Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop is acting weird- hard drive problem?

Started by snegrisor , Apr 06 2009 02:14 PM

  • Please log in to reply

#1
snegrisor
Posted 06 April 2009 - 02:14 PM

snegrisor

    New Member

  • Member
  • Pip
  • 6 posts
Lately my laptop has been acting really weird. First it totally crashed and I had to reinstall the operating system- Vista. Now I get a strange error about imminent hard drive failure on D drive. The laptop is practically new- a yr old, manufactured by gateway and my warranty just expired. I've no idea what to do... Please help!

OTListIt2:
OTListIt logfile created on: 4/6/2009 4:19:54 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.12.0 Folder = C:\Users\senadoll\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.62 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 56.41% Memory free
3.49 Gb Paging File | 2.58 Gb Available in Paging File | 73.73% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37.57 Gb Total Space | 3.01 Gb Free Space | 8.01% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 183.79 Gb Free Space | 94.10% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SENADOLL-PC
Current User Name: senadoll
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Windows\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Windows\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe (Realtek)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Windows\system32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Kodak\AiO\center\KodakSvc.exe (Eastman Kodak Company)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Windows\system32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe (Eastman Kodak Company)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (Yahoo! Inc.)
PRC - C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe ()
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\HijackThis\HijackThis.exe (Trend Micro Inc.)
PRC - C:\Users\senadoll\Downloads\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (ACDaemon [Auto | Running]) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (AgereModemAudio [Auto | Running]) -- C:\Windows\system32\agrsmsvc.exe (Agere Systems)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Ati External Event Utility [Auto | Running]) -- C:\Windows\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Kodak AiO Network Discovery Service [Auto | Running]) -- C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe (Eastman Kodak Company)
SRV - (KodakSvc [Auto | Running]) -- C:\Program Files\Kodak\AiO\center\KodakSvc.exe (Eastman Kodak Company)
SRV - (Nero BackItUp Scheduler 4.0 [Auto | Stopped]) -- File not found
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\Windows\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt [Auto | Running]) -- C:\Windows\system32\DRIVERS\aswMonFlt.sys (ALWIL Software)
DRV - (aswRdr [System | Running]) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (atikmdag [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RTHDMIAzAudService [On_Demand | Running]) -- C:\Windows\system32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\Rtlh86.sys (Realtek Corporation )
DRV - (RTL8187B [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (RtNdPt60 [Auto | Running]) -- C:\Windows\system32\DRIVERS\RtNdPt60.sys (Windows ® Codename Longhorn DDK provider)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (UVCFTR [On_Demand | Running]) -- C:\Windows\System32\Drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.2
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.1.6
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.19.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/10 02:22:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2009/03/28 09:32:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugi[email protected]: C:\PROGRAM FILES\PAYPAL\PAYPAL PLUG-IN
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/28 11:14:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/01 15:16:43 | 00,000,000 | ---D | M]

[2009/02/10 20:30:22 | 00,000,000 | ---D | M] -- C:\Users\senadoll\AppData\Roaming\mozilla\Extensions
[2009/02/10 20:30:22 | 00,000,000 | ---D | M] -- C:\Users\senadoll\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/06 14:28:36 | 00,000,000 | ---D | M] -- C:\Users\senadoll\AppData\Roaming\mozilla\Firefox\Profiles\qrc87mmy.default\extensions
[2009/03/28 11:14:29 | 00,000,000 | ---D | M] -- C:\Users\senadoll\AppData\Roaming\mozilla\Firefox\Profiles\qrc87mmy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/06 14:28:27 | 00,000,000 | ---D | M] -- C:\Users\senadoll\AppData\Roaming\mozilla\Firefox\Profiles\qrc87mmy.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/04/06 14:28:26 | 00,000,000 | ---D | M] -- C:\Users\senadoll\AppData\Roaming\mozilla\Firefox\Profiles\qrc87mmy.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/03/08 09:40:27 | 00,000,000 | ---D | M] -- C:\Users\senadoll\AppData\Roaming\mozilla\Firefox\Profiles\qrc87mmy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/04/06 14:28:27 | 00,000,000 | ---D | M] -- C:\Users\senadoll\AppData\Roaming\mozilla\Firefox\Profiles\qrc87mmy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/03/27 07:44:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/28 11:14:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/08 11:16:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/13 19:52:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/27 07:44:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/28 11:14:01 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/28 11:14:01 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/08 04:22:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/08 04:22:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/08 04:22:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/08 04:22:00 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/08 04:22:00 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/08 04:22:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/08 04:22:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe File not found
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\autoexec.bat () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/04/06 15:39:23 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/04/06 15:03:37 | 00,000,553 | ---- | C] () -- C:\Windows\USetup.iss
[2009/04/06 15:00:56 | 00,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2009/04/06 15:00:18 | 00,000,000 | -H-D | C] -- C:\Program Files\Temp
[2009/04/06 14:32:54 | 00,000,982 | ---- | C] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2009/04/06 14:32:53 | 00,000,000 | ---D | C] -- C:\ProgramData\DriverScanner
[2009/04/06 14:32:52 | 00,000,000 | ---D | C] -- C:\Users\senadoll\AppData\Roaming\Uniblue
[2009/04/06 14:32:52 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2009/04/06 14:32:01 | 00,000,000 | -H-D | C] -- C:\ProgramData\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2009/04/06 13:50:33 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/04/03 13:55:28 | 00,000,000 | ---D | C] -- C:\Users\senadoll\AppData\Local\Kodak
[2009/04/03 07:49:07 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/04/03 07:48:10 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/03 07:48:00 | 00,000,000 | ---D | C] -- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/03 07:48:00 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/04/03 07:41:48 | 00,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2009/04/03 07:41:24 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2009/03/31 20:16:53 | 02,081,211 | -H-- | C] () -- C:\Users\senadoll\AppData\Local\IconCache.db
[2009/03/29 05:21:50 | 00,000,000 | ---D | C] -- C:\Program Files\PayPal
[2009/03/29 04:55:04 | 00,000,000 | ---D | C] -- C:\Users\senadoll\AppData\Roaming\LegalSounds
[2009/03/29 04:55:01 | 00,000,793 | ---- | C] () -- C:\Users\senadoll\Contacts\Desktop\LegalSounds Music Downloader.lnk
[2009/03/29 04:55:01 | 00,000,000 | ---D | C] -- C:\Program Files\LegalSounds
[2009/03/28 09:32:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/03/28 09:32:11 | 00,001,037 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2009/03/28 09:31:33 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/03/28 09:31:33 | 00,000,000 | ---D | C] -- C:\Program Files\Real
[2009/03/28 09:31:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2009/03/28 09:31:15 | 00,000,000 | ---D | C] -- C:\Users\senadoll\AppData\Roaming\Real
[2009/03/27 09:23:02 | 00,001,259 | ---- | C] () -- C:\Users\senadoll\Contacts\Desktop\PicsDDrive.lnk
[2009/03/27 09:17:55 | 00,000,000 | ---D | C] -- C:\Users\senadoll\AppData\Local\Nova Development
[2009/03/27 09:17:25 | 00,000,000 | ---D | C] -- C:\ProgramData\kds_kodak
[2009/03/27 09:16:11 | 00,000,000 | ---D | C] -- C:\Users\senadoll\AppData\Roaming\Ulead Systems
[2009/03/27 08:15:25 | 00,000,022 | ---- | C] () -- C:\Users\senadoll\AppData\Local\kodakpcd.ini
[2009/03/26 22:11:21 | 00,000,571 | ---- | C] () -- C:\Users\Public\Desktop\PhotoImpact Pro.lnk
[2009/03/26 22:11:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Ulead Systems
[2009/03/26 22:00:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2009/03/22 22:34:36 | 00,000,764 | ---- | C] () -- C:\Users\senadoll\Contacts\Desktop\Audacity.lnk
[2009/03/22 06:23:02 | 00,000,000 | ---D | C] -- C:\Users\senadoll\AppData\Roaming\Amazon
[2009/03/22 06:21:50 | 00,000,000 | ---D | C] -- C:\Program Files\Amazon
[2009/03/22 06:21:31 | 00,606,168 | ---- | C] () -- C:\Users\senadoll\Contacts\Desktop\AmazonMP3Installer.exe
[2009/03/21 16:52:46 | 00,000,000 | ---D | C] -- C:\Users\senadoll\AppData\Roaming\Serif
[2009/03/21 16:50:43 | 00,000,000 | ---D | C] -- C:\Program Files\Serif
[2009/03/20 00:04:03 | 00,000,000 | ---D | C] -- C:\Users\senadoll\Contacts\Desktop\EBay
[2009/03/14 20:39:55 | 00,000,000 | ---D | C] -- C:\Users\senadoll\AppData\Local\Eastman_Kodak_Company
[2009/03/14 20:39:54 | 00,000,000 | ---D | C] -- C:\ProgramData\Eastman Kodak Company
[2009/03/14 20:39:48 | 00,000,000 | ---D | C] -- C:\Users\senadoll\AppData\Local\Eastman Kodak Company
[2009/03/14 20:39:25 | 00,000,636 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2009/03/14 20:37:26 | 00,012,800 | ---- | C] () -- C:\Windows\System32\EKDeviceServices.dll
[2009/03/14 20:37:17 | 00,001,937 | ---- | C] () -- C:\Users\Public\Desktop\KodakAiO HomeCenter.lnk
[2009/03/14 19:39:40 | 00,000,426 | ---- | C] () -- C:\Windows\tasks\AiO Home Center Registration RunOnce Task.job
[2009/03/14 19:28:39 | 00,000,000 | ---D | C] -- C:\Users\senadoll\AppData\Roaming\Temp
[2009/03/14 18:10:00 | 00,000,000 | ---D | C] -- C:\Windows\System32\kodak
[2009/03/14 18:08:01 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/03/14 12:07:10 | 00,000,000 | ---D | C] -- C:\Users\senadoll\Contacts\Desktop\SenaDocs
[2009/03/11 10:38:16 | 10,622,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/03/11 10:38:13 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/03/11 10:38:12 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/03/11 10:38:12 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/03/11 10:38:12 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/03/11 10:37:13 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/03/11 10:37:07 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/03/08 13:43:53 | 00,000,000 | ---D | C] -- C:\Users\senadoll\AppData\Roaming\OpenOffice.org
[2009/03/08 11:17:55 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2009/03/08 11:17:40 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2009/03/08 11:15:08 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/03/08 11:15:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2009/02/13 13:15:50 | 00,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/06/03 04:35:18 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 06:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Files - Modified Within 30 Days ==========

[2009/04/06 15:47:48 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/04/06 15:47:48 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/04/06 15:47:48 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/04/06 15:42:22 | 00,000,266 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2009/04/06 15:42:19 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/04/06 15:42:15 | 00,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/04/06 15:42:15 | 00,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/04/06 15:42:05 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/04/06 15:39:52 | 02,081,211 | -H-- | M] () -- C:\Users\senadoll\AppData\Local\IconCache.db
[2009/04/06 15:00:57 | 00,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2009/04/06 14:32:54 | 00,000,982 | ---- | M] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2009/04/06 09:45:12 | 00,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{71EE5F6D-9179-4050-933F-C08CD45189F5}.job
[2009/04/05 12:42:58 | 00,046,592 | ---- | M] () -- C:\Users\senadoll\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/05 00:08:13 | 00,995,328 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2009/04/05 00:07:58 | 01,680,384 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2009/04/04 19:44:00 | 00,000,426 | ---- | M] () -- C:\Windows\tasks\AiO Home Center Registration RunOnce Task.job
[2009/04/03 07:49:07 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/04/03 07:41:48 | 00,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2009/03/29 09:47:03 | 00,000,793 | ---- | M] () -- C:\Users\senadoll\Contacts\Desktop\LegalSounds Music Downloader.lnk
[2009/03/28 09:32:11 | 00,001,037 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2009/03/28 09:31:33 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2009/03/28 09:31:33 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/03/27 10:19:59 | 00,001,259 | ---- | M] () -- C:\Users\senadoll\Contacts\Desktop\PicsDDrive.lnk
[2009/03/27 08:15:25 | 00,000,022 | ---- | M] () -- C:\Users\senadoll\AppData\Local\kodakpcd.ini
[2009/03/27 07:34:20 | 00,074,336 | ---- | M] () -- C:\Users\senadoll\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/03/27 07:32:11 | 00,299,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/03/27 03:35:13 | 00,000,402 | -HS- | M] () -- C:\Users\senadoll\Contacts\Desktop\SenaDocs\Documents\desktop.ini
[2009/03/26 22:11:21 | 00,000,571 | ---- | M] () -- C:\Users\Public\Desktop\PhotoImpact Pro.lnk
[2009/03/22 22:34:36 | 00,000,764 | ---- | M] () -- C:\Users\senadoll\Contacts\Desktop\Audacity.lnk
[2009/03/22 06:21:38 | 00,606,168 | ---- | M] () -- C:\Users\senadoll\Contacts\Desktop\AmazonMP3Installer.exe
[2009/03/14 20:39:31 | 00,000,636 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2009/03/14 20:37:17 | 00,001,937 | ---- | M] () -- C:\Users\Public\Desktop\KodakAiO HomeCenter.lnk
[2009/03/14 19:47:27 | 00,000,039 | ---- | M] () -- C:\Windows\Irremote.ini
[2009/03/14 18:08:01 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
< End of report >

Rooter:
Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1

C:\ [Fixed] - NTFS - (Total:38473 Mo/Free:3077 Mo)
D:\ [Fixed] - NTFS - (Total:199998 Mo/Free:3883 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)

Mon 04/06/2009|16:24

----------------------\\ Processes..

--Locked-- [System Process]
--Locked-- System
---------- \SystemRoot\System32\smss.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\wininit.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\services.exe
---------- C:\Windows\system32\lsass.exe
---------- C:\Windows\system32\lsm.exe
---------- C:\Windows\system32\winlogon.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\Ati2evxx.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\svchost.exe
--Locked-- audiodg.exe
---------- C:\Windows\system32\SLsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\Ati2evxx.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\Dwm.exe
---------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\Windows\Explorer.EXE
---------- C:\Program Files\Alwil Software\Avast4\ashServ.exe
---------- C:\Program Files\Windows Defender\MSASCui.exe
---------- C:\Windows\System32\spoolsv.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
---------- C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Windows\ehome\ehtray.exe
---------- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
---------- C:\Windows\system32\agrsmsvc.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Kodak\AiO\center\KodakSvc.exe
---------- C:\Windows\ehome\ehmsas.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\WUDFHost.exe
---------- C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
---------- C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
---------- C:\Program Files\Windows Media Player\wmpnscfg.exe
---------- C:\Program Files\Windows Media Player\wmpnetwk.exe
---------- C:\Windows\system32\wuauclt.exe
---------- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
---------- C:\Users\senadoll\Downloads\OTListIt2.exe
---------- C:\Windows\notepad.exe
---------- C:\Windows\notepad.exe
---------- C:\Windows\system32\DllHost.exe
---------- C:\Windows\system32\DllHost.exe
---------- C:\Users\senadoll\Downloads\Rooter.exe
---------- C:\Windows\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\Users\senadoll\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1L6C2VF9\Mastodon%20-%20Crack%20The%20Skye_2-68x68_fl[1].jpg
C:\Users\senadoll\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt


1 - "C:\Rooter$\Rooter_1.txt" - Mon 04/06/2009|16:25

----------------------\\ Scan completed at 16:25



HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:35 PM, on 4/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\AiO\center\KodakSvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)

--
End of file - 6479 bytes

Edited by snegrisor, 06 April 2009 - 02:25 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP