Win.32.BHO.FLV [RESOLVED], Please help d = |
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
  |
 Oct 6 2008, 09:58 PM
Post
#1
|
|
|
New Member  Posts: 7 OS: xp  |
Please help me, I will be eternally grateful, thank you! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:49:34, on 10/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WINXML2 Class - {314A5833-8490-4a3b-904A-110444F25E50} - C:\WINDOWS\winxml2a.dll (file missing) O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.37.0\HostIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.37.0\HostIE.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.37.0\Weather.exe" -auto O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Wireless-B PCI Adapter Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- End of file - 8259 bytes |
 |
 
|
|
Oct 7 2008, 04:21 AM
Post
#2
|
|
 Trusted Helper  Posts: 822 From: Sweden OS: Windows XP SP3 |
Hello xtina !
Welcome to the site!  My nickname is heir and I'll be helping clean up your computer.  I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me.Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
Please read my posts completely before following the instructions. It may be easier for you if you copy and paste a post to a new text document or print it for reference later. This is required when you won't have access to Internet. |
|
|
|
|
Oct 7 2008, 09:40 AM
Post
#3
|
|
|
Trusted Helper Posts: 822 From: Sweden OS: Windows XP SP3 |
Hello again xtina!
Let's start cleaning. Step 1. Uninstall unwanted/unneeded software: Please go to Start > Control Panel > Add/Remove Programs and remove the following: BitComet uTorrent Optional removal: BitComet, uTorrent and P2P programs in general are legal themselves, but much of the content downloaded with them is downloaded illegally. They are also a great way to infect yourself with malware. It's up to you if you want to remove the above programs, however I recommend you do. Step 2. Run a BFU-script: Download and unzip BFUzip from http://www.merijn.org/files/bfu.zip Run the program and click the Web button as shown here:  Use this URL to copy into the address bar of the Download script window: http://metallica.geekstogo.com/MediaGateway.BFU Make sure all IE windows are closed. Execute the script by clicking the Execute button. If you have any questions about the use of BFU please read here: http://metallica.geekstogo.com/BFUinstructions.html Step 3. Scan with OTListIt: Download OTListIt to your desktop.
Step 4. Things I want to see in your reply:
|
|
|
|
|
Oct 7 2008, 12:37 PM
Post
#4
|
|
|
New Member Posts: 7 OS: xp |
Hi, thank you so much for your help!
I uninstalled Utorrent and I don't think I have Bitcommet installed. I also ran the BFU script. Here is the OTListIt log; OTListIt logfile created on: 10/7/2008 12:31:41 PM - Run OTListIt by OldTimer - Version 1.0.7.0 Folder = C:\Documents and Settings\Christina\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 767.48 Mb Total Physical Memory | 455.16 Mb Available Physical Memory | 59.31% Memory free 1.83 Gb Paging File | 1.55 Gb Available in Paging File | 84.91% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 84.29 Gb Free Space | 36.19% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ADMIN Current User Name: Christina Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days ========== Processes ========== [2007/05/30 06:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2008/07/29 20:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe [2007/08/08 09:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008/04/07 21:45:10 | 00,241,734 | R--- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2004/05/12 16:18:56 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2008/03/31 14:39:51 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008/07/29 20:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008/04/19 15:33:13 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007/08/03 12:51:06 | 00,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007/08/03 12:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007/08/03 12:51:18 | 01,422,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2004/05/28 23:31:38 | 00,241,664 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003/07/31 23:29:22 | 04,638,720 | ---- | M] (The Linksys Group, Inc.) -- C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe [2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe [2008/09/10 13:18:50 | 00,081,408 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Christina\Desktop\BFU.exe [2008/10/07 12:30:46 | 00,416,768 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christina\Desktop\OTListIt.exe ========== (O23) Win32 Services ========== [2007/05/30 06:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard [Auto | Running]) [2008/07/29 20:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP [Auto | Running]) [2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) [2008/07/22 09:25:35 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped]) [2008/01/22 23:07:38 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped]) [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) [2006/12/14 02:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped]) [2007/08/08 09:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running]) [2003/07/29 14:41:42 | 00,458,752 | ---- | M] () -- C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe -- (NICSer_WMP11 [Auto | Stopped]) [2007/08/03 12:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running]) [2006/12/14 01:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped]) [2004/03/18 17:55:48 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped]) [2008/04/07 21:45:10 | 00,241,734 | R--- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running]) [2006/12/14 02:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped]) [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services ========== [2004/08/04 01:05:44 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [System | Running]) [2007/05/30 06:10:42 | 00,011,000 | ---- | M] () -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver [System | Running]) [2007/05/30 06:10:42 | 00,010,872 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln [System | Running]) [2004/12/16 13:36:30 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FETND5BV [On_Demand | Running]) [2001/08/17 06:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Stopped]) [2004/06/21 11:40:48 | 00,051,088 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412 [On_Demand | Stopped]) [2004/06/21 11:40:48 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped]) [2004/06/21 11:40:48 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped]) [2003/07/10 11:09:56 | 00,096,256 | ---- | M] (The Linksys Group, Inc.) -- C:\WINDOWS\system32\drivers\LSIPNDS.sys -- (IPN2120 [On_Demand | Running]) [2008/07/21 18:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running]) [2008/01/29 18:29:38 | 00,032,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running]) [2008/03/13 19:02:46 | 00,026,640 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klfltdev.sys -- (KLFLTDEV [On_Demand | Running]) [2008/10/06 14:08:34 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running]) [2008/04/30 18:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5 [On_Demand | Running]) File not found -- C:\WINDOWS\System32\Drivers\neokdss.sys -- (neokdss [On_Demand | Stopped]) [2004/08/03 16:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running]) [2000/10/15 18:38:54 | 00,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Running]) [2008/05/10 20:16:28 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Running]) [2001/08/23 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2008/07/09 05:05:48 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running]) [2008/03/14 00:04:29 | 00,046,652 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running]) [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2007/12/04 16:44:00 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped]) [2004/05/24 14:11:08 | 00,141,696 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\viaudios.sys -- (VIAudio [On_Demand | Running]) [2001/08/23 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped]) ========== Internet Explorer ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (WINXML2 Class) - {314A5833-8490-4a3b-904A-110444F25E50} - C:\WINDOWS\winxml2a.dll File not found O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Zango) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.37.0\HostIE.dll (Zango, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Zango) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.37.0\HostIE.dll (Zango, Inc.) O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKCU\..\Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.37.0\HostIE.dll (Zango, Inc.) O4 - HKLM..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized (GRISOFT s.r.o.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" (Kaspersky Lab) O4 - HKLM..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company) O4 - HKLM..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" (Hewlett-Packard) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.) O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" () O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (Nero AG) O4 - HKCU..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray File not found O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation) O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.37.0\Weather.exe" -auto (Zango, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-B PCI Adapter Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe (The Linksys Group, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab) O9 - Extra Button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - Reg Error: Key does not exist or could not be opened. File not found O9 - Extra Button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - Reg Error: Key does not exist or could not be opened. File not found O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O18 - Protocol\Handler: - cetihpz - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler: - ipp - No CLSID value found O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp - No CLSID value found O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - See sections below for AppInitDlls and Winlogon settings ========== AppInit_DLLs ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_Dlls" = C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll >[2008/07/29 20:22:08 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll >[2008/07/29 20:22:12 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll >[2008/07/29 20:20:58 | 00,083,208 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll >[2008/07/29 20:21:40 | 00,011,016 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll ========== Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] klogon: "DllName" = C:\WINDOWS\system32\klogon.dll -- C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) ========== Shell Execute Hooks ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" (HKLM) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.) ========== Safeboot Options ========== "AlternateShell" = cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [ | SET PATH=%PATH%;C:\ViaVoice\Bin | ] [2008/03/20 22:52:09 | 00,000,033 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] ========== Files/Folders - Created Within 30 Days ========== [5 C:\WINDOWS\System32\*.tmp files] [2008/10/07 12:31:26 | 00,416,768 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Christina\Desktop\OTListIt.exe [2008/10/07 12:29:16 | 00,081,408 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Christina\Desktop\BFU.exe [2008/10/06 21:39:06 | 80,483,5328 | -HS- | C] () -- C:\hiberfil.sys [2008/10/06 21:23:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christina\Desktop\SmitfraudFix [2008/10/06 18:31:00 | 00,003,528 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg [2008/10/06 18:29:20 | 00,088,576 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\AntiXPVSTFix.exe [2008/10/06 18:29:20 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe [2008/10/06 18:29:20 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe [2008/10/06 18:29:20 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe [2008/10/06 18:29:20 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe [2008/10/06 18:29:19 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe [2008/10/06 18:29:19 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe [2008/10/06 18:29:19 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe [2008/10/06 18:29:19 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe [2008/10/06 18:29:19 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe [2008/10/06 18:29:19 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe [2008/10/06 18:29:19 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe [2008/10/06 18:29:19 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe [2008/10/06 18:29:19 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe [2008/10/06 18:28:29 | 01,659,439 | ---- | C] () -- C:\Documents and Settings\Christina\Desktop\SmitfraudFix.exe [2008/10/06 14:09:52 | 00,096,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2008/10/06 14:09:52 | 00,087,855 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2008/10/06 14:08:53 | 04,978,208 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2008/10/06 14:08:53 | 00,434,208 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2008/10/06 14:08:53 | 00,039,972 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2008/10/06 14:08:53 | 00,002,564 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2008/10/06 14:08:53 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2008/10/06 14:08:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab [2008/10/06 14:08:34 | 00,213,008 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2008/10/05 18:51:47 | 00,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Get OpenOffice.org.lnk [2008/10/05 18:51:47 | 00,000,000 | ---D | C] -- C:\Program Files\Sun [2008/10/05 18:34:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2008/10/05 17:30:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christina\Desktop\movie cover pics [2008/10/04 21:47:48 | 02,050,055 | ---- | C] () -- C:\Documents and Settings\Christina\Desktop\P1080432.JPG [2008/10/04 11:31:47 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\Christina\Desktop\Guitar Pro 5.lnk [2008/10/04 11:30:25 | 00,000,000 | ---D | C] -- C:\Program Files\Guitar Pro 5 [2008/10/04 11:21:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christina\Desktop\website [2008/10/04 11:16:37 | 04,295,680 | ---- | C] () -- C:\Documents and Settings\Christina\Desktop\tshirtstuff.doc [2008/09/29 17:43:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christina\Desktop\copied photos [2008/09/29 17:36:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christina\Desktop\freeware photos [2008/09/29 17:08:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christina\Desktop\borders [2008/09/28 22:12:58 | 00,000,000 | ---D | C] -- C:\Program Files\Fisher [2008/09/28 21:18:46 | 00,000,411 | ---- | C] () -- C:\Documents and Settings\Christina\Desktop\Shortcut to Downloads.lnk [2008/09/28 19:20:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christina\Desktop\website design [2008/09/28 17:38:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christina\My Documents\New Heart of Palm [2008/09/28 10:18:14 | 00,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp37BD4.FOT [2008/09/28 10:12:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [2008/09/26 19:32:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christina\Desktop\lynda [2008/09/16 23:14:44 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Christina\My Documents\throwdown massage 2.doc [2008/09/14 20:06:27 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Christina\My Documents\throwdown massage.doc [2008/09/12 13:16:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak [2008/09/10 14:15:45 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Christina\Desktop\throwdown schedule.doc ========== Files - Modified Within 30 Days ========== [5 C:\WINDOWS\System32\*.tmp files] [47 C:\WINDOWS\*.tmp files] [2008/10/07 12:30:46 | 00,416,768 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christina\Desktop\OTListIt.exe [2008/10/07 12:23:16 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2008/10/07 12:21:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2008/10/07 12:21:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2008/10/07 12:21:39 | 80,483,5328 | -HS- | M] () -- C:\hiberfil.sys [2008/10/06 22:00:42 | 04,978,208 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2008/10/06 22:00:42 | 00,434,208 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2008/10/06 22:00:42 | 00,039,972 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2008/10/06 22:00:42 | 00,002,564 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2008/10/06 21:24:30 | 00,003,528 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg [2008/10/06 21:24:21 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2008/10/06 18:28:20 | 01,659,439 | ---- | M] () -- C:\Documents and Settings\Christina\Desktop\SmitfraudFix.exe [2008/10/06 17:58:19 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2008/10/06 17:58:18 | 00,089,088 | ---- | M] () -- C:\Documents and Settings\Christina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/10/06 14:30:17 | 00,096,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat [2008/10/06 14:09:52 | 00,087,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat [2008/10/06 14:08:34 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2008/10/05 18:56:42 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2008/10/05 18:51:47 | 00,000,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Get OpenOffice.org.lnk [2008/10/04 15:54:52 | 00,001,717 | ---- | M] () -- C:\WINDOWS\KA.ini [2008/10/04 13:54:33 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\{499663EE-202C-4468-874C-198A9E0BC058} [2008/10/04 11:44:28 | 03,107,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/10/04 11:32:42 | 00,528,016 | ---- | M] () -- C:\Documents and Settings\Christina\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2008/10/04 11:31:47 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\Christina\Desktop\Guitar Pro 5.lnk [2008/10/04 11:16:38 | 04,295,680 | ---- | M] () -- C:\Documents and Settings\Christina\Desktop\tshirtstuff.doc [2008/10/04 09:56:21 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Christina\Desktop\Microsoft Word.lnk [2008/10/01 15:51:40 | 00,087,552 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe [2008/09/28 21:18:46 | 00,000,411 | ---- | M] () -- C:\Documents and Settings\Christina\Desktop\Shortcut to Downloads.lnk [2008/09/28 11:11:42 | 00,197,976 | RH-- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid [2008/09/28 10:18:14 | 00,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp37BD4.FOT [2008/09/27 11:53:55 | 00,003,532 | ---- | M] () -- C:\drmHeader.bin [2008/09/21 15:14:37 | 00,020,992 | -HS- | M] () -- C:\Documents and Settings\Christina\Desktop\Thumbs.db @Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Christina\Desktop\Thumbs.db:encryptable [2008/09/20 17:20:55 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\Christina\Application Data\vso_ts_preview.xml [2008/09/19 12:26:48 | 00,082,944 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe [2008/09/19 12:26:48 | 00,082,944 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe [2008/09/16 23:14:44 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Christina\My Documents\throwdown massage 2.doc [2008/09/14 20:06:27 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Christina\My Documents\throwdown massage.doc [2008/09/14 14:33:40 | 03,740,554 | -H-- | M] () -- C:\Documents and Settings\Christina\Local Settings\Application Data\IconCache.db [2008/09/11 22:43:26 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Christina\Desktop\throwdown schedule.doc [2008/09/10 13:18:50 | 00,081,408 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Christina\Desktop\BFU.exe [2008/09/08 23:38:55 | 00,088,576 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\AntiXPVSTFix.exe < End of report > And the Extras log; OTListIt Extras logfile created on: 10/7/2008 12:31:41 PM - Run OTListIt by OldTimer - Version 1.0.7.0 Folder = C:\Documents and Settings\Christina\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 767.48 Mb Total Physical Memory | 455.16 Mb Available Physical Memory | 59.31% Memory free 1.83 Gb Paging File | 1.55 Gb Available in Paging File | 84.91% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 84.29 Gb Free Space | 36.19% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ADMIN Current User Name: Christina Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 "" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2004/10/13 10:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger [2008/01/31 21:07:25 | 02,334,720 | ---- | M] () -- C:\Program Files\Sony\Station\Launchpad\LaunchPad.exe:*:Enabled:LaunchPad [2008/01/22 09:43:30 | 02,334,720 | ---- | M] () -- C:\Program Files\Sony\Station\Launchpad\_aunchPad.exe:*:Enabled:_aunchPad [2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour File not found -- C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb File not found -- C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray File not found -- C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client [2008/04/28 18:49:06 | 05,948,712 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1 "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0 "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan "{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3 "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder "{2F71F2BA-B513-4113-969C-18A84D238E27}" = 1310 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7 "{33295076-A0D0-49B8-9EA0-A9AB3631CDC8}" = ArcSoft MediaConverter 2 "{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup "{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics "{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3 "{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload "{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{531BC138-F1F7-496B-879C-F039ECEF438D}" = Adobe Photoshop Lightroom 2 "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext "{5C6956F3-B586-4674-BCD0-CCF7EC1DF766}" = Wireless-B PCI Adapter WLAN Monitor "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3 "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.1 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{80413011-029C-4D6B-B3AD-725DDE60B81C}" = 1310Trb "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033}" = Nero 8 "{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{91A5B6C0-EF4E-4830-AC7D-6761C0A9B292}" = hp deskjet 3600 "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2 "{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup "{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX "{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp "{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3 "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E21658D0-8C83-4ADD-937B-6ED07F335ABA}" = 1310Tour "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E90BEB5B-CFA0-418E-9ABB-4C4A7B0D9483}" = 1310_Help "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler "{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm "{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3 "{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations "{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg "{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player Plugin "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3 "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3 "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2 "Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3 "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings "Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional "AVGAntiSpyware75" = AVG Anti-Spyware 7.5 "AVS DVDMenu Editor_is1" = AVS DVDMenu Editor 1.2.1.19 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2 "AVS4YOU Video Converter_is1" = AVS Video Converter 5.6 "Brainiversity1.0" = Brainiversity "Coupon Printer for Windows4.0" = Coupon Printer for Windows "DeleteProdRunControl_US" = IBM ViaVoice Command and Control Runtime 5.3 "Dress Shop Hop1.0" = Dress Shop Hop "DriverAgent" = DriverAgent Plugin for Netscape by TouchStone Software "Great Secrets Da Vinci1.0" = Great Secrets Da Vinci "Guitar Pro 5_is1" = Guitar Pro 5.0 "HijackThis" = HijackThis 2.0.2 "HP Photo & Imaging" = HP Image Zone 4.2 "HTMLExecutableIERuntimeSetup44" = HTML Executable IERuntime "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009 "JSARTIST" = JumpStart Artist "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (2.0.0.17)" = Mozilla Firefox (2.0.0.17) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English) "PeerGuardian_is1" = PeerGuardian 2.0 "PowerISO" = PowerISO "RealPlayer 6.0" = RealPlayer "SpywareBlaster_is1" = SpywareBlaster 4.0 "The Great Wall of Words1.0" = The Great Wall of Words "The Rosetta Stone" = The Rosetta Stone "VB Runtime" = VB Runtime "VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program "VLC media player" = VideoLAN VLC media player 0.8.6d "VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinRAR archiver" = WinRAR archiver "WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27) "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 9/28/2008 11:53:35 PM | Computer Name = ADMIN | Source = Application Hang | ID = 1002 Description = Hanging application PowerISO.exe, version 4.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 9/30/2008 4:42:57 PM | Computer Name = ADMIN | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 9/30/2008 5:38:56 PM | Computer Name = ADMIN | Source = Application Error | ID = 1000 Description = Faulting application pg2.exe, version 1.0.6.5, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea. Error - 10/3/2008 6:27:11 PM | Computer Name = ADMIN | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting module toolbar.dll, version 10.3.37.0, fault address 0x00069ba1. Error - 10/4/2008 11:50:06 AM | Computer Name = ADMIN | Source = Application Error | ID = 1000 Description = Faulting application WMP11Cfg.exe, version 1.0.5.109, faulting module kernel32.dll, version 5.1.2600.3119, fault address 0x0005a02f. Error - 10/4/2008 2:11:24 PM | Computer Name = ADMIN | Source = Application Hang | ID = 1002 Description = Hanging application GP5.exe, version 5.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 10/4/2008 2:11:25 PM | Computer Name = ADMIN | Source = Application Hang | ID = 1002 Description = Hanging application GP5.exe, version 5.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 10/4/2008 3:58:19 PM | Computer Name = ADMIN | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting module toolbar.dll, version 10.3.37.0, fault address 0x00069ba1. Error - 10/6/2008 4:04:56 PM | Computer Name = ADMIN | Source = MsiInstaller | ID = 1013 Description = Product: Kaspersky Internet Security 2009 -- You must restart your computer before proceeding with the installation. Error - 10/6/2008 10:35:06 PM | Computer Name = ADMIN | Source = Application Hang | ID = 1002 Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 10/6/2008 11:23:47 PM | Computer Name = ADMIN | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 10/6/2008 11:23:51 PM | Computer Name = ADMIN | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 10/6/2008 11:24:29 PM | Computer Name = ADMIN | Source = Service Control Manager | ID = 7001 Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: %%31 Error - 10/6/2008 11:24:29 PM | Computer Name = ADMIN | Source = Service Control Manager | ID = 7001 Description = The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: %%31 Error - 10/6/2008 11:24:29 PM | Computer Name = ADMIN | Source = Service Control Manager | ID = 7001 Description = The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Error - 10/6/2008 11:24:29 PM | Computer Name = ADMIN | Source = Service Control Manager | ID = 7001 Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 Error - 10/6/2008 11:24:29 PM | Computer Name = ADMIN | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AFD AmdK7 AVG Anti-Spyware Driver Fips IPSec kl1 klbg KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip Error - 10/6/2008 11:37:35 PM | Computer Name = ADMIN | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 10/6/2008 11:38:04 PM | Computer Name = ADMIN | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 10/6/2008 11:38:08 PM | Computer Name = ADMIN | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} < End of report > |
|
|
|
|
Oct 8 2008, 07:57 AM
Post
#5
|
|
|
Trusted Helper Posts: 822 From: Sweden OS: Windows XP SP3 |
Hello xtina. QUOTE Hi, thank you so much for your help! Thats what we're here for.  BTW, xtina looking at your name. Do you have any connections to Scandinavia? Do you recognize all files/shortcuts and folders with containing files on your desktop? If not let me know which? That didn't work lets try this instead. Step 1. HJT-fix: Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O2 - BHO: WINXML2 Class - {314A5833-8490-4a3b-904A-110444F25E50} - C:\WINDOWS\winxml2a.dll (file missing) O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.37.0\HostIE.dll O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.37.0\HostIE.dll O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.37.0\Weather.exe" -auto O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Step 2. uninstall unneeded software: Please go to Start > Control Panel > Add/Remove Programs and remove the following: Java™ 6 Update 3 Please note any other programs that you dont recognize in that list in your next response Step 3. Remove files with OTMoveIt2: Please download the OTMoveIt2 by OldTimer.
|