I'm having a umdmgr.exe problem [Closed], Help! |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
|
|
|
  |
 Sep 13 2009, 10:52 AM
Post
#1
|
|
 Member  Posts: 15 OS: Windows XP  |
Help me remove it, it's messing with my computer!
|
 |
 
|
|
Sep 13 2009, 12:27 PM
Post
#2
|
|
 Trusted Helper  Posts: 3,488 From: Sweden OS: Windows XP SP3 |
Please Click here!, and follow the recommendations in the guide.
Someone will be along to tell you what steps to take after you post the contents of the scan results. |
|
|
|
|
Sep 15 2009, 06:21 AM
Post
#3
|
|
|
Member Posts: 15 OS: Windows XP |
Hi, sorry I've taken so long, but I've done it and the computer is still running pretty slow.
MBAM Log Malwarebytes' Anti-Malware 1.41 Database version: 2794 Windows 5.1.2600 Service Pack 3 14/09/2009 9:37:48 PM mbam-log-2009-09-14 (21-37-47).txt Scan type: Quick Scan Objects scanned: 107987 Time elapsed: 9 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 6 Registry Data Items Infected: 0 Folders Infected: 3 Files Infected: 16 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Generic.Bot.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-12sf-n85p (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg914-k641-26sf-n32p (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\{7419c3ed-0af4-3081-0224-04122702003d} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-24sf-n85p (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advanced DHTML Enable (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851 (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe (Generic.Bot.H) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ustart.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\.Nate\Local Settings\Temp\471.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\.Nate\Local Settings\Temporary Internet Files\Content.IE5\EX12XV8X\pr3xy[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Franz Krogh\Application Data\Sskknwrd.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Lenore\Application Data\Sskknwrd.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1859\ls888.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Documents and Settings\.Nate\Local Settings\Temp\611.exe (Trojan.Agent) -> Quarantined and deleted successfully. Root Repeal Log ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/09/15 21:30 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF6E2C000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF9E5F000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xF2875000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\Documents and Settings\.Nate\Local Settings\Application Data\Microsoft\Messenger\abusementpark@hotmail.com\SharingMetadata\korn__krazy@msn.com\DFSR\Staging\CS{38E552A7-AD8B-D6BA-B5E4-E74B901E2D51}\02\102-{1~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\.Nate\Local Settings\Application Data\Microsoft\Messenger\abusementpark@hotmail.com\SharingMetadata\korn__krazy@msn.com\DFSR\Staging\CS{38E552A7-AD8B-D6BA-B5E4-E74B901E2D51}\03\25-{1454F5E2-447B-44AF-84D8-AB9EA8C31DBA}-v103-{3B1F62FF-A69F-4542-99CD-CCAA3ACB6A0F}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\.Nate\Local Settings\Application Data\Microsoft\Messenger\abusementpark@hotmail.com\SharingMetadata\korn__krazy@msn.com\DFSR\Staging\CS{38E552A7-AD8B-D6BA-B5E4-E74B901E2D51}\04\35-{1454F5E2-447B-44AF-84D8-AB9EA8C31DBA}-v104-{3B1F62FF-A69F-4542-99CD-CCAA3ACB6A0F}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\.Nate\Local Settings\Application Data\Microsoft\Messenger\abusementpark@hotmail.com\SharingMetadata\korn__krazy@msn.com\DFSR\Staging\CS{38E552A7-AD8B-D6BA-B5E4-E74B901E2D51}\05\46-{1454F5E2-447B-44AF-84D8-AB9EA8C31DBA}-v105-{3B1F62FF-A69F-4542-99CD-CCAA3ACB6A0F}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\.Nate\Local Settings\Application Data\Microsoft\Messenger\abusementpark@hotmail.com\SharingMetadata\korn__krazy@msn.com\DFSR\Staging\CS{38E552A7-AD8B-D6BA-B5E4-E74B901E2D51}\06\68-{1454F5E2-447B-44AF-84D8-AB9EA8C31DBA}-v106-{3B1F62FF-A69F-4542-99CD-CCAA3ACB6A0F}-v68-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\.Nate\Local Settings\Application Data\Microsoft\Messenger\abusementpark@hotmail.com\SharingMetadata\korn__krazy@msn.com\DFSR\Staging\CS{38E552A7-AD8B-D6BA-B5E4-E74B901E2D51}\07\80-{1454F5E2-447B-44AF-84D8-AB9EA8C31DBA}-v107-{3B1F62FF-A69F-4542-99CD-CCAA3ACB6A0F}-v80-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\.Nate\Local Settings\Application Data\Microsoft\Messenger\abusementpark@hotmail.com\SharingMetadata\korn__krazy@msn.com\DFSR\Staging\CS{38E552A7-AD8B-D6BA-B5E4-E74B901E2D51}\08\82-{1454F5E2-447B-44AF-84D8-AB9EA8C31DBA}-v108-{3B1F62FF-A69F-4542-99CD-CCAA3ACB6A0F}-v82-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\.Nate\Local Settings\Application Data\Microsoft\Messenger\abusementpark@hotmail.com\SharingMetadata\korn__krazy@msn.com\DFSR\Staging\CS{38E552A7-AD8B-D6BA-B5E4-E74B901E2D51}\09\94-{1454F5E2-447B-44AF-84D8-AB9EA8C31DBA}-v109-{3B1F62FF-A69F-4542-99CD-CCAA3ACB6A0F}-v94-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\.Nate\Local Settings\Application Data\Microsoft\Messenger\abusementpark@hotmail.com\SharingMetadata\korn__krazy@msn.com\DFSR\Staging\CS{38E552A7-AD8B-D6BA-B5E4-E74B901E2D51}\10\95-{1454F5E2-447B-44AF-84D8-AB9EA8C31DBA}-v110-{3B1F62FF-A69F-4542-99CD-CCAA3ACB6A0F}-v95-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\.Nate\Local Settings\Application Data\Microsoft\Messenger\abusementpark@hotmail.com\SharingMetadata\korn__krazy@msn.com\DFSR\Staging\CS{38E552A7-AD8B-D6BA-B5E4-E74B901E2D51}\11\111-{1~2.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\.Nate\Local Settings\Application Data\Microsoft\Messenger\abusementpark@hotmail.com\SharingMetadata\royzoslipknot@hotmail.com\DFSR\Staging\CS{BC5B4C7F-289D-DE2A-48BB-92348B10DC9A}\08\108-{3B1F62FF-A69F-4542-99CD-CCAA3ACB6A0F}-v108-{3B1F62FF-A69F-4542-99CD-CCAA3ACB6A0F}-v108-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. ==EOF== OTL Log OTL logfile created on: 15/09/2009 9:45:40 PM - Run 1 OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\.Nate\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 238.73 Mb Total Physical Memory | 96.65 Mb Available Physical Memory | 40.48% Memory free 585.81 Mb Paging File | 296.99 Mb Available in Paging File | 50.70% Paging File free Paging file location(s): C:\pagefile.sys 360 720 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.30 Gb Total Space | 14.05 Gb Free Space | 37.66% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OPTIMA-159D8KQM Current User Name: .Nate Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2008/07/02 02:48:35 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe PRC - [2008/04/14 10:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2009/09/14 22:06:17 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2009/03/09 04:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2007/01/05 07:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2009/09/14 22:06:30 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2009/09/14 22:06:30 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe PRC - [2005/08/25 19:47:52 | 00,065,536 | ---- | M] () -- C:\Program Files\D-Link\DSL-200\dslagent.exe PRC - [2009/03/09 04:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/09/14 22:06:21 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe PRC - [2007/12/30 03:12:07 | 00,290,112 | ---- | M] () -- C:\Program Files\DNA\btdna.exe PRC - [2009/09/15 03:04:58 | 00,189,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskmgr.exe PRC - [2009/09/15 21:23:22 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\.Nate\Desktop\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2008/07/02 02:48:35 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running]) SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2009/09/14 22:06:17 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running]) SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2009/09/15 04:10:46 | 00,286,208 | ---- | M] () -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin [On_Demand | Stopped]) SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2009/02/06 17:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped]) SRV - [2008/04/14 10:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) SRV - [2009/03/09 04:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2009/09/15 21:01:45 | 00,360,448 | ---- | M] () -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Stopped]) SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2002/11/27 21:30:30 | 00,065,536 | R--- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped]) SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running]) SRV - [2009/06/02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped]) SRV - [2007/01/05 07:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running]) SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dodo.com.au/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dodo.com.au/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AOL Search" FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.5 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 FF - prefs.js..extensions.enabledItems: {69D30031-F4A8-452a-A5B3-5D6787C3C5CF}:3.4 FF - prefs.js..keyword.URL: "http://search.aol.com/aolcom/search?invocationType=TB50TRFFab&query=" FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/06 21:29:46 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/05 03:14:26 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/08/26 01:48:37 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/09/14 22:06:16 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/11 06:55:04 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/11 06:55:04 | 00,000,000 | ---D | M] [2008/08/30 15:48:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\mozilla\Extensions [2008/08/30 15:48:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/09/15 03:15:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\mozilla\Firefox\Profiles\ulojlwbq.default\extensions [2009/05/30 03:31:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\mozilla\Firefox\Profiles\ulojlwbq.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C} [2009/07/12 02:37:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\mozilla\Firefox\Profiles\ulojlwbq.default\extensions\{69D30031-F4A8-452a-A5B3-5D6787C3C5CF} [2008/10/17 13:45:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\mozilla\Firefox\Profiles\ulojlwbq.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66} [2009/08/18 02:56:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\mozilla\Firefox\Profiles\ulojlwbq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/06/04 23:51:39 | 00,001,595 | ---- | M] () -- C:\Documents and Settings\.Nate\Application Data\Mozilla\FireFox\Profiles\ulojlwbq.default\searchplugins\amazondotcom.xml [2009/07/06 16:47:41 | 00,002,260 | ---- | M] () -- C:\Documents and Settings\.Nate\Application Data\Mozilla\FireFox\Profiles\ulojlwbq.default\searchplugins\buffyverse-wiki-en.xml [2009/01/04 03:25:46 | 00,002,255 | ---- | M] () -- C:\Documents and Settings\.Nate\Application Data\Mozilla\FireFox\Profiles\ulojlwbq.default\searchplugins\dexter-wiki-en.xml [2009/09/09 22:31:16 | 00,001,148 | ---- | M] () -- C:\Documents and Settings\.Nate\Application Data\Mozilla\FireFox\Profiles\ulojlwbq.default\searchplugins\dictionarycom.xml [2009/09/09 22:31:17 | 00,002,818 | ---- | M] () -- C:\Documents and Settings\.Nate\Application Data\Mozilla\FireFox\Profiles\ulojlwbq.default\searchplugins\ebay-australia.xml [2009/06/04 23:51:43 | 00,001,595 | ---- | M] () -- C:\Documents and Settings\.Nate\Application Data\Mozilla\FireFox\Profiles\ulojlwbq.default\searchplugins\ebay.xml [2009/08/02 22:17:09 | 00,002,756 | ---- | M] () -- C:\Documents and Settings\.Nate\Application Data\Mozilla\FireFox\Profiles\ulojlwbq.default\searchplugins\ebaycomau.xml [2009/01/04 03:24:08 | 00,002,136 | ---- | M] () -- C:\Documents and Settings\.Nate\Application Data\Mozilla\FireFox\Profiles\ulojlwbq.default\searchplugins\fatwreckwiki-en.xml [2009/07/10 00:52:19 | 00,002,285 | ---- | M] () -- C:\Documents and Settings\.Nate\Application Data\Mozilla\FireFox\Profiles\ulojlwbq.default\searchplugins\ghostbusters-wiki-en.xml [2009/09/09 22:31:16 | 00,002,871 | ---- | M] () -- C:\Documents and Settings\.Nate\Application Data\Mozilla\FireFox\Profiles\ulojlwbq.default\searchplugins\google-images.xml [2008/06/20 03:22:44 | 00,000,908 | ---- | M] () -- C:\Documents and Settings\.Nate\Application Data\Mozilla\FireFox\Profiles\ulojlwbq.default\searchplugins\imdb.xml [2009/01/10 04:55:35 | 00,002,299 | ---- | M] () -- C:\Documents and Settings\.Nate\Application Data\Mozilla\FireFox\Profiles\ulojlwbq.default\searchplugins\lastfm.xml [2009/05/03 00:00:37 | 00,001,812 | ---- | M] () -- C:\Documents and Settings\.Nate\Application Data\Mozilla\FireFox\Profiles\ulojlwbq.default\searchplugins\marvel-universe.xml [2009/01/04 03:29:37 | 00,002,258 | ---- | M] () -- C:\Documents and Settings\.Nate\Application Data\Mozilla\FireFox\Profiles\ulojlwbq.default\searchplugins\muppet-wiki-en.xml [2009/09/09 22:31:17 | 00,001,094 | ---- | M] () -- C:\Documents and Settings\.Nate\Application Data\Mozilla\FireFox\Profiles\ulojlwbq.default\searchplugins\thesauruscom.xml [2009/04/02 01:20:27 | 00,002,006 | ---- | M] () -- C:\Documents and Settings\.Nate\Application Data\Mozilla\FireFox\Profiles\ulojlwbq.default\searchplugins\urban-dictionary.xml [2008/06/20 03:22:47 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\.Nate\Application Data\Mozilla\FireFox\Profiles\ulojlwbq.default\searchplugins\wikipedia-en.xml [2009/01/04 03:27:02 | 00,002,603 | ---- | M] () -- C:\Documents and Settings\.Nate\Application Data\Mozilla\FireFox\Profiles\ulojlwbq.default\searchplugins\wookieepedia-en.xml [2009/09/09 22:31:17 | 00,002,443 | ---- | M] () -- C:\Documents and Settings\.Nate\Application Data\Mozilla\FireFox\Profiles\ulojlwbq.default\searchplugins\youtube---videos.xml [2009/09/15 06:57:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009/09/11 06:55:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/05/07 17:29:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2008/07/11 19:36:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009/03/06 21:30:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009/04/01 14:42:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/09/11 06:54:36 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/09/11 06:54:36 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009/02/25 05:34:32 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll [2008/09/04 10:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll [2005/02/07 18:04:00 | 00,135,680 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npcsau7.dll [2009/03/09 04:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009/02/25 05:34:14 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll [2009/02/25 05:34:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009/02/06 11:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009/09/11 06:54:48 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2008/10/14 20:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009/05/09 02:59:29 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/05/09 02:59:29 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/05/09 02:59:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/05/09 02:59:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/05/09 02:59:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/05/09 02:59:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/05/09 02:59:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2007/04/17 03:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll [2009/02/25 05:34:32 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll [2009/09/11 06:54:51 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/09/11 06:54:51 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/09/11 06:54:51 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/09/11 06:54:51 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/09/11 06:54:51 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/09/11 06:54:51 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml O1 HOSTS File: (20512 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 kaaaak.com O1 - Hosts: 127.0.0.1 saha.lebanonbt.info O1 - Hosts: 127.0.0.1 lebanonbt.info O1 - Hosts: 127.0.0.1 scorti1.dns2go.com O1 - Hosts: 127.0.0.1 dns2go.com O1 - Hosts: 127.0.0.1 hail.dns2go.com O1 - Hosts: 127.0.0.1 scorti1.dns2go.com O1 - Hosts: 127.0.0.1 sa1.ircqforum.com O1 - Hosts: 127.0.0.1 sa2.ircqforum.com O1 - Hosts: 127.0.0.1 liveupdatesnet.com O1 - Hosts: 127.0.0.1 www.liveupdatesnet.com O1 - Hosts: 127.0.0.1 theinstalls.com O1 - Hosts: 127.0.0.1 www.theinstalls.com O1 - Hosts: 127.0.0.1 primetrafficsite.com O1 - Hosts: 127.0.0.1 www.primetrafficsite.com O1 - Hosts: 127.0.0.1 gallery-fotolog.net O1 - Hosts: 127.0.0.1 ascnet.rr.nu O1 - Hosts: 127.0.0.1 www.hi5photos.org O1 - Hosts: 127.0.0.1 hi5photos.org O1 - Hosts: 127.0.0.1 www.facebookn.net O1 - Hosts: 127.0.0.1 facebookn.net O1 - Hosts: 127.0.0.1 hi5-photos.com O1 - Hosts: 127.0.0.1 www.freewebtown.com O1 - Hosts: 127.0.0.1 fwt.txdnl.com O1 - Hosts: 600 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Advanced DHTML Enable] C:\Documents and Settings\.Nate\Local Settings\Temp\135.exe () O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe () O4 - HKLM..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe () O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MsConfig] C:\WINDOWS\system.win File not found O4 - HKLM..\Run: [msnappau] C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-au\msnappau.exe File not found O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WindowsVersion] C:\WINDOWS\boot.win File not found O4 - HKCU..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe File not found O4 - HKCU..\Run: [12CFG214-K641-24SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1859\ls888.exe () O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe () O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\.Nate\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation) O4 - HKCU..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe File not found O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMesse...pDownloader.cab (MsnMessengerSetupDownloadControl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-0209309566-2041881153-911090213-3021\winvcs.exe) - C:\RECYCLER\S-1-5-21-0209309566-2041881153-911090213-3021\winvcs.exe File not found O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe () O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/30 09:38:26 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{14e5bf58-6c5c-11dd-bcf4-00195b300101}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O33 - MountPoints2\{14e5bf58-6c5c-11dd-bcf4-00195b300101}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O33 - MountPoints2\{237b41b3-2d5f-11dd-bbd9-00195b300101}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O33 - MountPoints2\{237b41b3-2d5f-11dd-bbd9-00195b300101}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O33 - MountPoints2\{609df791-6c7a-11de-802e-00195b300101}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O33 - MountPoints2\{609df791-6c7a-11de-802e-00195b300101}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O33 - MountPoints2\{905a2302-4f8f-11de-bfea-00195b300101}\Shell\AutoRun\command - "" = E:\backup.exe -- File not found O33 - MountPoints2\{cfe36c2c-754d-11db-b5ea-000ea69aa889}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O33 - MountPoints2\{cfe36c2c-754d-11db-b5ea-000ea69aa889}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O33 - MountPoints2\{ddb35019-a111-11db-b68e-000ea69aa889}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O33 - MountPoints2\{ddb35019-a111-11db-b68e-000ea69aa889}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () NetSvcs: 6to4 - Service key not found. File not found NetSvcs: Ias - Service key not found. File not found NetSvcs: Iprip - Service key not found. File not found NetSvcs: Irmon - Service key not found. File not found NetSvcs: NWCWorkstation - Service key not found. File not found NetSvcs: Nwsapagent - Service key not found. File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - Service key not found. File not found NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) ========== Files/Folders - Created Within 14 Days ========== [2009/09/15 21:28:21 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\.Nate\Desktop\settings.dat [2009/09/15 21:23:14 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\.Nate\Desktop\OTL.exe [2009/09/15 21:22:42 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\.Nate\Desktop\RootRepeal.exe [2009/09/15 21:04:54 | 00,245,248 | ---- | C] () -- C:\WINDOWS\System32\accwiz.exe [2009/09/15 21:01:50 | 00,576,000 | ---- | C] () -- C:\WINDOWS\System32\logonui.exe [2009/09/15 21:01:47 | 00,114,176 | ---- | C] () -- C:\WINDOWS\soundman.exe [2009/09/15 21:01:44 | 00,360,448 | ---- | C] () -- C:\WINDOWS\System32\LEXBCES.EXE [2009/09/15 21:01:19 | 00,105,984 | ---- | C] () -- C:\WINDOWS\System32\ssmypics.scr [2009/09/15 04:10:57 | 00,160,256 | ---- | C] () -- C:\WINDOWS\System32\ahui.exe [2009/09/15 04:10:54 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\blastcln.exe [2009/09/15 04:10:51 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\clipbrd.exe [2009/09/15 04:10:49 | 00,147,968 | ---- | C] () -- C:\WINDOWS\System32\diantz.exe [2009/09/15 04:10:46 | 00,286,208 | ---- | C] () -- C:\WINDOWS\System32\dmadmin.exe [2009/09/15 04:10:40 | 00,306,176 | ---- | C] () -- C:\WINDOWS\System32\drmupgds.exe [2009/09/15 03:06:05 | 00,207,872 | ---- | C] () -- C:\WINDOWS\regedit.exe [2009/09/14 22:13:58 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$ [2009/09/14 22:09:13 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2009/09/14 22:09:12 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2009/09/14 22:08:53 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2009/09/14 22:08:47 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2009/09/14 22:08:04 | 41,078,052 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009/09/14 22:08:00 | 00,103,874 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009/09/14 22:07:56 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2009/09/14 22:07:50 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg [2009/09/14 22:07:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg [2009/09/14 22:06:15 | 00,000,000 | ---D | C] -- C:\Program Files\AVG [2009/09/14 22:06:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8 [2009/09/14 21:51:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\.Nate\Application Data\AVG8 [2009/09/14 21:22:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\.Nate\Application Data\Malwarebytes [2009/09/14 21:21:48 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/09/14 21:21:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/09/14 21:21:45 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/09/14 21:21:45 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/09/14 21:18:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/09/14 21:17:56 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/09/14 03:01:04 | 00,000,000 | ---D | C] -- C:\221a283271f3c7c5aa9103 [2009/09/14 02:30:27 | 00,040,964 | ---- | C] () -- C:\WINDOWS\System32\wshost32.exe [2009/09/13 05:07:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\.Nate\Desktop\TEENAGE BOTTLEROCK - THEY CAME FROM THE SHADOWS -2009 [2009/09/12 03:03:51 | 00,000,000 | ---D | C] -- C:\177dd0ef4edbade229ceb36d92dbc329 [2009/09/10 03:29:11 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2009/09/10 03:03:12 | 00,000,000 | ---D | C] -- C:\dd51ee7ee21f491bfc8e6c94e3c3 [2009/09/09 03:02:56 | 00,000,000 | ---D | C] -- C:\a2d67676cace0523e83de3 [2009/09/08 02:27:56 | 00,000,000 | ---D | C] -- C:\Program Files\xerox [2009/09/08 02:27:49 | 25,040,0768 | -HS- | C] () -- C:\hiberfil.sys [2009/09/08 02:21:43 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2009/09/02 03:12:10 | 00,000,000 | ---D | C] -- C:\f919fb1ef721a859ee7c ========== Files - Modified Within 14 Days ========== [2009/09/15 22:00:00 | 00,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\AEFC76AC918FE6D8.job [2009/09/15 21:56:37 | 00,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-315829805-7297031-3228322386-1008UA.job [2009/09/15 21:28:21 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\.Nate\Desktop\settings.dat [2009/09/15 21:23:22 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\.Nate\Desktop\OTL.exe [2009/09/15 21:22:46 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\.Nate\Desktop\RootRepeal.exe [2009/09/15 21:04:54 | 00,245,248 | ---- | M] () -- C:\WINDOWS\System32\accwiz.exe [2009/09/15 21:01:50 | 00,576,000 | ---- | M] () -- C:\WINDOWS\System32\logonui.exe [2009/09/15 21:01:47 | 00,114,176 | ---- | M] () -- C:\WINDOWS\soundman.exe [2009/09/15 21:01:45 | 00,360,448 | ---- | M] () -- C:\WINDOWS\System32\LEXBCES.EXE [2009/09/15 21:01:19 | 00,105,984 | ---- | M] () -- C:\WINDOWS\System32\ssmypics.scr [2009/09/15 20:55:19 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/09/15 20:52:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/09/15 20:51:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/09/15 20:51:15 | 25,040,0768 | -HS- | M] () -- C:\hiberfil.sys [2009/09/15 04:10:57 | 00,160,256 | ---- | M] () -- C:\WINDOWS\System32\ahui.exe [2009/09/15 04:10:54 | 00,130,048 | ---- | M] () -- C:\WINDOWS\System32\blastcln.exe [2009/09/15 04:10:52 | 00,155,136 | ---- | M] () -- C:\WINDOWS\System32\clipbrd.exe [2009/09/15 04:10:49 | 00,147,968 | ---- | M] () -- C:\WINDOWS\System32\diantz.exe [2009/09/15 04:10:46 | 00,286,208 | ---- | M] () -- C:\WINDOWS\System32\dmadmin.exe [2009/09/15 04:10:40 | 00,306,176 | ---- | M] () -- C:\WINDOWS\System32\drmupgds.exe [2009/09/15 03:06:05 | 00,207,872 | ---- | M] () -- C:\WINDOWS\regedit.exe [2009/09/14 22:09:13 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2009/09/14 22:09:12 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2009/09/14 22:08:53 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2009/09/14 22:08:47 | 41,078,052 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009/09/14 22:08:47 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2009/09/14 22:08:04 | 00,103,874 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009/09/14 22:08:00 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2009/09/14 22:07:56 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg [2009/09/14 02:30:28 | 00,040,964 | ---- | M] () -- C:\WINDOWS\System32\wshost32.exe [2009/09/11 00:27:38 | 00,020,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/09/10 15:56:03 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-315829805-7297031-3228322386-1008Core.job [2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/09/10 03:29:11 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI [2009/09/10 03:12:50 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/09/08 05:38:31 | 00,019,672 | ---- | M] () -- C:\WINDOWS\System32\drivers\hosts [2009/09/04 21:43:40 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\.Nate\Application Data\bcrypt.html [2009/09/01 22:58:10 | 00,002,286 | ---- | M] () -- C:\Documents and Settings\.Nate\Desktop\Google Chrome.lnk ========== LOP Check ========== [2009/09/14 21:51:25 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\.Nate\Application Data [2008/01/12 16:20:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\.ABC [2006/12/31 18:34:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\Ahead [2008/02/02 15:37:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\AutoTransfer [2009/09/08 23:49:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\BitTorrent [2008/09/06 14:55:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\Cakewalk [2007/03/12 04:22:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\DataLayer [2009/05/28 05:23:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\Digsby [2009/09/15 21:55:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\DNA [2009/04/08 01:21:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\Download Manager [2007/03/09 06:43:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\Leadertech [2009/08/26 02:27:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\Nokia [2006/11/16 18:43:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\OLYMPUS [2009/08/26 02:05:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\PC Suite [2008/06/09 06:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\QQ Games Plugin [2007/05/01 05:08:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\Screenshot Sender [2007/12/19 02:06:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\SecondLife [2009/08/26 01:15:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\Sony [2009/04/14 00:57:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\.Nate\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1 [2009/09/14 22:06:14 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2009/05/28 05:23:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digsby [2009/08/26 01:47:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2009/09/14 22:52:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\find camp once dart [2009/04/08 02:47:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet [2009/08/26 01:30:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations [2008/07/16 07:26:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm [2005/10/26 03:15:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus! [2005/09/06 13:10:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6 [2009/08/26 02:25:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic [2008/05/29 19:08:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2009/09/14 23:07:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SaveRectSignStyle [2008/06/09 06:09:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/09/15 22:00:00 | 00,000,256 | -H-- | M] () -- C:\WINDOWS\Tasks\AEFC76AC918FE6D8.job [2009/04/30 17:27:39 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2001/08/18 22:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/09/10 15:56:03 | 00,000,926 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-315829805-7297031-3228322386-1008Core.job [2009/09/15 21:56:37 | 00,000,978 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-315829805-7297031-3228322386-1008UA.job [2009/09/15 20:52:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %systemroot%\system32\eventlog.dll > [2008/04/14 10:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll < %systemroot%\system32\scecli.dll > [2008/04/14 10:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll < %systemroot%\netlogon.dll > < %systemroot%\system32\cngaudit.dll > < %systemroot%\system32\sceclt.dll > < %systemroot%\ntelogon.dll > < %systemroot%\system32\logevent.dll > < End of report > Extras Log OTL Extras logfile created on: 15/09/2009 9:45:40 PM - Run 1 OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\.Nate\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 238.73 Mb Total Physical Memory | 96.65 Mb Available Physical Memory | 40.48% Memory free 585.81 Mb Paging File | 296.99 Mb Available in Paging File | 50.70% Paging File free Paging file location(s): C:\pagefile.sys 360 720 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.30 Gb Total Space | 14.05 Gb Free Space | 37.66% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OPTIMA-159D8KQM Current User Name: .Nate Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe () .reg [@ = regfile] -- C:\WINDOWS\regedit.exe () [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome () htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 () htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* File not found regfile [open] -- regedit.exe "%1" () regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\ccapp.exe" = %windir%\system32\ccapp.exe:*:Enabled:System Process -- File not found "D:\Life\life.exe" = D:\Life\life.exe:*:Enabled:The Game Of Life -- File not found "C:\Program Files\Hasbro Interactive\Clue\Clue.exe" = C:\Program Files\Hasbro Interactive\Clue\Clue.exe:*:Enabled:Clue -- File not found "C:\MAGIX\mm2005_deLuxe\musicmaker.exe" = C:\MAGIX\mm2005_deLuxe\musicmaker.exe:*:Enabled:MAGIX music maker 2005 -- (MAGIX Computer Products Int. Corp.) "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found "C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- File not found "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "C:\Program Files\Last.fm\LastFM.exe" = C:\Program Files\Last.fm\LastFM.exe:*:Enabled:LastFM -- (Last.fm) "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- File not found "C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- File not found "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\Documents and Settings\.Nate\Desktop\Nes Emulator & Games\NESTCL95.EXE" = C:\Documents and Settings\.Nate\Desktop\Nes Emulator & Games\NESTCL95.EXE:*:Disabled:NESTCL95 -- File not found "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found "C:\Program Files\LucasArts\SWKotOR2\swupdate.exe" = C:\Program Files\LucasArts\SWKotOR2\swupdate.exe:*:Enabled:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program -- File not found "C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- () "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Program Files\ABC\abc.exe" = C:\Program Files\ABC\abc.exe:*:Enabled:abc -- () "C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- File not found "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.) "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\IceChat7\IceChat7.exe" = C:\Program Files\IceChat7\IceChat7.exe:*:Enabled:Internet Relay Chat Client -- File not found "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation) "C:\Documents and Settings\.Nate\Local Settings\Temp\002.exe" = C:\Documents and Settings\.Nate\Local Settings\Temp\002.exe:*:Disabled:002 -- File not found "C:\Documents and Settings\.Nate\Local Settings\Temp\052.exe" = C:\Documents and Settings\.Nate\Local Settings\Temp\052.exe:*:Disabled:052 -- File not found "C:\Documents and Settings\.Nate\Local Settings\Temp\797.exe" = C:\Documents and Settings\.Nate\Local Settings\Temp\797.exe:*:Disabled:797 -- File not found "C:\Documents and Settings\.Nate\Local Settings\Temp\621.exe" = C:\Documents and Settings\.Nate\Local Settings\Temp\621.exe:*:Disabled:621 -- File not found "C:\Documents and Settings\.Nate\Local Settings\Temp\925.exe" = C:\Documents and Settings\.Nate\Local Settings\Temp\925.exe:*:Disabled:925 -- File not found "C:\Documents and Settings\Lenore\Local Settings\Temp\322.exe" = C:\Documents and Settings\Lenore\Local Settings\Temp\322.exe:*:Disabled:322 -- File not found "C:\Documents and Settings\.Nate\Local Settings\Temp\587.exe" = C:\Documents and Settings\.Nate\Local Settings\Temp\587.exe:*:Disabled:587 -- File not found "C:\Documents and Settings\.Nate\Local Settings\Temp\812.exe" = C:\Documents and Settings\.Nate\Local Settings\Temp\812.exe:*:Disabled:812 -- File not found "C:\Documents and Settings\Lenore\Local Settings\Temp\436.exe" = C:\Documents and Settings\Lenore\Local Settings\Temp\436.exe:*:Disabled:436 -- File not found "C:\Documents and Settings\.Nate\Local Settings\Temp\887.exe" = C:\Documents and Settings\.Nate\Local Settings\Temp\887.exe:*:Disabled:887 -- File not found "C:\Documents and Settings\.Nate\Local Settings\Temp\839.exe" = C:\Documents and Settings\.Nate\Local Settings\Temp\839.exe:*:Disabled:839 -- File not found "C:\Documents and Settings\.Nate\Local Settings\Temp\688.exe" = C:\Documents and Settings\.Nate\Local Settings\Temp\688.exe:*:Disabled:688 -- File not found "C:\Documents and Settings\.Nate\Local Settings\Temp\419.exe" = C:\Documents and Settings\.Nate\Local Settings\Temp\419.exe:*:Disabled:419 -- File not found "C:\Documents and Settings\Lenore\Local Settings\Temp\827.exe" = C:\Documents and Settings\Lenore\Local Settings\Temp\827.exe:*:Disabled:827 -- File not found "C:\Documents and Settings\.Nate\Local Settings\Temp\781.exe" = C:\Documents and Settings\.Nate\Local Settings\Temp\781.exe:*:Disabled:781 -- File not found "C:\Documents and Settings\.Nate\Local Settings\Temp\323.exe" = C:\Documents and Settings\.Nate\Local Settings\Temp\323.exe:*:Disabled:323 -- File not found "C:\Documents and Settings\.Nate\Local Settings\Temp\325.exe" = C:\Documents and Settings\.Nate\Local Settings\Temp\325.exe:*:Disabled:325 -- File not found "C:\Documents and Settings\.Nate\Local Settings\Temp\870.exe" = C:\Documents and Settings\.Nate\Local Settings\Temp\870.exe:*:Disabled:870 -- File not found "C:\Documents and Settings\.Nate\Local Settings\Temp\366.exe" = C:\Documents and Settings\.Nate\Local Settings\Temp\366.exe:*:Disabled:366 -- File not found "C:\Documents and Settings\.Nate\Local Settings\Temp\693.exe" = C:\Documents and Settings\.Nate\Local Settings\Temp\693.exe:*:Disabled:693 -- File not found "C:\Documents and Settings\.Nate\Local Settings\Temp\759.exe" = C:\Documents and Settings\.Nate\Local Settings\Temp\759.exe:*:Disabled:759 -- File not found "C:\Documents and Settings\.Nate\Local Settings\Temp\394.exe" = C:\Documents and Settings\.Nate\Local Settings\Temp\394.exe:*:Disabled:394 -- File not found "C:\Documents and Settings\.Nate\Local Settings\Temp\101.exe" = C:\Documents and Settings\.Nate\Local Settings\Temp\101.exe:*:Disabled:101 -- File not found "C:\Documents and Settings\.Nate\Local Settings\Temp\611.exe" = C:\Documents and Settings\.Nate\Local Settings\Temp\611.exe:*:Disabled:611 -- File not found "C:\Documents and Settings\.Nate\Local Settings\Temp\873.exe" = C:\Documents and Settings\.Nate\Local Settings\Temp\873.exe:*:Disabled:873 -- () "C:\Documents and Settings\.Nate\Local Settings\Temp\525.exe" = C:\Documents and Settings\.Nate\Local Settings\Temp\525.exe:*:Disabled:525 -- () "C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.) "C:\Documents and Settings\.Nate\Local Settings\Temp\135.exe" = C:\Documents and Settings\.Nate\Local Settings\Temp\135.exe:*:Disabled:135 -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger "{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13 "{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7 "{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery "{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update "{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6 "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer "{6EB6C056-02BB-453E-8448-EC90B9794180}" = Nokia Multimedia Common Components 2.4 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002 "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar "{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4 "{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works "{BCC46C36-9460-409C-BF33-589445B0A0F1}" = MYOB Accounting Plus v13 TE "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{C9C13822-A638-4331-99A3-4498A5901693}" = Media Go "{CAC99409-A2EF-11D6-ACCE-0050BA8A3BB1}" = MYOB AssetManager Pro v3 Test Drive "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E5505D86-C833-4370-9EAB-ACB4A1D68944}" = MYOB Accounting Plus v16 ED "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{f1990716-8ee0-4c3e-8ebd-84026f3a09d5}" = DFX for Windows Media Player "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "ABC" = ABC (remove only) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4 "AVG8Uninstall" = AVG Free 8.5 "CodInstl" = Intel A/V Codecs V2.0 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Digsby" = Digsby "DirectXMediaRuntime" = DirectX Media Runtime 5.1 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "D-Link DSL-200 ADSL Modem" = D-Link DSL-200 ADSL Modem "E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem (06/01/2009 4.1) "ERUNT_is1" = ERUNT 1.1j "Eureka's 3D Chess Master" = Eureka's 3D Chess Master "F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3) "HijackThis" = HijackThis 1.99.1 "InstallShield_{BCC46C36-9460-409C-BF33-589445B0A0F1}" = MYOB Accounting Plus v13 TE "IpWins" = IpWins "LastFM_is1" = Last.fm 1.5.4.24567 "Lexmark Z600 Series" = Lexmark Z600 Series "MAGIX music maker 2005 deLuxe" = MAGIX music maker 2005 deLuxe "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Nero - Burning Rom!UninstallKey" = Ahead Nero OEM "Nokia PC Suite" = Nokia PC Suite "S3Display" = S3Display "S3Gamma2" = S3Gamma2 "S3Info2" = S3Info2 "S3Overlay" = S3Overlay "Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 4.05 "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4 "ViewpointMediaPlayer" = Viewpoint Media Player "VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "winpcap-nmap" = winpcap-nmap 4.02 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Works2004Setup" = Microsoft Works 2004 Setup Launcher "Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent" = BitTorrent "BitTorrent DNA" = DNA "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 3/09/2009 8:09:48 AM | Computer Name = OPTIMA-159D8KQM | Source = Application Hang | ID = 1002 Description = Hanging application wshost32.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 7/09/2009 5:20:21 AM | Computer Name = OPTIMA-159D8KQM | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module ws2_32.dll, version 5.1.2600.5512, fault address 0x00006a55. Error - 7/09/2009 5:20:58 AM | Computer Name = OPTIMA-159D8KQM | Source = Application Error | ID = 1000 Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d. Error - 7/09/2009 12:28:45 PM | Computer Name = OPTIMA-159D8KQM | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module ws2_32.dll, version 5.1.2600.5512, fault address 0x00006a55. Error - 7/09/2009 12:30:29 PM | Computer Name = OPTIMA-159D8KQM | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x71ab6a55. Error - 10/09/2009 8:56:20 AM | Computer Name = OPTIMA-159D8KQM | Source = Google Update | ID = 20 Description = Error - 12/09/2009 10:18:43 AM | Computer Name = OPTIMA-159D8KQM | Source = Application Error | ID = 1000 Description = Faulting application wlcomm.exe, version 14.0.8064.206, faulting module unknown, version 0.0.0.0, fault address 0x032f49b1. Error - 14/09/2009 11:56:15 AM | Computer Name = OPTIMA-159D8KQM | Source = Google Update | ID = 20 Description = Error - 14/09/2009 12:56:37 PM | Computer Name = OPTIMA-159D8KQM | Source = Google Update | ID = 20 Description = Error - 15/09/2009 6:56:23 AM | Computer Name = OPTIMA-159D8KQM | Source = Google Update | ID = 20 Description = [ System Events ] Error - 15/09/2009 7:07:40 AM | Computer Name = OPTIMA-159D8KQM | Source = DCOM | ID = 10000 Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding Error - 15/09/2009 7:07:41 AM | Computer Name = OPTIMA-159D8KQM | Source = DCOM | ID = 10000 Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding Error - 15/09/2009 7:07:42 AM | Computer Name = OPTIMA-159D8KQM | Source = DCOM | ID = 10000 Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding Error - 15/09/2009 7:07:43 AM | Computer Name = OPTIMA-159D8KQM | Source = DCOM | ID = 10000 Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding Error - 15/09/2009 7:07:44 AM | Computer Name = OPTIMA-159D8KQM | Source = DCOM | ID = 10000 Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding Error - 15/09/2009 7:07:45 AM | Computer Name = OPTIMA-159D8KQM | Source = DCOM | ID = 10000 Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding Error - 15/09/2009 7:07:46 AM | Computer Name = OPTIMA-159D8KQM | Source = DCOM | ID = 10000 Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding Error - 15/09/2009 7:07:46 AM | Computer Name = OPTIMA-159D8KQM | Source = DCOM | ID = 10000 Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding Error - 15/09/2009 7:19:33 AM | Computer Name = OPTIMA-159D8KQM | Source = DCOM | ID = 10000 Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding Error - 15/09/2009 7:24:36 AM | Computer Name = OPTIMA-159D8KQM | Source = Service Control Manager | ID = 7034 Description = The Windows Installer service terminated unexpectedly. It has done this 1 time(s). < End of report > Any help is appreciated. |
|
|
|
|
Sep 19 2009, 06:41 AM
Post
#4
|
|
|
Trusted Helper Posts: 3,488 From: Sweden OS: Windows XP SP3 |
QUOTE Hi, sorry I've taken so long, but I've done it and the computer is still running pretty slow. That's OK. Let's move on then.Step 0. Filescan:
Step 1. Uninstall unwanted software: Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present): BitTorrent DNA Viewpoint Media Player Optional removals BitTorrent, DNA and P2P programs in general are legal themselves, but much of the content downloaded with them is downloaded illegally. They are also a great way to infect yourself with malware. It's up to you if you want to remove the above programs, however I recommend you do. Step 2. OTL-fix: Run OTL.exe
Step 3. OTL-scan:
Step 4. Lop S&D: Disable resident protections (Antivirus...); you'll re-enable them after the scan Download Lop S&D < here and save it to the desktop Double-click Lop S&D.exe Choose the language, then choose Option 1 (Search) Wait till the end of the scan Post the log which is created: (%SystemDrive%\lopR.txt) Step 5. Things I would like to see in your reply:
|
|
|
|
|
Sep 25 2009, 10:40 AM
Post
#5
|
|
|
Trusted Helper Posts: 3,488 From: Sweden OS: Windows XP SP3 |
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
6 / 353 | 10th June 2007 - 12:50 PM yoomi started - last by RiP |
|||||
 |
23 / 672 | 15th September 2008 - 07:02 AM jstchlln started - last by fenzodahl512 |
|||||
|
2 / 543 | 21st March 2009 - 11:49 AM abcsheree started - last by Rorschach112 |
|||||
|
 |
2 / 182 | 20th July 2009 - 09:54 AM Mr.steve99 started - last by rshaffer61 |
||||
|
Time is now: 20th November 2009 - 09:31 PM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising