Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hard drive working overtime


  • Please log in to reply

#1
rheisler

rheisler

    New Member

  • Member
  • Pip
  • 3 posts
my computer has windows xp pro, 1.66 ghz, 256 megs ram

my problem is that my hard drive runs constantly, and uses all resoures. some of my programs willnot start up or will shut down due to some file missing. performed all steps inthe malaware and spyware clewaning guide, but still no improvement.

mbam

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4371

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/30/2010 3:14:40 PM
mbam-log-2010-07-30 (15-14-40).txt

Scan type: Quick scan
Objects scanned: 129966
Time elapsed: 43 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 42
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{1dec989a-8b5a-4032-903a-50b1e071b77b} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{01b3b657-e7bf-4936-bf6e-c1cff3aaf0dd} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{34196f64-c524-4ae3-8572-0ae00843ef54} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{376193bc-493c-4b19-ac30-32ff54225ee7} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{453c3579-3a18-4b7e-8e11-abf856dfa67e} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b3f969a7-6c91-4594-a418-a042cce8be07} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bc3ce04b-b40b-481d-855f-f1165d4554d0} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{be641acd-9500-4ea8-b7cc-2534c95eb5d3} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c08cd4e6-ed0c-499b-a86a-23addf8f41be} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d994b6d8-32bf-4b39-afa6-a5701087dca4} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e6395f5e-8e54-4392-8bce-d433fb0b695e} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{6b10aa55-a6c1-4dc1-a3a2-bf29b8609575} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{545ff516-2988-4011-b624-d15cdfbed726} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{649a8636-c032-43a7-900a-e5a10ccece0e} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8e8c12ea-f69f-41b5-95f4-98fb0423a05a} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{baa595e3-f6a6-492a-bc15-9a0f88dce8b9} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c16cb848-655a-4695-be7a-af50b9fa4f13} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de07e8e2-ba1b-42c2-8bc0-5ac730e0d624} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{dee3cc26-fadc-4875-b9b1-8eb1a71f5449} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e9f71018-d1f1-45f3-8872-c9eaa2d52214} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f58fd645-2555-46c2-9842-b826f1a39838} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f5be064c-7d8a-4253-940d-3de6a538fdbf} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{03cc8261-49cc-4a09-bdc8-a1d81f88a6f5} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{060f103a-fa2d-45d0-8b1c-4e71d111aed6} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0879b92f-d3dc-4835-a134-83969a12af73} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3064afbf-23b5-4794-a1d7-3c0d5188bead} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{653d3ff4-3c82-4248-be3f-24dbd8f48142} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7be57914-454f-4149-bb0e-054194e64693} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8a0be755-6bc0-4298-b51d-5f94b93357b7} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{914a80e6-94b7-4b42-a31b-2fde6abd0411} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a0df63d4-3c61-4fa8-ae92-aa4b3f794024} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{acb2da47-50b3-4d4b-ae48-703531a91f94} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb044f38-e542-423b-9701-8d31957bd0ac} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d593aff0-9f4f-4e7d-886b-11e1bc63b98c} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eec98240-0748-44fc-89f4-cb9216459e1f} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fb03e1ad-6946-4cf9-a2cb-d5c53dcf9583} (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\engine.backupengine (Rogue.AntiSpyKit) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Malware Sweeper (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Sweeper_is1 (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MalwareSweeper.com\MalwareSweeper (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
C:\Program Files\MalwareSweeper.com\MalwareSweeper\Patches (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\MalwareSweeper.com (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\MalwareSweeper.com\Malware Sweeper (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\md5.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\MalwareSweeper.com\MalwareSweeper\unins000.exe (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
C:\Program Files\MalwareSweeper.com\MalwareSweeper\update.exe (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
C:\Program Files\MalwareSweeper.com\MalwareSweeper\English.inf (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
C:\Program Files\MalwareSweeper.com\MalwareSweeper\Engine.dll (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
C:\Program Files\MalwareSweeper.com\MalwareSweeper\db.ini (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
C:\Program Files\MalwareSweeper.com\MalwareSweeper\agent.exe (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\MalwareSweeper.com\Malware Sweeper.lnk (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\MalwareSweeper.com\Malware Sweeper\Help.lnk (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\MalwareSweeper.com\Malware Sweeper\Uninstall.lnk (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.


gmer

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-30 16:32:52
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\shannon\LOCALS~1\Temp\ugtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwAllocateVirtualMemory [0xF9A54B30]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwCreateThread [0xF9A546F0]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xF9A54470]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwProtectVirtualMemory [0xF9A54C50]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xF9A54990]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwTerminateProcess [0xF9A548D0]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwWriteVirtualMemory [0xF9A54D60]

---- Kernel code sections - GMER 1.0.15 ----

? wiimwbc.sys The system cannot find the file specified. !
.text tcpip.sys!IPTransmit + 10FC F7FFED3A 6 Bytes CALL F96B3E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPTransmit + 2A52 F8000690 6 Bytes CALL F96B3E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPRegisterProtocol + 930 F8016454 6 Bytes CALL F96B3E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys F9AA73FD 4 Bytes CALL F96B3FA0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys F9AA7402 2 Bytes [90, 90] {NOP ; NOP }

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

olt

OTL logfile created on: 7/30/2010 4:35:35 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\shannon\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 83.00 Mb Available Physical Memory | 33.00% Memory free
909.00 Mb Paging File | 483.00 Mb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.30 Gb Total Space | 22.25 Gb Free Space | 59.65% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: G6Y1K4
Current User Name: shannon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/30 13:40:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\shannon\Desktop\OTL.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/11/10 05:43:54 | 000,382,384 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/04/13 18:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/07/30 13:40:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\shannon\Desktop\OTL.exe
MOD - [2008/04/13 18:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2004/10/15 18:32:10 | 000,083,096 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\SSSensor.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2004/10/15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys -- (MpFilter)
DRV - [2007/08/01 22:47:26 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2006/12/21 10:52:24 | 000,029,522 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Capt913d.sys -- (SQTECH913D)
DRV - [2006/08/10 06:32:14 | 000,204,672 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2004/10/15 18:32:44 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n)
DRV - [2004/10/15 18:32:42 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n)
DRV - [2004/10/15 18:32:40 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n)
DRV - [2004/10/15 18:32:38 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)
DRV - [2004/10/15 18:18:46 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2004/10/15 18:17:02 | 000,060,496 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer)
DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/03/02 14:02:30 | 000,167,040 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s3gnbm.sys -- (S3SavageNB)
DRV - [2004/03/02 14:02:30 | 000,167,040 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s3gnbm.sys -- (S3Psddr)
DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/07/24 04:30:00 | 000,032,128 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/01/09 15:13:58 | 000,000,732 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SystemTray] C:\WINDOWS\System32\systray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [VTPreset] C:\WINDOWS\System32\VTPreset.exe (S3 Graphics, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\ADOBE\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\4.0; File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...506/mcfscan.cab (McFreeScan Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\WEB\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\WEB\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/10 12:20:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\LHACM.ACM (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: VIDC.VDOM - vdowave.drv File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/30 15:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shannon\Desktop\gmer
[2010/07/30 14:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shannon\Application Data\Malwarebytes
[2010/07/30 14:25:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/30 14:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/30 14:25:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/30 14:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/30 14:17:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/30 13:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/30 13:40:08 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\shannon\Desktop\OTL.exe
[2010/07/30 13:27:56 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\shannon\Desktop\mbam-setup.exe
[2010/07/30 13:26:54 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\shannon\Desktop\erunt_setup.exe
[2010/07/30 13:25:42 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\shannon\Desktop\TFC.exe
[2010/07/30 13:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/30 12:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shannon\Local Settings\Application Data\PCHealth
[2010/07/29 21:12:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2010/07/29 21:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/07/29 16:08:16 | 000,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg5n.sys
[2010/07/29 16:08:14 | 000,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg4n.sys
[2010/07/29 16:08:11 | 000,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg6n.sys
[2010/07/29 16:08:08 | 000,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg3n.sys
[2010/07/29 16:08:05 | 000,060,496 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\Teefer.sys
[2010/07/29 16:08:02 | 000,021,075 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wpsdrvnt.sys
[2010/07/29 16:07:29 | 000,083,096 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\SSSensor.dll
[2010/07/29 16:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Sygate
[2010/07/29 16:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/07/28 18:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shannon\Application Data\Auslogics
[2010/07/28 18:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2010/07/28 15:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/28 12:12:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\shannon\Recent
[2010/07/28 10:47:34 | 000,000,000 | ---D | C] -- C:\4ce9bc4c36da8c98eb38e203f2
[2010/07/28 10:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/07/28 10:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\MalwareSweeper.com

========== Files - Modified Within 90 Days ==========

[2010/07/30 16:37:10 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010/07/30 15:55:00 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/30 15:21:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/30 15:20:28 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/07/30 15:19:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/30 15:19:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/30 15:18:58 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/30 15:17:16 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\shannon\ntuser.dat
[2010/07/30 15:17:16 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\shannon\ntuser.ini
[2010/07/30 15:16:32 | 003,765,556 | -H-- | M] () -- C:\Documents and Settings\shannon\Local Settings\Application Data\IconCache.db
[2010/07/30 14:26:02 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/30 13:58:50 | 000,000,515 | ---- | M] () -- C:\Documents and Settings\shannon\Desktop\NTREGOPT.lnk
[2010/07/30 13:58:50 | 000,000,496 | ---- | M] () -- C:\Documents and Settings\shannon\Desktop\ERUNT.lnk
[2010/07/30 13:40:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\shannon\Desktop\OTL.exe
[2010/07/30 13:39:46 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\shannon\Desktop\gmer.zip
[2010/07/30 13:27:58 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\shannon\Desktop\mbam-setup.exe
[2010/07/30 13:27:00 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\shannon\Desktop\erunt_setup.exe
[2010/07/30 13:25:46 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\shannon\Desktop\TFC.exe
[2010/07/30 13:06:48 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\shannon\Desktop\HiJackThis.lnk
[2010/07/30 11:20:58 | 000,001,197 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/30 11:20:58 | 000,000,364 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/30 11:20:58 | 000,000,259 | -HS- | M] () -- C:\boot.ini
[2010/07/29 21:10:50 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/07/29 21:08:56 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/29 04:04:42 | 000,157,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/29 03:44:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/29 03:28:08 | 000,514,406 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/29 03:28:08 | 000,449,842 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/29 03:28:08 | 000,075,376 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/28 18:15:06 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\shannon\Desktop\Auslogics Disk Defrag.lnk
[2010/07/28 14:23:38 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\shannon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2010/07/30 15:49:30 | 000,000,374 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010/07/30 14:26:01 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/30 13:58:48 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\shannon\Desktop\NTREGOPT.lnk
[2010/07/30 13:58:48 | 000,000,496 | ---- | C] () -- C:\Documents and Settings\shannon\Desktop\ERUNT.lnk
[2010/07/30 13:39:43 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\shannon\Desktop\gmer.zip
[2010/07/30 13:05:35 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\shannon\Desktop\HiJackThis.lnk
[2010/07/30 11:20:59 | 000,000,399 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2010/07/29 21:19:22 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/29 21:10:48 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/07/28 18:15:00 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\shannon\Desktop\Auslogics Disk Defrag.lnk
[2010/07/28 12:57:09 | 267,964,416 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/30 16:31:13 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2009/09/01 14:53:22 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/18 21:20:18 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/01/18 17:50:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/12 16:43:45 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\VERMONT1.DLL
[2008/05/12 16:43:45 | 000,019,040 | ---- | C] () -- C:\WINDOWS\System32\VRX1.DLL
[2008/05/12 16:43:44 | 000,107,520 | ---- | C] () -- C:\WINDOWS\System32\SIMFARM.DLL
[2008/05/11 18:28:53 | 000,136,448 | ---- | C] () -- C:\WINDOWS\RMTOOLS.DLL
[2008/02/29 16:04:32 | 000,000,612 | ---- | C] () -- C:\WINDOWS\Tonkapt.ini
[2007/12/10 12:52:04 | 000,012,327 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2007/12/10 12:52:04 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2007/12/10 12:52:04 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2007/12/10 12:52:04 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2007/12/10 12:52:04 | 000,000,865 | ---- | C] () -- C:\WINDOWS\DOSREP.INI
[2007/12/10 12:52:04 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2007/12/10 12:52:04 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2007/12/10 12:52:04 | 000,000,120 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/12/10 12:52:04 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2007/12/10 12:52:04 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2007/12/10 12:52:04 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/12/10 12:52:04 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2007/12/10 12:52:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2004/10/15 18:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[1980/01/01 00:00:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[1980/01/01 00:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL

========== LOP Check ==========

[2008/08/29 18:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roblox
[2009/01/26 09:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/02/15 12:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2009/05/02 15:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/05 21:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/16 13:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/12/07 20:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/07/28 15:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/02/29 16:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Leadertech
[2009/10/16 14:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\uTorrent
[2009/12/07 19:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\GARMIN
[2010/07/28 18:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Auslogics
[2009/12/05 23:00:02 | 000,000,502 | ---- | M] () -- C:\WINDOWS\Tasks\Tune-up Application Start.job
[2010/07/30 15:20:28 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2010/07/30 16:37:10 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2010/07/30 15:55:00 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/05/01 21:28:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/07/30 11:20:58 | 000,000,259 | -HS- | M] () -- C:\boot.ini
[2007/12/10 12:14:36 | 000,001,010 | ---- | M] () -- C:\FRUNLOG.TXT
[2009/04/01 14:55:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/07/30 15:18:58 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2007/12/10 12:17:30 | 000,001,676 | RHS- | M] () -- C:\MSDOS.SYS
[2007/12/10 12:20:50 | 000,049,152 | -HS- | M] () -- C:\VIDEOROM.BIN
[2007/12/10 12:20:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/12/10 12:20:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/30 15:18:58 | 705,200,128 | -HS- | M] () -- C:\pagefile.sys
[1999/04/23 22:22:00 | 000,222,390 | RHS- | M] () -- C:\IO.SYS
[2009/06/21 15:53:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/04/01 14:55:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/05/01 21:28:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/06/21 15:53:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/06/21 16:55:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2007/12/10 12:33:02 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2009/06/21 16:55:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/11/14 15:43:10 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2004/08/03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2007/12/12 16:01:22 | 000,001,122 | ---- | M] () -- C:\rollback.ini
[2007/12/25 11:24:36 | 000,000,035 | ---- | M] () -- C:\aa.txt
[1995/01/22 16:40:20 | 000,000,766 | R--- | M] () -- C:\simcity.ico
[2008/05/11 18:29:22 | 000,000,094 | ---- | M] () -- C:\bbcscte.bat
[2008/06/08 16:09:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/06/08 16:09:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/07/21 16:41:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/07/21 16:41:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/09/21 17:14:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/09/21 17:14:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/10/07 19:54:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/10/07 19:54:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/10/08 17:56:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/10/08 17:56:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/10/25 08:02:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/10/25 08:02:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/11/22 17:26:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/11/22 17:26:10 | 000,000,136 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/11/22 17:26:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/11/22 17:26:10 | 000,000,136 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/11/22 17:26:10 | 000,000,136 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/12/26 20:00:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/12/26 20:00:50 | 000,000,136 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/12/26 20:00:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/12/26 20:00:50 | 000,000,136 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/12/26 20:01:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/12/26 20:01:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/12/26 20:01:00 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/12/26 20:01:00 | 000,000,148 | -H-- | M] () -- C:\sqmdata12.sqm

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\FONTS\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\FONTS\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\FONTS\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\FONTS\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2005/05/11 23:36:48 | 000,012,288 | ---- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\FONTS\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2007/12/10 12:50:30 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\FONTS\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2005/05/10 20:48:48 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\SYSTEM32\spool\prtprocs\w32x86\hpzpp3xu.dll
[2008/07/06 04:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[1999/04/23 22:22:00 | 000,091,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Channel Screen Saver.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2007/12/10 12:19:06 | 000,011,079 | -H-- | M] () -- C:\Program Files\folder.htt
[2007/12/10 12:19:06 | 000,000,266 | -HS- | M] () -- C:\Program Files\desktop.ini
[2008/05/01 10:59:10 | 000,071,502 | ---- | M] () -- C:\Program Files\humaitarian 1.jpg
[2008/05/01 10:59:52 | 000,065,646 | ---- | M] () -- C:\Program Files\humanitarian 2.jpg
[2008/05/01 11:04:18 | 000,071,502 | ---- | M] () -- C:\Program Files\Picture 075 (480 x 640) metal1.jpg
[2008/05/01 11:04:50 | 000,071,502 | ---- | M] () -- C:\Program Files\Picture 075 (480 x 640)metal2.jpg

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/12/10 12:40:16 | 000,880,640 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\system.sav
[2007/12/10 12:40:16 | 000,659,456 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\software.sav
[2007/12/10 12:40:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\default.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-30 01:37:06
< End of report >

olt extra

OTL Extras logfile created on: 7/30/2010 4:35:35 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\shannon\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 83.00 Mb Available Physical Memory | 33.00% Memory free
909.00 Mb Paging File | 483.00 Mb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.30 Gb Total Space | 22.25 Gb Free Space | 59.65% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: G6Y1K4
Current User Name: shannon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes -- (Apple Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone) -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 11
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71DFAA65-77FA-41F3-A748-013B5A8524A3}" = Garmin City Navigator North America NT 2010.30
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79546A5F-AE7C-4693-8670-A3401B43ABD2}" = HP Deskjet 5900 series
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{81878BF0-B03C-11D8-AD8E-0050DA87D0EB}" = Tonka Power Tools
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5222E5A-13CB-4C98-9F5C-21CF6896A25C}" = HPDeskjet5900Series
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ERUNT_is1" = ERUNT 1.1j
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Photo & Imaging" = HP Image Zone 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MAX DS Video Converter_is1" = MAX DS Video Converter
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PConPoint_is1" = PConPoint v4.1
"PIXresizer_is1" = PIXresizer 1.0.8
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"Starcraft" = Starcraft
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/30/2010 12:27:54 PM | Computer Name = G6Y1K4 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 7/30/2010 12:33:41 PM | Computer Name = G6Y1K4 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 7/30/2010 1:29:36 PM | Computer Name = G6Y1K4 | Source = Application Hang | ID = 1002
Description = Hanging application msconfig.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/30/2010 1:29:36 PM | Computer Name = G6Y1K4 | Source = Application Hang | ID = 1002
Description = Hanging application msconfig.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/30/2010 1:30:21 PM | Computer Name = G6Y1K4 | Source = Application Hang | ID = 1001
Description = Fault bucket 745609629.

Error - 7/30/2010 2:09:12 PM | Computer Name = G6Y1K4 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 7/30/2010 2:25:02 PM | Computer Name = G6Y1K4 | Source = Application Error | ID = 1000
Description = Faulting application Smc.exe, version 5.6.0.2808, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x00010f20.

Error - 7/30/2010 3:57:24 PM | Computer Name = G6Y1K4 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 7/30/2010 4:37:16 PM | Computer Name = G6Y1K4 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/30/2010 5:27:58 PM | Computer Name = G6Y1K4 | Source = MSSecurityEssentials | ID = 5000
Description =


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

Advertisements


#2
rheisler

rheisler

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
i should have mentioned that i wasn't sure if it was a malaware or hardware doing this. any help would be greatly appreciate.
  • 0

#3
rheisler

rheisler

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi. I have waited for a while for any response, and was wondering if this post was over looked or dismissed. would like to get it running so that i could remove some of the files on it.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP