so far have been very impressed, congratulations for the work you perform.

If possible i would like your assistance, its driving me crazy at the moment and I really dont want to lose my data neither my pc!

I Have recently removed Thinkpoint and used malwarebytes successfully however now i seem to have another virus win32.ramnit.h and also .C! I am no longer able to open internet explorer neither see my virgin media centre protection.

I have below the log for Extras.TXT and OTL.TXT as recommended on your new menbers guide.
Thank you

OTL Extras logfile created on: 18/11/2010 20:29:05 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 257.00 Mb Available Physical Memory | 25.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.07 Gb Total Space | 114.39 Gb Free Space | 80.52% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 3.04 Gb Free Space | 43.65% Space Free | Partition Type: FAT32

Computer Name: YOUR-447023AE6B | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IEPro\MiniDM.exe" = C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM -- (IE7Pro.com)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Virgin Media\HUB\ServicepointService.exe" = C:\Program Files\Virgin Media\HUB\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0EB60281-1F3E-4B01-96C4-AC1C1D1B4D2B}" = PC Camera (6025 VGA)
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C44F68-5CC1-4EF2-AC9F-744166861406}" = O2 Connection Manager
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5AD839E7-BFA7-4796-B2CA-B1D824ECCDF7}" = Virgin Media Security
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6D482078-8D15-4FD3-B838-C7B49174650F}" = Opera 10.61
"{714048C6-7703-4059-A8EC-17B31AAB73A2}" = RPS RpsCore
"{7673108D-9DED-4454-9712-FB2771D94446}" = RPS PerfectDiskStub
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527450C-64B3-11D5-9B31-000021116B62}" = SmartCamera Ver 2.1
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4B9033B-D183-4A6C-9BCB-6BC8F80B939D}" = RPS CRT
"{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"IE7Pro" = IE7Pro
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Professional 2010
"Picasa 3" = Picasa 3
"Playsushi" = Playsushi
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RadialpointClientGateway_is1" = Virgin Media HUB 3.5.12
"RealPlayer 6.0" = RealPlayer
"Veetle TV" = Veetle TV 0.9.18
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZTE USB Driver" = ZTE USB Driver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/11/2010 18:18:06 | Computer Name = YOUR-447023AE6B | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 16/11/2010 18:18:06 | Computer Name = YOUR-447023AE6B | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 17/11/2010 11:30:34 | Computer Name = YOUR-447023AE6B | Source = nview_info | ID = 11141121
Description =

Error - 17/11/2010 11:45:21 | Computer Name = YOUR-447023AE6B | Source = ESENT | ID = 490
Description = svchost (1216) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 17/11/2010 11:45:21 | Computer Name = YOUR-447023AE6B | Source = ESENT | ID = 439
Description = Catalog Database (1216) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb. Error
-1032.

Error - 17/11/2010 11:45:21 | Computer Name = YOUR-447023AE6B | Source = ESENT | ID = 473
Description = Catalog Database (1216) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
was partially detached. Error -1032 encountered updating database headers.

Error - 17/11/2010 11:46:08 | Computer Name = YOUR-447023AE6B | Source = nview_info | ID = 11141121
Description =

Error - 17/11/2010 11:53:36 | Computer Name = YOUR-447023AE6B | Source = nview_info | ID = 11141121
Description =

Error - 17/11/2010 11:54:46 | Computer Name = YOUR-447023AE6B | Source = nview_info | ID = 11141121
Description =

Error - 18/11/2010 12:46:24 | Computer Name = YOUR-447023AE6B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 18/11/2010 14:30:07 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 18/11/2010 14:30:07 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 18/11/2010 14:30:07 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 18/11/2010 14:30:07 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 18/11/2010 14:30:07 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 18/11/2010 14:30:07 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 18/11/2010 14:30:07 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 18/11/2010 14:30:08 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 18/11/2010 14:30:08 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 18/11/2010 14:30:08 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >


hope it helps. thanks Debora

sweetdebora_17

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2010-11-19
Operating System : windows xp

View user profile

Back to top Go down

part 2...

Post by sweetdebora_17 on Fri 19 Nov 2010, 8:07 am

the second log OTL.TXT...
OTL logfile created on: 18/11/2010 20:29:05 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 257.00 Mb Available Physical Memory | 25.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.07 Gb Total Space | 114.39 Gb Free Space | 80.52% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 3.04 Gb Free Space | 43.65% Space Free | Partition Type: FAT32

Computer Name: YOUR-447023AE6B | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/18 20:27:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OTL(2).com
PRC - [2010/10/29 15:00:00 | 000,612,168 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2010/10/27 06:13:43 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/27 06:13:43 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/01/04 11:49:50 | 002,998,272 | ---- | M] (O2) -- C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe
PRC - [2010/01/04 11:17:30 | 000,377,576 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Security\RPS.exe
PRC - [2010/01/04 11:17:30 | 000,165,408 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe
PRC - [2010/01/04 11:16:30 | 000,371,920 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Security\Fws.exe
PRC - [2009/12/14 10:26:02 | 000,668,912 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\HUB\ServicepointService.exe
PRC - [2009/12/14 10:25:56 | 004,277,488 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe
PRC - [2009/12/14 10:25:56 | 000,468,208 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\HUB\VirginMediaHUBComHandler.exe
PRC - [2009/11/02 14:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe
PRC - [2009/01/14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/16 22:50:38 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/08/12 17:21:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\vsnpt513.exe


========== Modules (SafeList) ==========

MOD - [2010/11/18 20:27:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OTL(2).com
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/08/02 15:30:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2005/08/02 15:30:00 | 000,286,720 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwrseng.dll
MOD - [2005/08/02 15:30:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/28 06:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/01/04 11:17:30 | 000,165,408 | ---- | M] (Virgin Media) [Auto | Running] -- C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
SRV - [2010/01/04 11:16:30 | 000,371,920 | ---- | M] (Virgin Media) [Auto | Running] -- C:\Program Files\Virgin Media\Security\Fws.exe -- (RP_FWS)
SRV - [2009/12/14 10:26:02 | 000,668,912 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\HUB\ServicepointService.exe -- (ServicepointService)
SRV - [2009/11/02 14:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (RadialpointIDSAgent)
SRV - [2009/10/23 13:25:54 | 000,311,296 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Virgin Media\Security\BitDefender\scan.dll -- (scan)
SRV - [2009/06/08 11:07:50 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV - [2009/06/08 11:07:48 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV - [2009/01/14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


========== Driver Services (SafeList) ==========

DRV - [2010/10/13 12:43:18 | 000,053,192 | ---- | M] (Radialpoint Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - [2010/04/28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/11/26 09:50:32 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys -- (Trufos)
DRV - [2009/11/26 09:50:32 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\BitDefender\profos.sys -- (Profos)
DRV - [2009/11/02 14:27:02 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys -- (RadialpointIDSDriver)
DRV - [2009/11/02 14:27:02 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys -- (RadialpointIDSFilter)
DRV - [2009/11/02 14:27:02 | 000,025,736 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys -- (RadialpointIDSShim)
DRV - [2009/11/02 14:27:02 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (RadialpointIDSEH)
DRV - [2009/10/23 13:25:54 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/08/25 14:54:32 | 000,033,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TsWlan.sys -- (TSWLAN)
DRV - [2009/07/21 13:02:20 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/07/21 13:02:20 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/07/21 13:02:20 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/07/21 08:15:42 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009/06/08 09:00:56 | 000,071,696 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2009/04/27 13:00:54 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2005/08/02 15:30:00 | 003,199,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/07/04 07:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/30 20:16:26 | 001,094,848 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/04/20 18:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/03/09 21:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/04 18:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/04 04:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/09/05 17:37:16 | 000,183,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpt513.sys -- (SNPT513) PC Camera (6025 VGA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://uk.ask.com?o=15119&l=dis"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/18 19:15:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/18 19:52:27 | 000,000,000 | ---D | M]

[2010/08/23 23:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2010/08/23 15:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/11/18 20:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6a80imoh.default\extensions
[2010/11/18 19:16:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6a80imoh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/28 13:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6a80imoh.default\extensions\textlinks@playsushi.com
[2010/09/04 20:20:30 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6a80imoh.default\searchplugins\askcom.xml
[2010/11/18 19:29:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/18 19:29:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/18 19:29:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/27 05:24:34 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/27 05:24:34 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/27 05:24:34 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/10/27 05:24:34 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 18:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\IEPro\IEProRecorder.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\IEPro\IEProRecorder.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [O2Start] C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe (O2)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SNPT513] C:\WINDOWS\vsnpt513.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VirginMediaHUB.exe] C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe (Virgin Media)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll File not found
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll File not found
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/09 20:20:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - D:\autorun.inf.vir -- [ FAT32 ]
O33 - MountPoints2\{104a63f8-c660-11df-ae66-0013d38f4ece}\Shell - "" = AutoRun
O33 - MountPoints2\{104a63f8-c660-11df-ae66-0013d38f4ece}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{104a63f8-c660-11df-ae66-0013d38f4ece}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: Radialpoint Security Services - C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe (Virgin Media)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: Radialpoint Security Services - C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe (Virgin Media)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/18 19:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/18 19:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/11/18 19:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/11/18 19:29:52 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/18 19:29:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/18 19:29:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/18 19:29:52 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/18 19:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
[2010/11/18 18:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/18 18:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/18 18:55:50 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/18 01:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
[2010/11/18 01:00:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/18 01:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/18 01:00:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/18 01:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/17 16:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\windows
[2010/11/13 17:49:06 | 000,917,504 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX
[2010/11/13 17:49:05 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2010/11/04 14:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\physio docs
[2010/11/01 16:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2010/10/21 15:25:17 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2010/10/21 13:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/21 13:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/21 13:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/08 20:20:09 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpt513.dll
[42 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[28 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/18 20:21:49 | 000,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/11/18 20:21:42 | 000,000,185 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/11/18 19:55:17 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/18 19:55:13 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/18 19:55:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/18 19:52:27 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2010/11/18 19:43:19 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/11/18 19:43:19 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/11/18 19:29:36 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/18 19:29:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/18 19:29:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/18 19:29:36 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/18 19:29:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/18 19:15:18 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/18 19:15:18 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/18 18:47:35 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/18 17:35:46 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/18 16:46:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/18 15:54:10 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/18 01:33:24 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\dmlconf.dat
[2010/11/18 01:00:50 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/17 21:41:12 | 000,000,012 | ---- | M] () -- C:\WINDOWS\System32\complete.dat
[2010/11/17 16:02:07 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/16 22:07:19 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/16 21:14:41 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/16 21:14:41 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/16 17:27:09 | 000,015,016 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Application_Form.pdf
[2010/11/16 14:32:09 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/16 14:32:09 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/15 13:05:24 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/15 13:05:24 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/13 18:12:46 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\start
[2010/11/13 17:49:06 | 000,917,504 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX
[2010/11/13 17:45:35 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\completescan
[2010/11/13 17:39:59 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\install
[2010/11/13 17:38:03 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/13 17:37:52 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/13 17:37:52 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/13 17:37:52 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/13 17:37:52 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/13 17:37:52 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/13 17:37:51 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/13 17:37:51 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/13 17:37:50 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/13 17:37:50 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/13 17:37:50 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/13 17:37:50 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/10 17:02:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/09 18:16:15 | 000,104,448 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Project FIT Application form Graduates.doc
[2010/11/09 18:08:46 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Debora Freitas CV.doc
[2010/11/09 15:51:28 | 000,020,372 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Debora Freitas CV.doc.docx
[2010/11/04 19:00:10 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Debora J C Freitas TKmaxx.doc
[2010/11/03 16:46:19 | 000,031,130 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Parent_School_Calendar_2010-111.pdf
[2010/11/02 18:29:09 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\jagex_runescape_preferences.dat
[2010/11/02 18:29:06 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\jagex_runescape_preferences2.dat
[2010/10/31 14:36:05 | 000,446,790 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/31 14:36:05 | 000,073,694 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/30 19:27:30 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VideoMonitor.lnk
[2010/10/29 14:29:43 | 000,016,477 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\payment overseas.docx
[2010/10/23 14:07:49 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2010/10/21 19:57:16 | 000,062,704 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/21 13:38:19 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/21 13:19:03 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[42 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[28 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========


sweetdebora_17

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2010-11-19
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.ramnit.H and .C

Post by sweetdebora_17 on Fri 19 Nov 2010, 8:08 am

[2010/11/18 19:52:27 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2010/11/18 19:43:19 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/11/18 19:43:19 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/11/18 17:35:41 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/18 01:00:50 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/17 16:37:45 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\complete.dat
[2010/11/17 16:37:38 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\dmlconf.dat
[2010/11/17 16:37:37 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\abpzlw.dat
[2010/11/16 17:27:09 | 000,015,016 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Application_Form.pdf
[2010/11/13 17:47:27 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\start
[2010/11/13 17:45:35 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\completescan
[2010/11/13 17:39:59 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\install
[2010/11/13 17:38:10 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/11/13 17:38:03 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/11/13 17:38:00 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/11/13 17:37:56 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/11/13 17:37:54 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/11/13 17:37:52 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/11/13 17:37:52 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/11/13 17:37:52 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/11/13 17:37:52 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/11/13 17:37:52 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/11/13 17:37:52 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/11/13 17:37:51 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/11/13 17:37:51 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/11/13 17:37:51 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/11/13 17:37:51 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/11/13 17:37:51 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/11/13 17:37:49 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/11/13 17:37:49 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/11/13 17:37:49 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/11/13 17:37:49 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/11/13 17:37:49 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/11/13 17:37:49 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/11/13 17:37:49 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/11/13 17:37:48 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/11/09 18:08:28 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Debora Freitas CV.doc
[2010/11/09 16:21:10 | 000,104,448 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Project FIT Application form Graduates.doc
[2010/11/04 19:00:10 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Debora J C Freitas TKmaxx.doc
[2010/11/03 16:46:19 | 000,031,130 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Parent_School_Calendar_2010-111.pdf
[2010/11/02 17:47:22 | 000,020,372 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Debora Freitas CV.doc.docx
[2010/10/29 14:29:43 | 000,016,477 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\payment overseas.docx
[2010/10/23 14:07:47 | 000,000,330 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2010/10/21 13:38:19 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/21 13:19:02 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/13 19:29:48 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/10/08 20:20:09 | 000,183,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpt513.sys
[2010/10/08 20:20:09 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dsnpt513.dll
[2010/10/08 20:20:09 | 000,015,621 | ---- | C] () -- C:\WINDOWS\snpt513.ini
[2010/10/08 20:20:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\vsnpt513.dll
[2010/08/24 13:02:48 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/21 12:20:08 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen_x86.sys
[2009/08/25 14:54:32 | 000,033,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\TsWlan.sys
[2005/09/16 23:18:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/16 22:59:07 | 000,015,783 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/09/16 22:59:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/09/16 22:53:08 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/09/16 22:53:08 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/09/16 22:53:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/09/16 22:53:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/09/16 22:53:08 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/09/16 22:53:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/09/16 22:51:39 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/09/16 22:47:50 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/09/16 22:44:08 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/09/16 22:44:08 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/09/16 22:44:08 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/09/16 22:44:08 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/09/16 22:35:10 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/09/16 22:31:45 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/09/16 22:31:45 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/09/16 22:31:26 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/07/07 20:07:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/09 22:52:32 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2004/11/09 20:19:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/06/25 02:10:06 | 000,000,573 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/11/09 20:19:36 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 10:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/16 23:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/10/13 19:30:28 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/08/23 13:07:25 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/11/09 20:23:22 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2003/01/17 16:35:58 | 000,013,023 | ---- | M] () -- C:\WINDOWS\snpt513.src
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >
[2 C:\Program Files\Internet Explorer\*.tmp files -> C:\Program Files\Internet Explorer\*.tmp -> ]

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 12:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/10/27 06:13:43 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2010/10/27 06:13:43 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2010/10/27 06:13:43 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2010/10/27 06:13:43 | 000,245,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/23 13:07:24 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[42 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[42 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/10/23 13:25:54 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfsfltr.sys

< %systemroot%\System32\config\*.sav >
[2004/11/09 20:10:20 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/11/09 20:10:20 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/11/09 20:10:20 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 12:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2005/09/16 22:59:07 | 000,015,783 | ---- | M] () -- C:\WINDOWS\system32\CHODDI.SYS
[2004/08/04 12:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 12:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 12:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 12:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 12:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 12:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 12:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 12:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 12:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 12:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 12:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 12:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 12:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 12:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 18:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/08/31 13:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[42 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/14 00:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/14 00:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/14 00:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/14 00:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/14 00:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/14 00:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/14 00:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/14 00:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/14 00:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/14 00:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/14 00:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/14 00:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/14 00:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/14 00:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/14 00:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %SYSTEMDRIVE%\*.* >
[2005/09/16 23:03:57 | 000,000,104 | ---- | M] () -- C:\.lnk
[2004/11/09 20:20:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/23 13:04:54 | 000,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2010/08/23 15:29:33 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2004/08/04 12:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2004/11/09 20:20:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/18 19:55:13 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2004/11/09 20:20:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/11/18 19:47:02 | 000,000,608 | ---- | M] () -- C:\JavaRa.log
[2004/11/09 20:20:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/10/13 18:48:14 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/18 19:55:11 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2010/11/18 19:52:07 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/09/07 18:45:04 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/09/07 18:44:41 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/11/18 19:52:07 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/11/23 22:07:24 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/11/17 17:37:07 | 000,000,000 | ---D | M] -- C:\Program Files\Easy Internet signup
[2010/11/17 17:37:18 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2005/09/16 22:52:51 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2005/09/16 22:52:51 | 000,000,000 | ---D | M] -- C:\Program Files\Hp
[2010/11/18 00:04:27 | 000,000,000 | ---D | M] -- C:\Program Files\IEPro
[2010/11/17 17:39:11 | 000,000,000 | ---D | M] -- C:\Program Files\ieSpell
[2010/10/13 12:40:43 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/11/18 00:58:35 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2005/09/16 22:53:04 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2010/10/21 13:35:42 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/10/21 13:38:15 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/11/18 19:45:22 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/11/18 15:59:58 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2010/11/18 01:00:57 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/17 17:48:00 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/11/18 01:34:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/10/13 20:28:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services
[2010/10/10 17:30:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2004/11/23 23:04:32 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/10/13 20:34:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/10/11 15:03:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/10/08 18:23:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/10/08 18:24:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2010/11/17 17:59:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/10/13 20:34:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/10/08 20:18:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mingjong
[2010/11/18 01:00:33 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/11/18 19:15:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/10/11 15:09:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2004/11/23 23:04:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/11/23 23:04:48 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/08/23 16:11:21 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/10/11 15:06:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2010/11/17 18:00:46 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/09/17 16:04:44 | 000,000,000 | ---D | M] -- C:\Program Files\O2CM-CE
[2005/09/16 23:04:23 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/11/17 18:02:32 | 000,000,000 | ---D | M] -- C:\Program Files\Opera
[2010/11/18 01:00:58 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/11/17 18:04:17 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor 5 for Windows
[2005/09/16 23:01:59 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for DOS
[2010/11/18 19:55:27 | 000,000,000 | ---D | M] -- C:\Program Files\PlaySushi
[2010/11/17 18:05:53 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/10/13 12:42:49 | 000,000,000 | ---D | M] -- C:\Program Files\Raxco
[2005/09/16 22:50:38 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/10/11 15:09:12 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2005/09/16 22:52:06 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2010/10/14 13:36:36 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2004/11/23 22:07:30 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2010/11/01 16:51:41 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle
[2010/10/13 12:42:19 | 000,000,000 | ---D | M] -- C:\Program Files\Virgin Media
[2010/11/17 21:41:16 | 000,000,000 | ---D | M] -- C:\Program Files\windows
[2010/10/08 18:28:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/10/08 18:21:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/10/08 19:33:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2010/11/17 18:16:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/11/18 01:02:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/10/13 18:57:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/11/23 22:07:32 | 000,000,000 | ---D | M] -- C:\Program Files\WindowsUpdate
[2010/11/18 19:43:01 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2004/11/23 23:05:14 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2010/11/13 17:45:35 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\completescan
[2004/11/09 20:11:34 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\desktop.ini
[2010/11/13 17:39:59 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\install
[2010/11/13 18:12:46 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\start


< MD5 for: AGP440.SYS >
[2004/08/04 18:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/10/13 18:38:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010/10/13 18:38:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 18:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/10/13 18:38:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010/10/13 18:38:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 18:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/10/13 18:38:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2010/10/13 18:38:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 12:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 18:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 18:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 12:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 18:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2010/10/13 18:38:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbstor.sys
[2010/10/13 18:38:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 12:00:00 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 18:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 18:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-11 00:16:08

< End of report >

ok this is it.. hope it helps thank you, Debora

sweetdebora_17

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2010-11-19
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.ramnit.H and .C

Post by Belahzur on Fri 19 Nov 2010, 12:00 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.startup.homepage: "http://uk.ask.com?o=15119&l=dis"

    :files
    C:\WINDOWS\tasks\At*.job


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: win32.ramnit.H and .C

Post by sweetdebora_17 on Fri 19 Nov 2010, 12:29 pm

Thank you, that was a v fast reply...


here it is....
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "http://uk.ask.com?o=15119&l=dis" removed from browser.startup.homepage
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.

OTL by OldTimer - Version 3.2.17.3 log created on 11192010_012643
and now this means?

sweetdebora_17

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2010-11-19
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.ramnit.H and .C

Post by Belahzur on Fri 19 Nov 2010, 12:34 pm

Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: win32.ramnit.H and .C

Post by sweetdebora_17 on Sat 20 Nov 2010, 2:23 am

ok i have done as requested i hope.. here it is:
ComboFix 10-11-18.03 - Compaq_Owner 19/11/2010 14:59:48.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.529 [GMT 0:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\Combo-Fix.exe
AV: Virgin Media Security Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Virgin Media Security Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Owner\Application Data\completescan
c:\documents and settings\Compaq_Owner\Application Data\install
c:\program files\Internet Explorer\SET45.tmp
c:\program files\Internet Explorer\SET4A.tmp
c:\windows\system32\config\systemprofile\Application Data\Ehiwo
c:\windows\system32\config\systemprofile\Application Data\Ehiwo\ubzio.exe
c:\windows\system32\dmlconf.dat
c:\windows\system32\ps2.bat

.
((((((((((((((((((((((((( Files Created from 2010-10-19 to 2010-11-19 )))))))))))))))))))))))))))))))
.

2010-11-19 01:26 . 2010-11-19 01:26 -------- d-----w- C:\_OTL
2010-11-18 19:52 . 2010-11-18 19:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-18 19:43 . 2010-11-18 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-11-18 01:01 . 2010-11-18 01:01 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2010-11-18 01:00 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-18 01:00 . 2010-11-18 01:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-18 01:00 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 01:00 . 2010-11-18 01:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-17 16:37 . 2010-11-17 21:41 -------- d-----w- c:\program files\windows
2010-11-13 18:23 . 2010-11-13 18:24 -------- d-----w- c:\documents and settings\Administrator
2010-11-13 17:49 . 2010-11-13 17:49 917504 ----a-w- c:\windows\system32\FLASH.OCX
2010-11-13 17:49 . 2010-11-13 17:49 -------- d-sh--w- c:\windows\ftpcache
2010-11-10 12:49 . 2010-11-10 12:49 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-10 12:49 . 2010-11-10 12:49 135568 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-11-01 16:51 . 2010-11-01 16:51 -------- d-----w- c:\program files\Veetle
2010-10-26 18:12 . 2010-10-26 18:13 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Adobe
2010-10-21 15:25 . 2010-10-21 15:25 -------- d-----w- C:\.jagex_cache_32
2010-10-21 13:35 . 2010-10-21 13:35 -------- d-----w- c:\program files\iPod
2010-10-21 13:34 . 2010-10-21 13:38 -------- d-----w- c:\program files\iTunes
2010-10-21 13:17 . 2010-11-17 18:05 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-13 19:32 . 2010-10-13 19:32 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-10-13 19:32 . 2010-10-13 19:32 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-10-13 19:32 . 2010-10-13 19:32 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-10-13 19:32 . 2010-10-13 19:32 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-10-13 19:32 . 2010-10-13 19:32 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-10-13 19:32 . 2010-10-13 19:32 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-10-13 19:32 . 2010-10-13 19:32 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2010-10-13 19:32 . 2010-10-13 19:32 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-10-13 12:43 . 2010-10-13 12:43 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2010-10-13 12:43 . 2010-10-13 12:43 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
2010-09-27 20:57 . 2010-09-27 20:57 2826240 ----a-w- c:\windows\system32\GPhotos.scr
2010-09-23 20:52 . 2010-09-23 20:52 922112 ------w- c:\windows\system32\imapi2fs.dll
2010-09-23 20:52 . 2010-09-23 20:52 426496 ------w- c:\windows\system32\imapi2.dll
2010-09-18 11:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 11:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-08-23 15:35 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"nwiz"="nwiz.exe" [2005-08-02 1519616]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-16 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 253952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"O2Start"="c:\program files\O2CM-CE\O2 Connection Manager\tscui.exe" [2010-01-04 2998272]
"SNPT513"="c:\windows\vsnpt513.exe" [2003-08-12 32768]
"VirginMediaHUB.exe"="c:\program files\Virgin Media\HUB\VirginMediaHUB.exe" [2009-12-14 4277488]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-10-29 612168]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Virgin Media\\HUB\\ServicepointService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/10/2010 12:43 25608]
R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [13/10/2010 12:43 5832712]
R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\HUB\ServicepointService.exe [13/10/2010 12:37 668912]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 20:37 4640000]
R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [13/10/2010 12:43 122376]
R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [13/10/2010 12:43 30216]
R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [13/10/2010 12:43 25736]
S2 Radialpoint Security Services;Virgin Media Security;c:\program files\Virgin Media\Security\RpsSecurityAwareR.exe [04/01/2010 11:17 165408]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [17/09/2010 16:05 9728]
S3 SNPT513;PC Camera (6025 VGA);c:\windows\system32\drivers\snpt513.sys [08/10/2010 20:20 183040]
S3 TSWLAN;TsWlan Packet Driver;c:\windows\system32\drivers\TsWlan.sys [25/08/2009 14:54 33664]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [17/09/2010 16:05 114688]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 14432CFA
*NewlyCreated* - B6B431EA
*Deregistered* - 14432cfa
*Deregistered* - b6b431ea

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan sysagent
.
Contents of the 'Scheduled Tasks' folder

2010-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-10-23 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-05-24 15:46]

2010-08-29 c:\windows\Tasks\Install.job
- c:\windows\system32\Macromed\Shockwave 10\nssstub.exe [2010-08-28 18:49]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - [You must be registered and logged in to see this link.] files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - [You must be registered and logged in to see this link.] files\ieSpell\wikipedia.HTM
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6a80imoh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Virgin Media\HUB\nprpspa.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D} - c:\progra~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C} - c:\progra~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe
AddRemove-M2416447 - c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
AddRemove-M979906 - c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
AddRemove-Playsushi - c:\program files\PlaySushi\psuninst.exe
AddRemove-Python 2.2.3 - c:\python22\UNWISE.EXE
AddRemove-pywin32-py2.2 - c:\python22\Removepywin32.exe
AddRemove-Windows Media Format Runtime - c:\program files\Windows Media Player\wmsetsdk.exe
AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\program files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-19 15:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-11-19 15:14:18
ComboFix-quarantined-files.txt 2010-11-19 15:14

Pre-Run: 122,702,192,640 bytes free
Post-Run: 124,599,918,592 bytes free

Current=3 Default=3 Failed=4 LastKnownGood=1 Sets=,1,2,3,4
- - End Of File - - 17D255575841258B9960011D763E01AA

thanks debora

sweetdebora_17

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2010-11-19
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.ramnit.H and .C

Post by Belahzur on Sat 20 Nov 2010, 11:47 am


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    Driver::
    14432CFA
    B6B431EA
    14432cfa
    b6b431ea

    DDS::
    mStart Page = about:blank

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: win32.ramnit.H and .C

Post by sweetdebora_17 on Sat 20 Nov 2010, 1:05 pm

ComboFix 10-11-18.03 - Compaq_Owner 20/11/2010 1:49.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.319 [GMT 0:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: Virgin Media Security Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Virgin Media Security Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_14432CFA
-------\Legacy_B6B431EA


((((((((((((((((((((((((( Files Created from 2010-10-20 to 2010-11-20 )))))))))))))))))))))))))))))))
.

2010-11-19 01:26 . 2010-11-19 01:26 -------- d-----w- C:\_OTL
2010-11-18 19:52 . 2010-11-18 19:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-18 19:43 . 2010-11-18 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-11-18 01:01 . 2010-11-18 01:01 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2010-11-18 01:00 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-18 01:00 . 2010-11-18 01:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-18 01:00 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 01:00 . 2010-11-18 01:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-17 16:37 . 2010-11-17 21:41 -------- d-----w- c:\program files\windows
2010-11-13 18:23 . 2010-11-13 18:24 -------- d-----w- c:\documents and settings\Administrator
2010-11-13 17:49 . 2010-11-13 17:49 917504 ----a-w- c:\windows\system32\FLASH.OCX
2010-11-13 17:49 . 2010-11-13 17:49 -------- d-sh--w- c:\windows\ftpcache
2010-11-10 12:49 . 2010-11-10 12:49 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-10 12:49 . 2010-11-10 12:49 135568 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-11-01 16:51 . 2010-11-01 16:51 -------- d-----w- c:\program files\Veetle
2010-10-26 18:12 . 2010-10-26 18:13 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Adobe
2010-10-21 15:25 . 2010-10-21 15:25 -------- d-----w- C:\.jagex_cache_32
2010-10-21 13:35 . 2010-10-21 13:35 -------- d-----w- c:\program files\iPod
2010-10-21 13:34 . 2010-10-21 13:38 -------- d-----w- c:\program files\iTunes
2010-10-21 13:17 . 2010-11-17 18:05 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-13 19:32 . 2010-10-13 19:32 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-10-13 19:32 . 2010-10-13 19:32 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-10-13 19:32 . 2010-10-13 19:32 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-10-13 19:32 . 2010-10-13 19:32 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-10-13 19:32 . 2010-10-13 19:32 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-10-13 19:32 . 2010-10-13 19:32 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-10-13 19:32 . 2010-10-13 19:32 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2010-10-13 19:32 . 2010-10-13 19:32 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-10-13 12:43 . 2010-10-13 12:43 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2010-10-13 12:43 . 2010-10-13 12:43 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
2010-09-27 20:57 . 2010-09-27 20:57 2826240 ----a-w- c:\windows\system32\GPhotos.scr
2010-09-23 20:52 . 2010-09-23 20:52 922112 ------w- c:\windows\system32\imapi2fs.dll
2010-09-23 20:52 . 2010-09-23 20:52 426496 ------w- c:\windows\system32\imapi2.dll
2010-09-18 11:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 11:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-08-23 15:35 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"nwiz"="nwiz.exe" [2005-08-02 1519616]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-16 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 253952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"O2Start"="c:\program files\O2CM-CE\O2 Connection Manager\tscui.exe" [2010-01-04 2998272]
"SNPT513"="c:\windows\vsnpt513.exe" [2003-08-12 32768]
"VirginMediaHUB.exe"="c:\program files\Virgin Media\HUB\VirginMediaHUB.exe" [2009-12-14 4277488]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-10-29 612168]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Virgin Media\\HUB\\ServicepointService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/10/2010 12:43 25608]
R2 Radialpoint Security Services;Virgin Media Security;c:\program files\Virgin Media\Security\RpsSecurityAwareR.exe [04/01/2010 11:17 165408]
R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [13/10/2010 12:43 5832712]
R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\HUB\ServicepointService.exe [13/10/2010 12:37 668912]
R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [13/10/2010 12:43 122376]
R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [13/10/2010 12:43 30216]
R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [13/10/2010 12:43 25736]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [17/09/2010 16:05 9728]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 20:37 4640000]
S3 SNPT513;PC Camera (6025 VGA);c:\windows\system32\drivers\snpt513.sys [08/10/2010 20:20 183040]
S3 TSWLAN;TsWlan Packet Driver;c:\windows\system32\drivers\TsWlan.sys [25/08/2009 14:54 33664]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [17/09/2010 16:05 114688]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 41D44677
*NewlyCreated* - CA1D115D
*Deregistered* - 41d44677
*Deregistered* - ca1d115d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan sysagent
.
Contents of the 'Scheduled Tasks' folder

2010-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-10-23 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-05-24 15:46]

2010-08-29 c:\windows\Tasks\Install.job
- c:\windows\system32\Macromed\Shockwave 10\nssstub.exe [2010-08-28 18:49]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - [You must be registered and logged in to see this link.] files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - [You must be registered and logged in to see this link.] files\ieSpell\wikipedia.HTM
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\6a80imoh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Virgin Media\HUB\nprpspa.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-20 01:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(792)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSENG.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Virgin Media\Security\Fws.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\ALCXMNTR.EXE
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-11-20 02:03:59 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-20 02:03
ComboFix2.txt 2010-11-19 15:14

Pre-Run: 124,752,334,848 bytes free
Post-Run: 124,646,842,368 bytes free

Current=3 Default=3 Failed=4 LastKnownGood=1 Sets=,1,2,3,4
- - End Of File - - BA656DCE86A75294D08FA19974A0FC74


sweetdebora_17

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2010-11-19
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.ramnit.H and .C

Post by Belahzur on Sun 21 Nov 2010, 11:19 am

GMER's Rootkit Scanner:

Please download Gmer by Gmer and save it to your desktop.



  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO


    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...

    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)


  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: win32.ramnit.H and .C

Post by sweetdebora_17 on Sun 21 Nov 2010, 2:04 pm

here it is:

GMER 1.0.15.15530 - [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-21 03:01:58
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP1614C/R rev.SW100-30
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kwpyqaow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwOpenProcess [0xF78B1470]
SSDT \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateProcess [0xF78B1520]
SSDT \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateThread [0xF78B15C0]
SSDT \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwWriteVirtualMemory [0xF78B1660]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
AttachedDevice \FileSystem\Ntfs \Ntfs trufos.sys (Trufos Kernel Module/BitDefender S.R.L.)
AttachedDevice \Driver\Tcpip \Device\Ip rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
AttachedDevice \FileSystem\Fastfat \Fat trufos.sys (Trufos Kernel Module/BitDefender S.R.L.)

---- EOF - GMER 1.0.15 ----

I just remembered i dint disable antivirus and that :SS hope it wasnt necessary :S:S

sweetdebora_17

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2010-11-19
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.ramnit.H and .C

Post by Belahzur on Mon 22 Nov 2010, 7:17 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: win32.ramnit.H and .C

Post by sweetdebora_17 on Mon 22 Nov 2010, 10:52 am

Hi,
i have done the first bit.

now,, my internet explorer still doesn't show up so what do i do??

thanx

sweetdebora_17

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2010-11-19
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.ramnit.H and .C

Post by Belahzur on Tue 23 Nov 2010, 12:09 pm

The IE icon on your Desktop? or it doesn't open it when you try to open it?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: win32.ramnit.H and .C

Post by sweetdebora_17 on Wed 24 Nov 2010, 12:44 am

it doesn't open when i try to open it...
and also my virgin media security is running but i can't open to browse and perform scans etc...
what shall i do for the IE? thanx

sweetdebora_17

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2010-11-19
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.ramnit.H and .C

Post by Belahzur on Wed 24 Nov 2010, 9:11 am

Hello.

Download MBRCheck to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: win32.ramnit.H and .C

Post by sweetdebora_17 on Wed 24 Nov 2010, 10:09 am

Hi, i have downloaded it but i cant't run it! it says :
it is not a valid win32 application... :S

sorry

sweetdebora_17

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2010-11-19
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.ramnit.H and .C

Post by Belahzur on Thu 25 Nov 2010, 10:07 am

Hello.
Please right click MBRCheck.exe > Rename.

Remove the .exe file extension and change it to .com

See if it will run now.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: win32.ramnit.H and .C

Post by sweetdebora_17 on Thu 25 Nov 2010, 10:27 am

it worked thanx )
here it is...

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000007fc

Kernel Drivers (total 126):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF7A50000 \WINDOWS\system32\KDCOM.DLL
0xF7960000 \WINDOWS\system32\BOOTVID.dll
0xF7421000 ACPI.sys
0xF7A52000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7410000 pci.sys
0xF7550000 isapnp.sys
0xF7560000 ohci1394.sys
0xF7570000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7B18000 pciide.sys
0xF77D0000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A54000 viaide.sys
0xF7A56000 intelide.sys
0xF7580000 MountMgr.sys
0xF73F1000 ftdisk.sys
0xF77D8000 PartMgr.sys
0xF7590000 VolSnap.sys
0xF73D9000 atapi.sys
0xF75A0000 disk.sys
0xF75B0000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73B9000 fltmgr.sys
0xF7374000 bdfsfltr.sys
0xF77E0000 PxHelp20.sys
0xF735D000 KSecDD.sys
0xF72D0000 Ntfs.sys
0xF72A3000 NDIS.sys
0xF75C0000 AVGIDSEH.sys
0xF7289000 Mup.sys
0xF75F0000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF6F0B000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6EF7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF78A8000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6ED3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78B0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7600000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7610000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7620000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6EB0000 \SystemRoot\system32\DRIVERS\ks.sys
0xF78B8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF6DA4000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF78C0000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6D91000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
0xF7630000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF6B13000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF6AEF000 \SystemRoot\system32\drivers\portcls.sys
0xF7640000 \SystemRoot\system32\drivers\drmk.sys
0xF6ADB000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7650000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78C8000 \SystemRoot\system32\DRIVERS\PS2.sys
0xF78D0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7BE1000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7660000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7251000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6AC4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7670000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7680000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78D8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6AB3000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7690000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78E0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78E8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF76A0000 \SystemRoot\system32\DRIVERS\rp_skt32.sys
0xF76B0000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF78F8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF76C0000 \SystemRoot\system32\DRIVERS\rp_pkt32.sys
0xF7A9C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6832000 \SystemRoot\system32\DRIVERS\update.sys
0xF7241000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF76D0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF76E0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A9E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7AA4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B84000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AA6000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7910000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7918000 \SystemRoot\System32\drivers\vga.sys
0xF7AA8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AAA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7920000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7928000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A24000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF3C07000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF3BAE000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF3B86000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF3B64000 \SystemRoot\System32\drivers\afd.sys
0xF7700000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF3B39000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF3AC9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7730000 \SystemRoot\System32\Drivers\Fips.SYS
0xF3AA3000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7740000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7750000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF7265000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7760000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7930000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7259000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF39B7000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF399F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AB8000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6822000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7818000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C97000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA4AB000 \SystemRoot\System32\Drivers\DefragFS.SYS
0xF39DB000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xBA4C4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF7858000 \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys
0xBA393000 \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys
0xB99DB000 \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys
0xB9986000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB8F41000 \SystemRoot\system32\drivers\wdmaud.sys
0xB98F6000 \SystemRoot\system32\drivers\sysaudio.sys
0xB8EC6000 \SystemRoot\system32\DRIVERS\srv.sys
0xB8B29000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB8868000 \SystemRoot\System32\Drivers\HTTP.sys
0xB8864000 \??\C:\Program Files\Virgin Media\Security\BitDefender\profos.sys
0xF6A53000 \??\C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys
0xB8664000 \SystemRoot\System32\Drivers\465f0773.sys
0xB85D7000 \SystemRoot\System32\Drivers\09ac6944.sys
0xB9B2B000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xB0089000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 50):
0 System Idle Process
4 System
696 C:\WINDOWS\system32\smss.exe
804 csrss.exe
828 C:\WINDOWS\system32\winlogon.exe
872 C:\WINDOWS\system32\services.exe
884 C:\WINDOWS\system32\lsass.exe
1040 C:\WINDOWS\system32\svchost.exe
1100 svchost.exe
1196 C:\WINDOWS\system32\svchost.exe
1232 C:\Program Files\Virgin Media\Security\Fws.exe
1360 svchost.exe
1456 svchost.exe
1736 C:\WINDOWS\system32\spoolsv.exe
1776 C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe
2020 svchost.exe
216 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
232 C:\Program Files\Bonjour\mDNSResponder.exe
276 C:\Program Files\Java\jre6\bin\jqs.exe
572 C:\WINDOWS\system32\nvsvc32.exe
628 C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe
1384 C:\WINDOWS\explorer.exe
1400 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1484 C:\Program Files\Virgin Media\HUB\ServicepointService.exe
1828 C:\WINDOWS\system32\svchost.exe
1892 C:\Program Files\Virgin Media\Security\RPS.exe
848 C:\WINDOWS\system\hpsysdrv.exe
1160 C:\hp\KBD\kbd.exe
1268 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
668 C:\WINDOWS\ALCXMNTR.EXE
2276 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
2452 C:\WINDOWS\system32\rundll32.exe
2588 C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe
2624 alg.exe
2680 C:\WINDOWS\vsnpt513.exe
3028 C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe
3056 C:\Program Files\QuickTime\QTTask.exe
3096 C:\Program Files\iTunes\iTunesHelper.exe
3116 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3188 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3212 C:\WINDOWS\system32\ctfmon.exe
3228 C:\Program Files\WinZip\WZQKPICK.EXE
3424 C:\Program Files\Virgin Media\HUB\VirginMediaHUBComHandler.exe
3956 wmiprvse.exe
1416 C:\Program Files\iPod\bin\iPodService.exe
1420 C:\Program Files\Mozilla Firefox\firefox.exe
2740 C:\Program Files\Mozilla Firefox\plugin-container.exe
676 OSPPSVC.EXE
1668 wmiprvse.exe
3000 C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.com(2).exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`be32e000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: SAMSUNGSP1614C/R, Rev: SW100-30

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Legit MBR code detected
SHA1: F75A10171F7488C11BA9A98CEC3D186D7A8D3972


Done!

sweetdebora_17

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2010-11-19
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.ramnit.H and .C

Post by Belahzur on Fri 26 Nov 2010, 11:49 am

Hello.

Please close all anti virus, anti malware and any other open programs/windows so they do not interfere with the running of RootRepeal.

  • Please download RootRepeal.zip from here.
  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.


  • Select ALL of the checkboxes and then click OK and it will start scanning your system.

  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: win32.ramnit.H and .C

Post by sweetdebora_17 on Sat 27 Nov 2010, 5:41 am

ok thank you ..here it is...

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/11/26 18:32
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 2bc9d6df.sys
Image Path: C:\WINDOWS\System32\Drivers\2bc9d6df.sys
Address: 0xB9495000 Size: 574976 File Visible: No Signed: -
Status: -

Name: 77a1acef.sys
Image Path: C:\WINDOWS\System32\Drivers\77a1acef.sys
Address: 0xB9522000 Size: 143744 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF3FEF000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7AB4000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB85E7000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\all users\application data\virgin media\security\logs\bde-log-thursday november-25-10 00.25.57.txt
Status: Allocation size mismatch (API: 264, Raw: 0)

Path: c:\documents and settings\all users\application data\virgin media\security\logs\bde-log-thursday november-25-10 14.22.56.txt
Status: Allocation size mismatch (API: 264, Raw: 0)

Path: c:\documents and settings\all users\application data\virgin media\security\logs\bde-log-thursday november-25-10 20.37.08.txt
Status: Allocation size mismatch (API: 264, Raw: 0)

SSDT
-------------------
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys" at address 0xf78b1470

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys" at address 0xf78b1520

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys" at address 0xf78b15c0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys" at address 0xf78b1660

==EOF==


sweetdebora_17

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2010-11-19
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.ramnit.H and .C

Post by Belahzur on Sat 27 Nov 2010, 12:27 pm

Hello.

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


Files to delete:
C:\WINDOWS\System32\Drivers\2bc9d6df.sys
C:\WINDOWS\System32\Drivers\77a1acef.sys

Services to delete:
2bc9d6df.sys
77a1acef.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: win32.ramnit.H and .C

Post by sweetdebora_17 on Sun 28 Nov 2010, 5:45 am

right here it is....oh and not sure if revlevant but i got an error message at the end of the process when the computer restarted...

the text you required is here:
Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\System32\Drivers\2bc9d6df.sys" not found!
Deletion of file "C:\WINDOWS\System32\Drivers\2bc9d6df.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\System32\Drivers\77a1acef.sys" not found!
Deletion of file "C:\WINDOWS\System32\Drivers\77a1acef.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "Services to delete:" not found!
Deletion of file "Services to delete:" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "2bc9d6df.sys" not found!
Deletion of file "2bc9d6df.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "77a1acef.sys" not found!
Deletion of file "77a1acef.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

sweetdebora_17

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2010-11-19
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.ramnit.H and .C

Post by sweetdebora_17 on Thu 02 Dec 2010, 1:12 am

Bump

sweetdebora_17

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2010-11-19
Operating System : windows xp

View user profile

Back to top Go down

Re: win32.ramnit.H and .C

Post by Belahzur on Thu 02 Dec 2010, 12:11 pm

Still having problems here?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: win32.ramnit.H and .C

Post by Sponsored content Today at 8:05 pm


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum