Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Full Hard Drive [Solved]

Started by alicekmom , Jan 07 2010 05:00 PM

  • This topic is locked This topic is locked

#1
alicekmom
Posted 07 January 2010 - 05:00 PM

alicekmom

    Member

  • Member
  • PipPip
  • 73 posts
Hi and thanks in advance for your assistance. My hard drive shows as 55.8GB capacity and only has 13.8 GB open. Prior to my deleting all my pictures, and my documents files I had only about 2 gb open. I was getting error messages that rescue and recovery did not have enough space to perform operations. I have run all the steps in the malware lists and will posts the logs below. I tried posting all 4, but it says the post is too long so I will do it in separate steps. But I can't figure out what is filling 75% of the C drive.
Thanks,
Alice

MBAM
Malwarebytes' Anti-Malware 1.43
Database version: 3506
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/6/2010 9:19:40 PM
mbam-log-2010-01-06 (21-19-40).txt

Scan type: Quick Scan
Objects scanned: 116747
Time elapsed: 12 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Gamevance\ars.cfg (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gvun.exe (Adware.Gamevance) -> Quarantined and deleted successfully.

Edited by alicekmom, 07 January 2010 - 07:00 PM.

  • 0

Advertisements

#2
alicekmom
Posted 07 January 2010 - 05:01 PM

alicekmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
OTL log
OTL logfile created on: 1/7/2010 4:49:49 PM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 215.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 13.87 Gb Free Space | 24.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive R: | 99.72 Mb Total Space | 99.72 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: DAVID-0D9240577
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/07 15:17:39 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/11/24 18:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/07/13 13:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/07/13 13:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/01/24 20:49:57 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/01/24 20:49:57 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/06/24 13:34:50 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1163967597\EE\aolsoftware.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/03 20:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/02/04 11:02:14 | 00,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/19 15:21:05 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2006/10/23 14:04:42 | 00,001,536 | ---- | M] () -- c:\Program Files\Common Files\AOL\1163967597\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
PRC - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/09/13 02:23:00 | 00,237,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2006/07/25 10:19:40 | 00,094,208 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2006/07/14 18:20:38 | 00,817,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
PRC - [2006/07/14 18:13:14 | 02,341,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
PRC - [2006/07/14 18:05:32 | 00,503,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2006/07/14 18:05:24 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2006/07/14 18:01:00 | 01,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2006/07/14 17:42:22 | 00,723,712 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2006/07/14 17:36:00 | 00,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2006/07/14 17:24:52 | 00,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006/07/14 15:52:48 | 00,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2006/05/30 15:05:42 | 00,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/03/15 19:04:48 | 00,106,496 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2006/03/13 16:38:56 | 00,041,472 | R--- | M] (Utimaco Safeware AG) -- C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
PRC - [2006/02/14 14:17:28 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/02/14 14:16:28 | 00,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/11/11 01:33:00 | 00,073,782 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2005/07/05 14:57:12 | 00,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/06/20 12:15:00 | 00,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2005/06/06 21:26:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2005/05/25 21:56:48 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 15:54:12 | 00,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/10/14 09:11:10 | 01,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2003/10/29 03:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/08/06 16:08:00 | 00,086,016 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
PRC - [2002/10/08 22:28:42 | 00,040,960 | ---- | M] () -- C:\WINDOWS\system32\TpScrLk.exe
PRC - [2002/09/20 14:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/01/07 15:17:39 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2007/02/05 08:29:04 | 00,139,264 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll
MOD - [2006/07/14 18:20:50 | 00,613,120 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
MOD - [2006/02/14 14:17:12 | 00,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/07/13 13:02:50 | 00,542,496 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/01/24 20:49:57 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/04/13 19:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/18 18:06:27 | 00,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psasrv.exe -- (PsaSrv)
SRV - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/07/14 18:05:24 | 00,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2006/07/14 18:01:00 | 01,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2006/07/14 17:42:22 | 00,723,712 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2006/07/14 17:24:52 | 00,629,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006/07/14 15:52:48 | 00,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/11/11 01:33:00 | 00,073,782 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2005/06/20 12:15:00 | 00,077,824 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2005/06/06 21:26:22 | 00,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005/05/25 21:56:48 | 00,364,544 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2003/07/16 12:37:58 | 00,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/09/20 14:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1163967597\EE\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDService.exe] C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcopho...stcoActivia.cab (Snapfish Activia)
O16 - DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} http://www2.snapfish...ishActivia3.cab (Snapfish Activia3)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1163897060446 (WUWebControl Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgall..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.c...rt/IbmEgath.cab (IBM Access Support)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://200.36.58.250/activex/AMC.cab (AxisMediaControlEmb Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (tvt_gina.dll) - C:\WINDOWS\System32\tvt_gina.dll (Lenovo)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/18 16:44:49 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{219a3c92-416c-11de-ac02-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{219a3c92-416c-11de-ac02-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{219a3c92-416c-11de-ac02-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/11/18 16:44:14 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891947461378048)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/07 15:45:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/01/07 15:17:39 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/01/07 10:10:30 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/01/07 10:10:29 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/01/07 10:10:28 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/01/07 10:10:25 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2010/01/07 10:10:22 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/01/07 10:10:22 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/01/07 10:10:22 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/01/07 10:10:22 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/01/07 10:09:48 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/01/07 10:09:29 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/01/07 08:56:57 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\Administrator\Desktop\avast_home_setup.exe
[2010/01/06 21:39:33 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/06 21:39:33 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/06 21:39:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/06 21:39:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/06 20:56:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/01/06 20:56:47 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/06 20:56:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/06 20:56:44 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 20:56:44 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/06 20:25:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/06 20:22:24 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/06 20:14:54 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt_setup.exe
[2010/01/06 19:59:33 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/01/06 09:49:24 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2008/10/30 09:01:39 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2007/11/24 16:23:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/11/30 11:35:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2006/11/18 18:05:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Lenovo

========== Files - Modified Within 14 Days ==========

[2010/01/07 16:27:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/07 15:46:20 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/07 15:45:55 | 00,003,216 | ---- | M] () -- C:\WINDOWS\System32\encobject.dat
[2010/01/07 15:45:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/07 15:45:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/07 15:29:32 | 04,718,592 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/01/07 15:19:29 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010/01/07 15:17:39 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/01/07 10:12:49 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/01/07 10:10:31 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2010/01/07 10:10:22 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/01/07 08:57:05 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\Administrator\Desktop\avast_home_setup.exe
[2010/01/06 21:34:46 | 00,000,719 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/06 20:56:50 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/06 20:22:31 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/01/06 20:22:31 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/01/06 20:14:54 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt_setup.exe
[2010/01/06 20:01:43 | 10,485,7600 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\SecureDrive.vol
[2010/01/06 19:59:33 | 00,410,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/01/06 12:52:25 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/01/07 15:48:04 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2010/01/07 15:19:26 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010/01/07 10:10:31 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2010/01/07 10:09:48 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2010/01/06 20:56:50 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/06 20:22:31 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/01/06 20:22:31 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2008/10/30 10:30:54 | 00,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/12/30 15:01:08 | 00,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/05 21:36:34 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/27 15:36:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/11/19 20:26:00 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\AVSDVDPlayer.m3u
[2006/11/19 20:24:09 | 00,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2006/11/19 20:23:27 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/11/19 20:23:27 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/11/19 12:36:14 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/19 12:09:53 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/18 18:20:24 | 00,000,538 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini
[2006/11/18 18:14:25 | 00,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006/11/18 18:03:37 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2006/11/18 18:02:03 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2006/11/18 18:01:44 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2006/06/12 12:27:00 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2005/11/30 20:16:02 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2005/07/05 23:45:08 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2003/08/06 15:23:08 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2002/09/07 10:53:19 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\vttdrve.dll
[2002/01/25 13:13:32 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll

========== LOP Check ==========

[2008/10/16 08:18:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\JAM Software
[2006/11/19 11:23:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lenovo
[2006/11/21 12:32:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Musicmatch
[2008/10/30 10:30:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft
[2007/12/06 11:28:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Snapfish
[2006/11/18 18:20:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ThinkVantage
[2007/02/08 11:57:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Viewpoint
[2008/10/30 09:16:09 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2006/11/19 11:23:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2008/06/03 17:10:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2008/10/30 10:30:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/02/23 22:13:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/05/02 12:00:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/11/18 18:01:52 | 00,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/04/14 11:35:13 | 00,010,920 | ---- | M] () -- C:\aolconnfix.exe


< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 18:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >
  • 0

#3
alicekmom
Posted 07 January 2010 - 05:02 PM

alicekmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
EXTRAS
OTL Extras logfile created on: 1/7/2010 4:49:49 PM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 215.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 13.87 Gb Free Space | 24.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive R: | 99.72 Mb Total Space | 99.72 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: DAVID-0D9240577
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1163967597\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1163967597\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\1163967597\EE\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1163967597\EE\aolsoftware.exe:*:Enabled:AOL Services -- (AOL LLC)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Hy-Sport\SwMM2\SwimMM2.exe" = C:\Hy-Sport\SwMM2\SwimMM2.exe:*:Enabled:Swim Meet Manager -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{16906D21-0656-4F8B-9A01-C3D24B5401FC}" = Intel® PROSet for Wired Connections
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{48227AEB-DC8E-4A90-A274-0B4A39D699B1}" = Client Security Solution
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = ThinkVantage Active Protection System
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7726CF62-7B45-4E6D-9266-615346816BCA}" = Rescue and Recovery
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad UltraNav Wizard
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9EA84FDD-CCC0-47FD-A993-923165BEA47A}" = System Migration Assistant
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C15EF442-868C-4524-8935-851224E17392}" = MicroWorlds EX Web Player
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C7DD90E2-61F6-47F7-ADB3-8A61088F1F12}" = Sibelius Scorch (ActiveX Only)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF59708F-60F4-11D5-866A-00A0D2183227}" = On2 VP3 Video for Windows Codec
"{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5}" = Software Installer
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"AVS DVD Player_is1" = AVS DVD Player version 2.2
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"CAL" = Canon Camera Access Library
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon Camera WIA Driver PowerShot A40" = Canon PowerShot A40 WIA Driver
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MP470 series User Registration" = Canon MP470 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = ThinkPad Integrated 56K Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"CSCLIB" = Canon Camera Support Core Library
"ERUNT_is1" = ERUNT 1.1j
"Hy-Tek's MEET MANAGER 2.0 for Swimming" = Hy-Tek's MEET MANAGER 2.0 for Swimming
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MicroWorlds Web Player" = MicroWorlds Web Player
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Musicnotes Player_is1" = Musicnotes Player V1.23.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = ThinkPad Presentation Director
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TPKBDLED" = Scroll Lock Indicator Utility
"TreeSize Free_is1" = TreeSize Free V2.2.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/31/2009 4:04:10 PM | Computer Name = DAVID-0D9240577 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module tvtpwm_ie_com.dll, version 2.0.0.0, fault address 0x000074cc.

Error - 12/31/2009 4:04:16 PM | Computer Name = DAVID-0D9240577 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/2/2010 11:21:41 AM | Computer Name = DAVID-0D9240577 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/3/2010 2:40:47 PM | Computer Name = DAVID-0D9240577 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module tvtpwm_ie_com.dll, version 2.0.0.0, fault address 0x000074cc.

Error - 1/6/2010 1:16:51 PM | Computer Name = DAVID-0D9240577 | Source = Application Error | ID = 1000
Description = Faulting application R2R.exe, version 0.0.0.0, faulting module SMA5.dll,
version 0.0.0.0, fault address 0x0001237a.

Error - 1/6/2010 1:19:24 PM | Computer Name = DAVID-0D9240577 | Source = Application Error | ID = 1001
Description = Fault bucket 299593010.

Error - 1/6/2010 8:17:18 PM | Computer Name = DAVID-0D9240577 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/6/2010 8:17:35 PM | Computer Name = DAVID-0D9240577 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 1/6/2010 11:16:05 PM | Computer Name = DAVID-0D9240577 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 1/7/2010 4:50:04 PM | Computer Name = DAVID-0D9240577 | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, faulting module
gmer.exe, version 1.0.15.15281, fault address 0x0000c4b1.

[ System Events ]
Error - 1/6/2010 9:00:25 PM | Computer Name = DAVID-0D9240577 | Source = Service Control Manager | ID = 7034
Description = The IBM KCU Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/6/2010 9:00:25 PM | Computer Name = DAVID-0D9240577 | Source = Service Control Manager | ID = 7034
Description = The TVT Backup Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/6/2010 9:00:26 PM | Computer Name = DAVID-0D9240577 | Source = Service Control Manager | ID = 7034
Description = The TVT Scheduler service terminated unexpectedly. It has done this
1 time(s).

Error - 1/6/2010 9:00:26 PM | Computer Name = DAVID-0D9240577 | Source = Service Control Manager | ID = 7034
Description = The tvtnetwk service terminated unexpectedly. It has done this 1
time(s).

Error - 1/6/2010 9:00:26 PM | Computer Name = DAVID-0D9240577 | Source = Service Control Manager | ID = 7034
Description = The Viewpoint Manager Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 1/6/2010 9:00:35 PM | Computer Name = DAVID-0D9240577 | Source = Service Control Manager | ID = 7034
Description = The Canon Camera Access Library 8 service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/6/2010 9:00:38 PM | Computer Name = DAVID-0D9240577 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 1/6/2010 10:23:21 PM | Computer Name = DAVID-0D9240577 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 1/6/2010 10:23:21 PM | Computer Name = DAVID-0D9240577 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 1/7/2010 4:48:32 PM | Computer Name = DAVID-0D9240577 | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 fa75e00b, parameter2 00000000, parameter3
b638af60, parameter4 00000000.


< End of report >
  • 0

#4
Cruise475
Posted 11 January 2010 - 04:45 AM

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Greetings, alicekmom. Welcome to GeeksToGo. My name is Cruise475 and I am here to help you with your malware troubles.

Before we get started, I would like to mention a few things :)
  • There may be some delays between my posts to you. I am still in training, so every response must be checked with a resident expert before I can give them to you!
  • Please follow my instructions step by step, if something does not work, or you get confused just ask for clarification :)
  • Please do not attach any logs unless I specifically ask for it, it makes it easier for us to check your logs! Just post them right into the topic. If it requires more than one post, feel free to spread them over multiple posts!
  • While we are working together, please do not run any tools without being directed to do so. Running some of our tools unsupervised can be very dangerous!
  • Lastly, You may find it beneficial to print my instructions, or save them to a text file. As some of my instructions may require you to reboot into safe mode :)

I will need a fresh look at your system and what are your current symptoms

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.


Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • Reg - Shell Spawning
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
  • Under custom scans copy and paste the following:
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    CREATERESTOREPOINT
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

In your next reply, I would like to see the OTS Log as well as the new GMER Log :)

Thanks
Cruise
  • 0

#5
alicekmom
Posted 11 January 2010 - 09:11 AM

alicekmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Cruise - thanks for your help. OTS log attached.
Alice

Attached Files

  • Attached File  OTS.Txt   139.97KB   177 downloads

  • 0

#6
alicekmom
Posted 11 January 2010 - 10:28 AM

alicekmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
I am trying to add the attachment with the gmer log that i have saved on my desktop and getting a message that says that type of attachment is not allowed. Looks the same to me as the others - notepad. I tried to copy and paste and it says it's too long. It is 1.77 MB. I can email it to you directly if you want or let me know what to do.
Thanks,
Alice

Edited by alicekmom, 11 January 2010 - 10:30 AM.

  • 0

#7
Cruise475
Posted 11 January 2010 - 12:36 PM

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hi alicekmom,

You can zip it up, and try to attach it that way, that should compress it enough to be able to put it on the board. If that fails you can either upload it to http://www.mediafire.com/ or just use a few posts to get everything copied in. Which ever you would like to do :)

Thanks
Cruise
  • 0

#8
alicekmom
Posted 11 January 2010 - 01:33 PM

alicekmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
http://www.mediafire...1yjm/result.log
  • 0

#9
Cruise475
Posted 11 January 2010 - 02:29 PM

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hi alicekmom,

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2025429265-1935655697-854245398-500\] > -> HKEY_USERS\S-1-5-21-2025429265-1935655697-854245398-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> objects_aol.com [*] -> Out of zone range - ( 5 )
[Purity]
[Empty Temp Folders]
[CreateRestorePoint]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Next, Please download and run Winstatdir

When the little pacmen have finished investigating the drive you will be presented with a visual image of your folders
Select the folder using the most space by clickin the little + sign alongside it
Locate the folder that is using the most space
If there is a + alongside that then click it to dig deeper
Highlight the offending folder and press Ctrl + C this will copy the path to your clipboard
Then right click the folder and select open
This will then open explorer to that folder.. Do you recognise it ?

Then open note pad and select paste... Post the file path in your next reply plus the size. If possible a screenshot would also help

Thanks
Cruise
  • 0

#10
alicekmom
Posted 11 January 2010 - 03:58 PM

alicekmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
All Processes Killed
[Registry - Safe List]
Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\objects_aol.com\ not found.
[Purity]
Purity scan complete.
[Empty Temp Folders]


User: Administrator
->Temp folder emptied: 46489627 bytes
->Temporary Internet Files folder emptied: 65284922 bytes
->Java cache emptied: 187489 bytes

User: All Users

User: David
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 509763 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82403 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3814 bytes

Total Files Cleaned = 107.00 mb

Restore point Set: OTS Restore Point (64424509440)
< End of fix log >
OTS by OldTimer - Version 3.1.17.0 fix logfile created on 01112010_163807

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_17c.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

Advertisements

#11
alicekmom
Posted 11 January 2010 - 04:30 PM

alicekmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
http://www.mediafire.../i/?yimuwmoe0n2
http://www.mediafire.../i/?z5gmjitjnyz

There's nothing that looks unusual when I ran this. The C drive is showing a total of 10.4 GB being used. However the other screenshot I took for you is showing that the C drive has a 55.8GB capacity and only has 13.8 GB remaining open. This number previously has been as small as 2-3 GB. I recently emptied all my documents, pictures, and videos in an effort to clear up space. Looks to me like something is hiding in there!
Thanks,
Alice
  • 0

#12
Cruise475
Posted 12 January 2010 - 01:19 PM

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hi alicekmom,

Download and install the MSI Cleanup utility

This will create a new folder in program files

Then click start > run and type or copy/paste in the following

"C:\Program Files\Windows Installer Clean Up\msizap" G!

and as the name suggests it will zap the unneeded msp files that are not registered

Information about the problem can be found Here

Let me know how that goes :)

Thanks
Cruise
  • 0

#13
alicekmom
Posted 12 January 2010 - 02:08 PM

alicekmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Cruise,
I did that but don't see any difference on my hard drive space. Do I need to send you some kind of log?
  • 0

#14
Cruise475
Posted 12 January 2010 - 02:41 PM

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hello alicekmom,

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Thanks
Cruise
  • 0

#15
alicekmom
Posted 12 January 2010 - 03:13 PM

alicekmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
http://www.mediafire.../i/?xmz3dmtwdwq

http://www.mediafire.../i/?tygtynkzqd2

I am confused on what I am supposed to be running or downloading with the Java. I think I got rid of the old versions. Can you look at these screenshots and tell me what to choose?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP