|
|
|
Associate Member
 
Group: Forum Members
Last Login: 8/5/2008 3:45 AM
Posts: 365,
Visits: 490
|
|
| for some reason i can't get updates fro ad aware and spybot s&d. and i keep getting a warning about a "pvx.exe" program and "Ppuvoa" trying to connect. I did a search for them and found them, deleted them but they keep returning. Also when i click a link in messenger live it redirects to "not found". Can you help me?? Here is HJ this log: Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:57:14 AM, on 3/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\DOCUME~1\HOME~1.PC9\LOCALS~1\Temp\Pvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\home.PC963621594284\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://java.com/en/download/help/index.xml
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\home.PC963621594284\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [WEK9EMDHI9] C:\WINDOWS\Ppuvoa.exe
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\DOCUME~1\HOME~1.PC9\LOCALS~1\Temp\Pvx.exe
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\home.PC963621594284\Desktop\LimeWire.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://systemrequirementslab.com.s3.amazonaws.com/iduu/bin/srldetect_intel.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9B35512-05D3-4CAB-AC5C-9A600882DB5B}: NameServer = 93.188.163.34,93.188.161.95
O17 - HKLM\System\CCS\Services\Tcpip\..\{D01364A6-3DD2-4817-B73A-A95B3E43AF6A}: NameServer = 93.188.163.34,93.188.161.95
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.34,93.188.161.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.34,93.188.161.95
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe --
End of file - 10693 bytes
ty
|
|
|
|
|
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 33,730,
Visits: 54,734
|
|
Please download Rkill by Grinler from one of the following four links,save it to your desktop and double click on it to run it.
If the infection blocks it from running, try one of the other files from another link below.
If the process is successful in running,Notepad will open with the scan results,copy and paste the entire contents of that file into your next reply.
The log can also be found at C:\rkill.log
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com
Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Rkill does the following:
1. Terminates approximately 320+ known rogue processes
2. Deletes some of the more annoying protection processes commonly being used today:
* c:\Windows\svchast
* c:\Windows\svchasts
* c:\Windows\svohost
* C:\program files\Windows Police Pro\Windows Police Pro.exe
3. Uses the reg command to fix the following policy restrictions:
* Disable TaskManager
* Disable Regedit
* Disable Run menu option in the Startup Menu
4. Fixed the exefile open command so that exe files can properly be run.
Running Rkill should fix most of the common issues that stop malware removal tools from running.
**Warning to anyone else other than this topic starter should read the following**
You should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to serious issues within your operating system.
Please read ALL of the following before making a start.
Download ComboFix from HERE or HERE to your Desktop,by following the steps below.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
1.If you are using Firefox, make sure that your download settings are as follows:
* Click on Tools->Options->"Main" tab
* Set to "Always ask me where to Save the files".
2.During the download,rename Combofix to Combo-Fix as follows:
3.It is important you rename Combofix during the download, but not after.
4.Please do not rename Combofix to other names, but only to the one indicated.
5.Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
* Click Here to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
* Close any open browsers.
* WARNING: Combofix will disconnect your machine from the Internet as soon as it starts.
* Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
* If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
6.Double click on Combo-Fix.exe & follow the prompts,if you're running Windows Vista\Windows 7 right click on Combo-Fix.exe and click on "Run as Administrator".
7.When finished, it will produce a report for you.
8.Please post the contents of "C:\Combo-Fix.txt" along with a new HijackThis log into your next reply.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
-----------------------------------------------------------
**VERY IMPORTANT**
* As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
* Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures**
Once the Microsoft Windows Recovery Console is installed using ComboFix,you should see the following message:
Post the following in your next reply:
The contents of C:\ComboFix.txt
A new HijackThis log.
_______________________________________________________________
ASAP & UNITE member since 2006
|
|
|
|
|
Associate Member
Group: Forum Members
Last Login: 8/5/2008 3:45 AM
Posts: 365,
Visits: 490
|
|
| darn i was able to do the first but combo fix i could not get to run. i downloaded it to desktop and when the window opened to save it, i renamed to combo-fix. then shut it all down ...made sure fire wall was not active and tried to run it from desktop...it started, i got green bars and it froze then computer shut down. it tried it 2x, same thing happened. i have new hj thi log and th3 other you wanted. This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as home on 03/13/2010 at 13:04:04.
Processes terminated by Rkill or while it was running:
C:\WINDOWS\system32\nvsvc32.exe
C:\DOCUME~1\HOME~1.PC9\LOCALS~1\Temp\Pvx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Documents and Settings\home.PC963621594284\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Documents and Settings\home.PC963621594284\Temporary Internet Files\Content.IE5\BY8410KF\rkill[1].exe
Rkill completed on 03/13/2010 at 13:04:08.
hj this log Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 2:57:09 PM, on 3/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\DOCUME~1\HOME~1.PC9\LOCALS~1\Temp\Pvx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\home.PC963621594284\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/? LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://java.com/en/download/help/index.xml
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo! \Companion\Installs\cpn5\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6 \bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6 \lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo! \Companion\Installs\cpn5\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo! \Companion\Installs\cpn5\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\home.PC963621594284\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [WEK9EMDHI9] C:\WINDOWS\Ppuvoa.exe
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\DOCUME~1\HOME~1.PC9\LOCALS~1\Temp\Pvx.exe
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\home.PC963621594284\Desktop\LimeWire.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr? TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://systemrequirementslab.com.s3.amazonaws.com/iduu/bin/srldetect_intel.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9B35512-05D3-4CAB-AC5C-9A600882DB5B}: NameServer = 93.188.163.34,93.188.161.95
O17 - HKLM\System\CCS\Services\Tcpip\..\{D01364A6-3DD2-4817-B73A-A95B3E43AF6A}: NameServer = 93.188.163.34,93.188.161.95
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.34,93.188.161.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.34,93.188.161.95
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32 \browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett- Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6 \bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo! \SoftwareUpdate\YahooAUService.exe --
End of file - 10441 bytes
|
|
|
|
|
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 33,730,
Visits: 54,734
|
|
Please disable CD Emulation,see Why we request you disable CD Emulation when receiving Malware Removal Advice.
Download DeFogger by jpshortstuff and save it to your desktop.
* Double click DeFogger to run the tool
* The application window will appear
* Click the Disable button to disable your CD Emulation drivers
* Click Yes to continue
* A Finished! message will appear
* Click OK
* DeFogger will now ask to reboot the machine - click OK
**IMPORTANT!**
If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.
Right click on the taskbar on your desktop,select Task Manager.
Click on the 'Processes' tab,then click on the 'Image Name' header.
The running processes will now be in alphabetical order.
Right click on the following process if present and select 'End Process':
Pvx.exe
Then exit Task Manager.
Once again it appears you've no virus protection installed.
You need virus protection installed and its definitions kept updated at ALL times.
Please download/install Avira AntiVir Personal - FREE Antivirus:
http://www.free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html
Perform a full scan with Avira and allow it to delete everything it detects.
Restart your pc when you've done.
After restart,open Avira Antivirus and select "Reports".
Then double click the report from the full scan you have just completed.
Click the "Report File" button,then copy and paste the report into your next reply.
Download and scan with GMER by carefully following the steps below.
Being as certain malware won't let gmer.exe run,click on the button [Download EXE] in the following link to download GMER to your desktop.
* Double click on the randomly named .exe file on your desktop to launch GMER,then click on the Rootkit/Malware tab.
* Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
* Click on Scan.
* When the scan has run click the "Copy" button then paste the results into your next reply.
Click on Start/Run,copy and paste ComboFix /uninstall into the 'Open:' space,then press OK [see image below]
This will uninstall Combofix,delete its related folders and files,reset your clock settings,hide file extensions,hide the system/hidden files and resets System Restore.
**Important**
First backup the Windows Registry using Erunt by following the steps in the link below:
How to backup Windows Registry using ERUNT.
Now download OTL by OldTimer, saving it to your desktop.
* Close all open windows on the Task Bar.
* Double click on the OTL icon to run it,if running Vista or Win 7,right click on the icon and select 'Run as Administrator'.
* When the window appears, underneath Output at the top change it to Minimal Output.
* Check the boxes beside LOP Check and Purity Check.
* Copy ALL the text in the code box below to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
* Return to OTListIt, right click in the "Custom Scans/Fixes" window (under the light blue bar) and choose Paste.
* Click the "Run Scan" button. Do not change any settings unless otherwise told to do so. The scan wont take long.
* When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
* Please copy and paste the entire contents of OTL.Txt and Extras.Txt into your next reply.
Post the following in your next reply:
The contents of the Avira Antivirus scan log.
The contents of the GMER scan log.
The contents of OTL.txt and Extras.txt
_______________________________________________________________
ASAP & UNITE member since 2006
|
|
|
|
|
Associate Member
Group: Forum Members
Last Login: 8/5/2008 3:45 AM
Posts: 365,
Visits: 490
|
|
| here is result of scans i am doing in 2 parts because of size of infromation. Avira AntiVir Personal
Report file date: Saturday, March 13, 2010 16:05 Scanning for 1849583 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : PC963621594284 Version information:
BUILD.DAT : 9.0.0.415 21609 Bytes 11/8/2009 10:00:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 16:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 12:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 21:02:10
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 21:02:45
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:02:53
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 21:03:08
VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 21:03:08
VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 21:03:08
VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 21:03:08
VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 21:03:09
VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 21:03:09
VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 21:03:09
VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 21:03:09
VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 21:03:09
VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 21:03:10
VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 21:03:11
VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 21:03:12
VBASE016.VDF : 7.10.5.45 2048 Bytes 3/11/2010 21:03:12
VBASE017.VDF : 7.10.5.46 2048 Bytes 3/11/2010 21:03:13
VBASE018.VDF : 7.10.5.47 2048 Bytes 3/11/2010 21:03:13
VBASE019.VDF : 7.10.5.48 2048 Bytes 3/11/2010 21:03:13
VBASE020.VDF : 7.10.5.49 2048 Bytes 3/11/2010 21:03:13
VBASE021.VDF : 7.10.5.50 2048 Bytes 3/11/2010 21:03:13
VBASE022.VDF : 7.10.5.51 2048 Bytes 3/11/2010 21:03:13
VBASE023.VDF : 7.10.5.52 2048 Bytes 3/11/2010 21:03:13
VBASE024.VDF : 7.10.5.53 2048 Bytes 3/11/2010 21:03:14
VBASE025.VDF : 7.10.5.54 2048 Bytes 3/11/2010 21:03:14
VBASE026.VDF : 7.10.5.55 2048 Bytes 3/11/2010 21:03:14
VBASE027.VDF : 7.10.5.56 2048 Bytes 3/11/2010 21:03:14
VBASE028.VDF : 7.10.5.57 2048 Bytes 3/11/2010 21:03:14
VBASE029.VDF : 7.10.5.58 2048 Bytes 3/11/2010 21:03:14
VBASE030.VDF : 7.10.5.59 2048 Bytes 3/11/2010 21:03:14
VBASE031.VDF : 7.10.5.66 92672 Bytes 3/12/2010 21:03:15
Engineversion : 8.2.1.180
AEVDF.DLL : 8.1.1.3 106868 Bytes 3/13/2010 21:03:37
AESCRIPT.DLL : 8.1.3.17 1032570 Bytes 3/13/2010 21:03:36
AESCN.DLL : 8.1.5.0 127347 Bytes 3/13/2010 21:03:33
AESBX.DLL : 8.1.2.0 254323 Bytes 3/13/2010 21:03:37
AERDL.DLL : 8.1.4.2 479602 Bytes 3/13/2010 21:03:33
AEPACK.DLL : 8.2.1.0 426356 Bytes 3/13/2010 21:03:31
AEOFFICE.DLL : 8.1.0.39 196987 Bytes 3/13/2010 21:03:29
AEHEUR.DLL : 8.1.1.7 2326902 Bytes 3/13/2010 21:03:28
AEHELP.DLL : 8.1.10.1 237942 Bytes 3/13/2010 21:03:19
AEGEN.DLL : 8.1.2.0 373107 Bytes 3/13/2010 21:03:18
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 12:38:26
AECORE.DLL : 8.1.12.2 188790 Bytes 3/13/2010 21:03:16
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 12:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 20:14:02
AVREP.DLL : 8.0.0.7 159784 Bytes 3/13/2010 21:03:39
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 17:25:47 Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +PFS, Start of the scan: Saturday, March 13, 2010 16:05 Starting search for hidden objects.
'86953' objects were checked, '0' hidden objects were found. The scan of running processes will be started
Scan process 'searchfilterhost.exe' - '1' Module(s) have been scanned
Scan process 'searchprotocolhost.exe' - '1' Module(s) have been scanned
Scan process 'ScreenCapturePrint.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'YahooMessenger.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Pvx.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOCUME~1\HOME~1.PC9\LOCALS~1\Temp\Pvx.exe'
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'HPQTOA~1.EXE' - '1' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
Scan process 'WindowsSearch.exe' - '1' Module(s) have been scanned
Scan process 'SansaDispatch.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'HPWAMain.exe' - '1' Module(s) have been scanned
Scan process 'CNMNSUT.EXE' - '1' Module(s) have been scanned
Scan process 'BJMYPRT.EXE' - '1' Module(s) have been scanned
Scan process 'mqtgsvc.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'QPService.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'mqsvc.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'hpqWmiEx.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'ijplmsvc.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'msdtc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'Pvx.exe' has been terminated
C:\DOCUME~1\HOME~1.PC9\LOCALS~1\Temp\Pvx.exe
[DETECTION] Is the TR/FraudPack.aohm Trojan
[NOTE] The file was moved to '4c13ffea.qua'! 65 processes with 64 modules were scanned Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found! Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found! Starting to scan executable files (registry).
C:\WINDOWS\Windows.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\WINDOWS\Windows.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan The registry was scanned ( '76' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBifrost.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\home\My Documents\LimeWire\Incomplete\T-5178534-chanson brightman sara d new cover version.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Documents and Settings\home.PC963621594284\Local Settings\Temp\Pvw.exe
[DETECTION] Is the TR/FraudPack.aohn Trojan
C:\Documents and Settings\joe porto\Temporary Internet Files\Content.IE5\42FKU5TQ\index[1].htm
[DETECTION] Contains recognition pattern of the HTML/Dldr.FakeAle.A HTML script virus
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP71\A0022000.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP71\A0022074.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP72\A0022208.dll
[DETECTION] Is the TR/Comrerop.A.13 Trojan
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP83\A0026143.exe
[DETECTION] Is the TR/FraudPack.aohn Trojan
C:\WINDOWS\Ppuvob.exe
[DETECTION] Is the TR/FraudPack.aohn Trojan
C:\WINDOWS\windows.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\WINDOWS\SoftwareDistribution\Download\6ce2bdc0b099e452a308833b886e1a8e\BIT12.tmp
[0] Archive type: CAB (Microsoft)
--> SCN\SGCOMMON\_86\softfare.dl_
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\WINDOWS\system32\spool\prtprocs\w32x86\00004617.tmp
[DETECTION] Is the TR/Agent.AQ.19 Trojan
Begin scan in 'D:\' <HP_RECOVERY> Beginning disinfection:
C:\WINDOWS\Windows.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4c0a19bd.qua'!
C:\WINDOWS\Windows.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[WARNING] Error in ARK library
[NOTE] The file is scheduled for deleting after reboot.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBifrost.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4c0a1a10.qua'!
C:\Documents and Settings\home\My Documents\LimeWire\Incomplete\T-5178534-chanson brightman sara d new cover version.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4bd119d4.qua'!
C:\Documents and Settings\home.PC963621594284\Local Settings\Temp\Pvw.exe
[DETECTION] Is the TR/FraudPack.aohn Trojan
[NOTE] The file was moved to '4c131a1f.qua'!
C:\Documents and Settings\joe porto\Temporary Internet Files\Content.IE5\42FKU5TQ\index[1].htm
[DETECTION] Contains recognition pattern of the HTML/Dldr.FakeAle.A HTML script virus
[NOTE] The file was moved to '4c001a17.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP71\A0022000.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4bcc19d9.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP71\A0022074.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4ab30c12.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP72\A0022208.dll
[DETECTION] Is the TR/Comrerop.A.13 Trojan
[NOTE] The file was moved to '4a4e34fa.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP83\A0026143.exe
[DETECTION] Is the TR/FraudPack.aohn Trojan
[NOTE] The file was moved to '4a48256a.qua'!
C:\WINDOWS\Ppuvob.exe
[DETECTION] Is the TR/FraudPack.aohn Trojan
[NOTE] The file was moved to '4c111a19.qua'!
C:\WINDOWS\windows.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[WARNING] Error in ARK library
[NOTE] The file is scheduled for deleting after reboot.
C:\WINDOWS\system32\spool\prtprocs\w32x86\00004617.tmp
[DETECTION] Is the TR/Agent.AQ.19 Trojan
[NOTE] The file was moved to '4bcc19e5.qua'!
End of the scan: Saturday, March 13, 2010 18:03
Used time: 1:56:05 Hour(s)
The scan has been done completely. 16565 Scanned directories
521257 Files were scanned
14 Viruses and/or unwanted programs were found
1 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
12 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
521240 Files not concerned
10620 Archives were scanned
6 Warnings
16 Notes
86953 Objects were scanned with rootkit scan
0 Hidden objects were found OTL Extras logfile created on: 3/14/2010 6:30:36 AM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\home.PC963621594284\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
959.00 Mb Total Physical Memory | 433.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.02 Gb Total Space | 58.66 Gb Free Space | 59.24% Space Free | Partition Type: NTFS
Drive D: | 11.74 Gb Total Space | 1.32 Gb Free Space | 11.20% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC963621594284
Current User Name: home
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Outlook Express\msimn.exe" = C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6FE30813-AC60-40A3-BE53-F6713A1F3893}" = HP Wireless Assistant
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837B34E3-7C30-493C-8F6A-2B0F04E2912C}" = Microsoft Visual C++ 2005 Redistributable
"{84DDA651-FA15-4DF2-8AE8-E98FA329B1CD}" = System Requirements Lab for Intel
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Canon MP620 series User Registration" = Canon MP620 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_HDAUDIO" = Conexant HD Audio
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LimeWire" = LimeWire 5.4.6
"Microsoft Picture It!" = Microsoft Picture It! 99
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sansa Updater" = Sansa Updater
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 3/13/2010 12:56:06 PM | Computer Name = PC963621594284 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established
Error - 3/13/2010 1:54:02 PM | Computer Name = PC963621594284 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established
Error - 3/13/2010 5:00:45 PM | Computer Name = PC963621594284 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established
Error - 3/13/2010 7:06:51 PM | Computer Name = PC963621594284 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established
Error - 3/13/2010 7:18:53 PM | Computer Name = PC963621594284 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established
Error - 3/13/2010 7:52:51 PM | Computer Name = PC963621594284 | Source = Application Hang | ID = 1002
Description = Hanging application davinci.scr, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 3/14/2010 12:52:48 AM | Computer Name = PC963621594284 | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041d: InitEventCollector fail
Error - 3/14/2010 12:53:16 AM | Computer Name = PC963621594284 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established
Error - 3/14/2010 4:42:54 AM | Computer Name = PC963621594284 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established
Error - 3/14/2010 6:06:42 AM | Computer Name = PC963621594284 | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
version 0.0.0.0, fault address 0x00085cd9.
[ System Events ]
Error - 3/8/2010 1:07:19 PM | Computer Name = PC963621594284 | Source = Print | ID = 6161
Description = The document computerinfo - Notepad owned by home failed to print
on printer Canon MP620 series Printer. Data type: NT EMF 1.008. Size of the spool
file in bytes: 51564. Number of bytes printed: 0. Total number of pages in the
document: 1. Number of pages printed: 0. Client machine: \\PC963621594284. Win32
error code returned by the print processor: 3 (0x3).
Error - 3/10/2010 7:30:10 PM | Computer Name = PC963621594284 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.
Error - 3/10/2010 7:30:10 PM | Computer Name = PC963621594284 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053
Error - 3/13/2010 2:04:05 PM | Computer Name = PC963621594284 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 3/13/2010 5:05:38 PM | Computer Name = PC963621594284 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 3/14/2010 12:52:48 AM | Computer Name = PC963621594284 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service COMSysApp with
arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
Error - 3/14/2010 12:52:48 AM | Computer Name = PC963621594284 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the COM+ System Application
service to connect.
Error - 3/14/2010 12:52:48 AM | Computer Name = PC963621594284 | Source = Service Control Manager | ID = 7000
Description = The COM+ System Application service failed to start due to the following
error: %%1053
Error - 3/14/2010 2:42:10 AM | Computer Name = PC963621594284 | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3
00000001, parameter4 827f000c.
Error - 3/14/2010 4:39:18 AM | Computer Name = PC963621594284 | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.
< End of report > OTL logfile created on: 3/14/2010 6:30:36 AM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\home.PC963621594284\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
959.00 Mb Total Physical Memory | 433.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.02 Gb Total Space | 58.66 Gb Free Space | 59.24% Space Free | Partition Type: NTFS
Drive D: | 11.74 Gb Total Space | 1.32 Gb Free Space | 11.20% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC963621594284
Current User Name: home
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - C:\Documents and Settings\home.PC963621594284\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\home.PC963621594284\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
PRC - C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - C:\Documents and Settings\home.PC963621594284\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\SSSensor.dll (Sygate Technologies, Inc.)
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)
SRV - (SmcService) -- C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - (SPLITCAM) -- C:\WINDOWS\system32\drivers\splitcam.sys (LoteSoft Co.)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (Flash1) -- C:\SWSetup\sp43666\winphlash\FLASH1.sys ()
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (wg6n) -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys (Sygate Technologies, Inc.)
DRV - (wg5n) -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys (Sygate Technologies, Inc.)
DRV - (wg4n) -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys (Sygate Technologies, Inc.)
DRV - (wg3n) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys (Sygate Technologies, Inc.)
DRV - (wpsdrvnt) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.)
DRV - (Teefer) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys (Sygate Technologies, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/webhp?hl=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[2010/02/11 14:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home.PC963621594284\Application Data\Mozilla\Extensions
[2010/02/11 14:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home.PC963621594284\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/03 22:18:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/04 05:10:27 | 000,000,000 | ---D | M] (Firefox security) -- C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
O1 HOSTS File: ([2010/02/25 21:30:02 | 000,380,253 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13102 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\home.PC963621594284\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [TOY5KNQ8OC] C:\DOCUME~1\HOME~1.PC9\LOCALS~1\Temp\Pvx.exe File not found
O4 - HKCU..\Run: [WEK9EMDHI9] C:\WINDOWS\Ppuvoa.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\home.PC963621594284\Start Menu\Programs\StartUp\LimeWire On Startup.lnk = C:\Documents and Settings\home.PC963621594284\Desktop\LimeWire.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://systemrequirementslab.com.s3.amazonaws.com/iduu/bin/srldetect_intel.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.34,93.188.161.95
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\home.PC963621594284\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\home.PC963621594284\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/28 02:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 18:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{32893eaf-169c-11df-a534-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{32893eaf-169c-11df-a534-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/02/10 19:18:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173366603513856)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2010/03/14 06:25:54 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\home.PC963621594284\Desktop\OTL.exe
[2010/03/14 06:25:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/14 06:23:32 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/14 06:19:29 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\home.PC963621594284\Desktop\erunt-setup.exe
[2010/03/13 17:00:12 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/03/13 17:00:12 | 000,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/03/13 17:00:12 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/03/13 17:00:12 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/03/13 17:00:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/03/13 17:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/03/13 17:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/03/13 15:43:03 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/03/13 12:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/03/13 11:15:23 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\home.PC963621594284\My Documents\spybotsd162.exe
[2010/03/13 09:25:22 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/03/13 09:23:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/13 09:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/03/13 09:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/03/10 12:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\Application Data\Sonic
[2010/03/10 11:54:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\Application Data\Leadertech
[2010/03/10 11:53:49 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/10 11:50:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/03/09 13:48:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\Application Data\WildTangent
[2010/03/06 21:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\My Documents\For E-Mailing from Picture It!
[2010/03/04 14:04:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2010/03/04 14:04:04 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2010/03/04 05:24:31 | 004,277,536 | ---- | C] (Hewlett-Packard Company ) -- C:\Documents and Settings\home.PC963621594284\My Documents\sp43666.exe
[2010/03/04 05:23:43 | 004,494,456 | ---- | C] (Hewlett-Packard Company ) -- C:\Documents and Settings\home.PC963621594284\My Documents\sp34152.exe
[2010/03/04 05:22:47 | 003,358,432 | ---- | C] (Hewlett-Packard Company ) -- C:\Documents and Settings\home.PC963621594284\My Documents\sp34510.exe
[2010/03/03 22:29:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/03/03 22:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SysWoW32
[2010/03/03 22:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/03/03 22:18:07 | 000,000,000 | ---D | C] -- C:\System Volume Data
[2010/03/02 12:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\Desktop\ebay
[2010/02/25 14:43:21 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2010/02/25 14:43:21 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2010/02/25 14:43:14 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2010/02/25 14:43:14 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2010/02/25 14:43:13 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2010/02/25 14:43:13 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2010/02/25 14:43:13 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2010/02/25 14:43:12 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2010/02/25 14:43:11 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2010/02/25 14:42:59 | 000,014,608 | ---- | C] (InterVideo, Inc.) -- C:\WINDOWS\System32\iviaspi.sys
[2010/02/25 14:19:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\Application Data\SanDisk
[2010/02/25 13:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\My Documents\Sansa Media Converter
[2010/02/25 12:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\Desktop\New Folder
[2010/02/24 22:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/24 20:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2010/02/24 20:40:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\My Documents\Bottles
[2010/02/23 22:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\Desktop\donesongs
[2010/02/23 20:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\Desktop\1stwave
[2010/02/22 13:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Picture It!
[2010/02/22 13:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\Desktop\Tunes_4_ipod
[2010/02/22 13:01:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2010/02/22 13:00:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2010/02/22 13:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2010/02/22 12:55:11 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2010/02/22 12:54:27 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2010/02/22 12:54:20 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010/02/22 12:54:14 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2010/02/22 12:49:47 | 000,230,912 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM9D.DLL
[2010/02/22 12:49:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2010/02/22 12:49:18 | 000,362,496 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMNPPM.DLL
[2010/02/22 12:49:18 | 000,142,336 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMNPUI.DLL
[2010/02/22 12:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2010/02/22 04:45:55 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/02/22 04:45:55 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/02/21 14:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\My Documents\LimeWire
[2010/02/21 14:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\My Documents\My Received Files
[2010/02/21 14:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\Tracing
[2010/02/21 13:33:22 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/02/21 13:31:33 | 000,000,000 | ---D | C] -- C:\083bf80ed037a8a66a
[2010/02/21 13:31:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/02/21 13:31:15 | 000,000,000 | ---D | C] -- C:\6111c50cd69103735f07
[2010/02/21 07:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\Application Data\GTek
[2010/02/21 07:37:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\Application Data\MSNInstaller
[2010/02/20 21:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Picture It!(2)
[2010/02/14 06:17:24 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2010/02/14 06:17:24 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrobj.dll
[2010/02/14 06:17:24 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrrun.dll
[2010/02/14 06:17:24 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscript.exe
[2010/02/14 06:17:24 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshom.ocx
[2010/02/14 06:17:24 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cscript.exe
[2010/02/14 06:17:24 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshext.dll
[2010/02/14 06:17:20 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2010/02/13 22:30:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\Application Data\Apple Computer
[2010/02/13 22:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\Application Data\Windows Search
[2010/02/13 22:24:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\Local Settings\Application Data\Apple
[2010/02/13 22:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\Local Settings\Application Data\Apple Computer
[2010/02/13 22:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\Local Settings\Application Data\QuickPlay
[2010/02/13 22:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\Application Data\HP
[2010/02/13 21:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\Application Data\DivX
[2010/02/13 21:50:41 | 000,009,464 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2010/02/13 21:50:41 | 000,009,336 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2010/02/13 21:50:40 | 000,129,784 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2010/02/13 21:50:40 | 000,120,056 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2010/02/13 21:50:40 | 000,118,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2010/02/13 21:50:40 | 000,072,440 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2010/02/13 21:50:40 | 000,066,296 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2010/02/13 21:50:40 | 000,064,760 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2010/02/12 23:28:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/02/12 22:28:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/02/12 22:28:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/02/12 22:28:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/02/12 20:57:10 | 006,067,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/02/12 20:57:10 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2010/02/12 20:57:10 | 000,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2010/02/12 20:57:10 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/02/12 20:57:10 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/02/12 20:57:10 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/02/12 20:57:10 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/02/12 20:57:10 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/02/12 20:57:10 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2010/02/12 17:04:03 | 002,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/02/12 17:04:02 | 002,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/02/12 17:04:01 | 002,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/02/12 17:04:00 | 002,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/01/31 17:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Yahoo
[2010/01/22 22:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/12/14 21:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/12/05 14:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/11/01 17:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2009/11/01 17:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/11/01 17:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2009/10/29 19:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/10/29 19:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2006/09/13 09:12:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/09/13 09:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/09/13 09:12:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/09/13 09:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/09/24 11:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[117 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2010/03/14 06:26:05 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\home.PC963621594284\Desktop\OTL.exe
[2010/03/14 06:26:00 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/03/14 06:23:33 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\Desktop\NTREGOPT.lnk
[2010/03/14 06:23:33 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\Desktop\ERUNT.lnk
[2010/03/14 06:22:00 | 000,000,244 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/03/14 06:19:47 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\home.PC963621594284\Desktop\erunt-setup.exe
[2010/03/14 06:14:42 | 000,995,493 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\My Documents\List.bat
[2010/03/14 05:57:16 | 000,412,682 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 05:57:16 | 000,063,178 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 05:57:15 | 000,482,664 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 05:55:51 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/14 05:53:46 | 000,001,675 | ---- | M] () -- C:\hpqp.ini
[2010/03/14 05:53:23 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2010/03/14 05:53:15 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/14 05:52:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/14 05:52:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/14 05:52:40 | 1005,170,688 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/14 05:05:30 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/14 04:39:23 | 007,749,632 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\ntuser.dat
[2010/03/14 04:39:23 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\home.PC963621594284\ntuser.ini
[2010/03/13 17:45:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\Desktop\djc45x2z.exe
[2010/03/13 17:00:25 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/03/13 16:55:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\defogger_reenable
[2010/03/13 16:51:50 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\Desktop\Defogger.exe
[2010/03/13 15:57:00 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\Desktop\HiJackThis.lnk
[2010/03/13 14:08:48 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/13 11:15:25 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\home.PC963621594284\My Documents\spybotsd162.exe
[2010/03/13 10:54:20 | 001,401,344 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\My Documents\HijackThis.msi
[2010/03/13 09:23:48 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/03/11 18:18:26 | 001,717,258 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\My Documents\NEVERMARRYAWOMANBIGGERTHANYOU.wmv
[2010/03/10 13:56:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/04 05:24:34 | 004,277,536 | ---- | M] (Hewlett-Packard Company ) -- C:\Documents and Settings\home.PC963621594284\My Documents\sp43666.exe
[2010/03/04 05:23:45 | 004,494,456 | ---- | M] (Hewlett-Packard Company ) -- C:\Documents and Settings\home.PC963621594284\My Documents\sp34152.exe
[2010/03/04 05:22:52 | 003,358,432 | ---- | M] (Hewlett-Packard Company ) -- C:\Documents and Settings\home.PC963621594284\My Documents\sp34510.exe
[2010/03/04 05:12:23 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/04 04:59:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/04 04:54:50 | 000,001,141 | ---- | M] () -- C:\WINDOWS\System32\57580c3a
[2010/03/04 04:38:10 | 000,001,369 | -HS- | M] () -- C:\WINDOWS\System32\1019187187
[2010/03/04 04:37:50 | 000,000,114 | ---- | M] () -- C:\xcrashdump.dat
[2010/03/01 13:11:40 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/27 16:58:49 | 000,025,677 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\My Documents\!cid_F57BAFF93930422EB3B74D3BE37D94F4@dell2f61384959.jpg
[2010/02/27 16:58:32 | 000,018,866 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\My Documents\!cid_CB087E6D302748538834C7F82EFD245D@dell2f61384959.jpg
[2010/02/27 16:58:06 | 000,017,583 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\My Documents\!cid_6D0E37F18649408B8F285ED055F4884C@dell2f61384959.jpg
[2010/02/27 10:23:49 | 022,162,386 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\My Documents\clip0014.avi
[2010/02/26 20:14:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ATHPRXY(3).DLL
[2010/02/25 21:30:02 | 000,380,253 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/25 14:43:01 | 000,001,902 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\Desktop\ Sansa Media Converter.lnk
[2010/02/25 14:43:01 | 000,001,890 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ Sansa Media Converter.lnk
[2010/02/24 23:24:58 | 000,005,068 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/02/24 23:20:11 | 000,380,253 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100225-203001.backup
[2010/02/24 21:09:05 | 000,827,404 | -H-- | M] () -- C:\Documents and Settings\home.PC963621594284\Local Settings\Application Data\IconCache.db
[2010/02/24 14:04:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ATHPRXY(2).DLL
[2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/02/23 18:38:58 | 000,229,931 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\My Documents\IMG_0003_82_NEW.jpg
[2010/02/23 15:16:47 | 000,143,606 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\My Documents\IMG_0003_82.jpg
[2010/02/23 15:16:44 | 000,134,107 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\My Documents\IMG_0002_82.jpg
[2010/02/23 15:16:30 | 000,159,508 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\My Documents\IMG_0001_87.jpg
[2010/02/23 12:44:16 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/22 13:40:51 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Picture It! 99.lnk
[2010/02/22 13:39:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/02/22 13:39:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/02/22 13:00:37 | 000,001,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MP620 series User Registration.LNK
[2010/02/22 12:52:41 | 000,001,652 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My Printer.lnk
[2010/02/22 12:52:31 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2010/02/22 12:52:21 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Easy-PhotoPrint EX.lnk
[2010/02/22 12:50:50 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MP Navigator EX 2.0.lnk
[2010/02/22 12:20:11 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\My Documents\On Feb 9th.doc
[2010/02/22 12:09:30 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\Desktop\Microsoft Word.lnk
[2010/02/22 12:06:21 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/02/22 12:05:54 | 000,002,563 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\Desktop\Microsoft Excel.lnk
[2010/02/22 12:05:54 | 000,002,531 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\Desktop\Microsoft PowerPoint.lnk
[2010/02/22 12:05:54 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/02/21 15:54:38 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/02/21 13:57:28 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\Desktop\Windows Media Player.lnk
[2010/02/21 13:33:14 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/21 13:33:14 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/21 13:33:08 | 000,000,525 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/21 13:32:06 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/02/21 13:31:32 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/02/21 11:58:27 | 000,012,712 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\My Documents\adapter.jpg
[2010/02/21 11:02:55 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/02/20 22:10:30 | 000,076,688 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/13 22:25:27 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/02/13 21:50:45 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2010/02/13 21:49:23 | 000,001,499 | ---- | M] () -- C:\Documents and Settings\home.PC963621594284\Desktop\DivX Movies.lnk
[2010/02/12 22:26:16 | 000,250,048 | RHS- | M] () -- C:\ntldr
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[117 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2010/03/14 06:23:33 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\Desktop\NTREGOPT.lnk
[2010/03/14 06:23:33 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\Desktop\ERUNT.lnk
[2010/03/14 06:14:41 | 000,995,493 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\My Documents\List.bat
[2010/03/13 17:45:42 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\Desktop\djc45x2z.exe
[2010/03/13 17:00:24 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/03/13 16:55:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\defogger_reenable
[2010/03/13 16:51:49 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\Desktop\Defogger.exe
[2010/03/13 12:56:34 | 000,002,469 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\Desktop\HiJackThis.lnk
[2010/03/13 10:54:09 | 001,401,344 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\My Documents\HijackThis.msi
[2010/03/13 10:24:00 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/03/13 09:27:07 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/13 09:23:48 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/03/11 18:18:25 | 001,717,258 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\My Documents\NEVERMARRYAWOMANBIGGERTHANYOU.wmv
[2010/03/10 13:40:53 | 000,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/03/10 13:40:49 | 000,000,244 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/03/04 05:43:38 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\Desktop\Windows Live Messenger .lnk
[2010/03/04 01:03:44 | 000,000,114 | ---- | C] () -- C:\xcrashdump.dat
[2010/03/03 22:19:14 | 000,001,369 | -HS- | C] () -- C:\WINDOWS\System32\1019187187
[2010/03/03 22:18:07 | 000,001,141 | ---- | C] () -- C:\WINDOWS\System32\57580c3a
[2010/03/01 19:22:48 | 007,749,632 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\ntuser.dat
[2010/02/27 16:58:51 | 000,025,677 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\My Documents\!cid_F57BAFF93930422EB3B74D3BE37D94F4@dell2f61384959.jpg
[2010/02/27 16:58:34 | 000,018,866 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\My Documents\!cid_CB087E6D302748538834C7F82EFD245D@dell2f61384959.jpg
[2010/02/27 16:58:16 | 000,017,583 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\My Documents\!cid_6D0E37F18649408B8F285ED055F4884C@dell2f61384959.jpg
[2010/02/27 10:23:20 | 022,162,386 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\My Documents\clip0014.avi
[2010/02/24 21:46:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IsUser11b.dll
[2010/02/23 18:38:58 | 000,229,931 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\My Documents\IMG_0003_82_NEW.jpg
[2010/02/23 15:03:45 | 000,143,606 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\My Documents\IMG_0003_82.jpg
[2010/02/23 15:03:44 | 000,159,508 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\My Documents\IMG_0001_87.jpg
[2010/02/23 15:03:44 | 000,134,107 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\My Documents\IMG_0002_82.jpg
[2010/02/22 13:40:51 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Picture It! 99.lnk
[2010/02/22 13:39:40 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/02/22 13:39:40 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/02/22 13:00:37 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP620 series User Registration.LNK
[2010/02/22 12:52:41 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My Printer.lnk
[2010/02/22 12:52:31 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2010/02/22 12:52:21 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Easy-PhotoPrint EX.lnk
[2010/02/22 12:50:50 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MP Navigator EX 2.0.lnk
[2010/02/22 12:49:18 | 000,117,850 | ---- | C] () -- C:\WINDOWS\System32\Cnmnput.chm
[2010/02/22 12:20:11 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\My Documents\On Feb 9th.doc
[2010/02/22 12:05:54 | 000,002,563 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\Desktop\Microsoft Excel.lnk
[2010/02/22 12:05:54 | 000,002,531 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\Desktop\Microsoft PowerPoint.lnk
[2010/02/22 12:05:54 | 000,002,483 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\Desktop\Microsoft Word.lnk
[2010/02/21 15:54:38 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/02/21 13:31:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/02/21 11:58:27 | 000,012,712 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\My Documents\adapter.jpg
[2010/02/13 22:25:27 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/02/13 22:24:48 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/13 21:49:23 | 000,001,499 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\Desktop\DivX Movies.lnk
[2010/02/10 19:39:26 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\Local Settings\Application Data\fusioncache.dat
[2010/02/10 19:39:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\Local Settings\Application Data\DSwitch.txt
[2010/02/10 19:39:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\Local Settings\Application Data\AtStart.txt
[2010/02/10 19:39:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\Local Settings\Application Data\QSwitch.txt
[2010/02/10 17:47:24 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\home.PC963621594284\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/31 18:15:32 | 000,056,880 | ---- | C] () -- C:\WINDOWS\System32\scvideo.dll
[2009/11/27 00:03:35 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/01/14 18:47:06 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/09/13 10:12:20 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/13 10:09:15 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/13 09:49:20 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/09/13 09:29:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/13 08:09:12 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/09/13 08:09:01 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/09/13 08:09:01 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/09/13 08:09:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/09/13 08:08:59 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/09/13 08:08:59 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/29 15:18:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 14:49:18 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/29 14:46:56 | 000,005,068 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 14:43:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/04 03:07:34 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/02 14:08:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/10/15 19:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2001/01/22 04:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ATHPRXY(3).DLL
[2001/01/22 04:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ATHPRXY(2).DLL
[color=#E56717]========== LOP Check ==========[/color]
[2010/01/09 10:31:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/01/06 13:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2009/12/31 11:24:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/02/22 13:00:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2010/03/01 14:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2010/01/07 12:22:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/02/22 13:01:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2009/12/03 23:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/11/19 18:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyHeritage
[2010/02/02 20:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/12/13 21:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\page
[2009/11/27 00:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/01/10 19:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/11 14:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2010/03/09 13:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/03/13 09:24:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/10 11:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home.PC963621594284\Application Data\Leadertech
[2010/03/03 22:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home.PC963621594284\Application Data\LimeWire
[2010/02/21 07:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home.PC963621594284\Application Data\MSNInstaller
[2010/02/25 14:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home.PC963621594284\Application Data\SanDisk
[2010/02/11 14:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home.PC963621594284\Application Data\ScreenCapturePrint
[2010/02/11 14:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home.PC963621594284\Application Data\Toolbar4
[2010/03/09 13:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home.PC963621594284\Application Data\WildTangent
[2010/02/11 05:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home.PC963621594284\Application Data\Windows Desktop Search
[2010/02/13 22:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home.PC963621594284\Application Data\Windows Search
[2010/03/13 14:08:48 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/03/14 05:55:51 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/03/14 06:22:00 | 000,000,244 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/03/14 06:26:00 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2006/03/15 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2010/01/31 17:59:30 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys
[2006/03/16 00:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/01/31 17:59:30 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/01/31 17:59:30 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 10:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2006/03/15 16:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2010/01/31 17:59:30 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2006/03/16 00:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/01/31 17:59:30 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/01/31 17:59:30 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 09:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 09:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/03/16 00:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[color=#A23BEC]< MD5 for: IASTOR.SYS >[/color]
[2005/10/13 05:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\SWSetup\HDD\iastor.sys
[2005/10/13 05:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys
[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2006/03/16 00:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[color=#A23BEC]< MD5 for: NVATA.SYS >[/color]
[2006/01/27 11:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chip\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 11:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chip\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 11:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chip\nvata.sys
[2006/01/27 11:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\chip\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 11:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\chip\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 11:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\chip\nvata.sys
[2006/01/27 11:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 11:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 11:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\nvata.sys
[2006/01/27 11:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nvata.sys
[color=#A23BEC]< MD5 for: NVATABUS.SYS >[/color]
[2006/01/27 11:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chip\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 11:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chip\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/27 11:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chip\nvatabus.sys
[2006/01/27 11:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\chip\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 11:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\chip\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/27 11:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\chip\nvatabus.sys
[2006/01/27 11:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 11:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/27 11:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\nvatabus.sys
[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2006/03/16 00:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2010/01/05 06:00:20 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/01/05 06:00:21 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/01/05 06:00:28 | 000,671,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstime.dll
[117 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[2006/01/27 11:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nvata.sys
[2 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2006/06/29 06:59:22 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/06/29 06:59:22 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/06/29 06:59:22 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
< End of report >
|
|
|
|
|
Associate Member
Group: Forum Members
Last Login: 8/5/2008 3:45 AM
Posts: 365,
Visits: 490
|
|
| i can't get the last one on here it seems too big. i think it is the GMER scan result. How can i send it??
|
|
|
|
|
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 33,730,
Visits: 54,734
|
|
* Launch OTL again.
* Copy ALL the text in the code box below to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:OTL
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKCU..\Run: [TOY5KNQ8OC] C:\DOCUME~1\HOME~1.PC9\LOCALS~1\Temp\Pvx.exe File not found
O4 - HKCU..\Run: [WEK9EMDHI9] C:\WINDOWS\Ppuvoa.exe File not found
[2010/02/21 14:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home.PC963621594284\My Documents\LimeWire
[2010/03/14 06:26:00 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/03/14 06:22:00 | 000,000,244 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/03/03 22:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home.PC963621594284\Application Data\LimeWire
:Files
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
:Services
:Reg
:Commands
[Purity]
[EmptyTemp]
[resethosts]
[CLEARALLRESTOREPOINTS]
[Reboot]
* Return to OTL, right click in the "Custom Scans/Fixes" window (under the light blue bar) and choose Paste.
* Then click the Run Fix button at the top.
* After reboot a log will open,copy and paste the entire contents of that log into your next reply.
Please download Malwarebytes Anti-Malware from Here or Here.
Double Click mbam-setup.exe to install the application.
(If using Windows Vista/Windows 7,be sure to "Run As Administrator").
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan",then click "Scan".
* Make sure ALL partitions/hard drives are selected in the opening box,then click "Start Scan".
* The scan will certainly take some time to finish so please be patient.
* When the scan is complete, click OK, then click Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and paste the entire report into your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Also post a new Hijackthis log,let me know how your pc is running now.
_______________________________________________________________
ASAP & UNITE member since 2006
|
|
|
|
|
Associate Member
Group: Forum Members
Last Login: 8/5/2008 3:45 AM
Posts: 365,
Visits: 490
|
|
| i think i made zip file of it to try to send to you but how can i send it?
|
|
|
|
|
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 33,730,
Visits: 54,734
|
|
Forget the GMER log for now,carry on with my last instructions above if you will.
_______________________________________________________________
ASAP & UNITE member since 2006
|
|
|
|
|
Associate Member
Group: Forum Members
Last Login: 8/5/2008 3:45 AM
Posts: 365,
Visits: 490
|
|
| i am trying to get the malware scan done . when i downloaded it and went to get altest updates it wouldn't do it so i started scan anyway. is there a way to delete C:\Documents and Settings\All Users\application data\wild tangent\my hp game console\Ul\htdocs\common\product ...etc? the games file isn't in computer and the scan is bogged down on these. any idea?
|
|
|
|
© 2009 Advanced PC Media LLC, all rights reserved. Tweaks.com is not affiliated with Microsoft.