Trend Micro (hijackthis log file)Needs help
#1
Posted 11 February 2011 - 04:16 PM
#2
Posted 16 February 2011 - 10:54 PM
Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.
- Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
- Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
- English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.
+++++++++++++++++++++++++++++++++++++++++++
ERUNT - Download here
Removing modern malware infections often requires making changes to the registry, and a corrupt registry can prevent a system from booting. Compatible with Windows NT, 2000, 2003, XP, Vista, 32 & 64-bit versions. To ensure that we have a valid registry backup. Install and run ERUNT (Emergency Recovery Utility NT) which will allows you to store a complete backup of your registry and restore if needed.
- Download ERUNT
- Double-click erunt_setup.exe to run.
- Follow the prompts and install using the default configuration (setup language, install location, shortcuts...).
- Say No to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later.
- Start ERUNT
- Choose a location for the backup
The default location C:\WINDOWS\ERDNT\[today's date] is preferred
- The first two check boxes are ticked by default (System registry and Current user registry).
- Press OK
- When prompted, click YES to create a new folder.
- Progress bars will show backup status.
- A confirmation window will popup when complete. Click OK to close.
+++++++++++++++++++++++++++++++++++++++++++
OTL
OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.
Important note: HijackThis has been replaced by OTL in this guide. Since being acquired by TrendMicro, HijackThis has not been regularly updated. Many infections are now able to hide partly, or completely from a HijackThis scan. OTL is authored by one of our staff members (OldTimer). It includes all the scan locations of HijackThis and more. It's not only a more comprehensive scan tool, but also offers more powerful removal features.
- Download OTL to your Desktop
- Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Under the Custom Scan box paste this in:
netsvcs
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
c:\windows\system32\*.dll /lockedfiles
c:\windows\system32\drivers\*.sys /lockedfiles
%systemroot%\*. /mp /s
CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.
next
GMER Rootkit Scanner
- GMER Rootkit Scanner - Download - Homepage
- Download GMER
- Extract the contents of the zipped file to desktop.
- Double click GMER.exe.
- If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
- In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.
Click the image to enlarge it
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
- Save the log where you can easily find it, such as your desktop.
**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
#3
Posted 17 February 2011 - 08:07 AM
OTL Extras logfile created on: 17/02/2011 8:33:11 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Greg&Aleah\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
190.00 Mb Total Physical Memory | 62.00 Mb Available Physical Memory | 33.00% Memory free
466.00 Mb Paging File | 268.00 Mb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.94 Gb Total Space | 16.45 Gb Free Space | 58.89% Space Free | Partition Type: NTFS
Computer Name: YOUR-6BVPXYZTOQ | User Name: Greg&Aleah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Greg&Aleah\Desktop\UT\ut\UnrealTournament\System\0CLICK.exe" = C:\Documents and Settings\Greg&Aleah\Desktop\UT\ut\UnrealTournament\System\0CLICK.exe:*:Enabled:0CLICK
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java 6 Update 23
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{5EE83279-5FEA-4885-823A-B90C23A72DF0}" = D-Link Wireless 150 USB Adapter DWA-125
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C" = Conexant 56K ACLink Modem
"Conexant PCI Audio" = Conexant AC-Link Audio
"ERUNT_is1" = ERUNT 1.1j
"ie8" = Windows Internet Explorer 8
"Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only)
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.83
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.1
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/02/2011 11:35:59 PM | Computer Name = YOUR-6BVPXYZTOQ | Source = MsiInstaller | ID = 1013
Description = Product: Microsoft Money 2003 System Pack -- Money 2003 will not function
properly once the Money 2003 System Pack is removed. Continue?
Error - 13/02/2011 11:36:56 PM | Computer Name = YOUR-6BVPXYZTOQ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00028c0b.
Error - 14/02/2011 12:08:36 AM | Computer Name = YOUR-6BVPXYZTOQ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19019, fault address 0x0015ba19.
Error - 17/02/2011 8:49:35 AM | Computer Name = YOUR-6BVPXYZTOQ | Source = Application Error | ID = 1000
Description = Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module
wlanapp.dll, version 1.1.10.707, fault address 0x00013e3b.
< End of report >
OTL logfile created on: 17/02/2011 8:33:10 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Greg&Aleah\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
190.00 Mb Total Physical Memory | 62.00 Mb Available Physical Memory | 33.00% Memory free
466.00 Mb Paging File | 268.00 Mb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.94 Gb Total Space | 16.45 Gb Free Space | 58.89% Space Free | Partition Type: NTFS
Computer Name: YOUR-6BVPXYZTOQ | User Name: Greg&Aleah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/02/17 08:32:18 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg&Aleah\Desktop\OTL.exe
PRC - [2009/08/21 09:27:24 | 000,098,304 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2009/08/19 09:38:08 | 001,708,032 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
PRC - [2009/07/07 20:10:14 | 000,151,552 | ---- | M] () -- C:\WINDOWS\system32\ANIWConnService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/02/02 20:12:24 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/05/21 15:35:50 | 000,004,608 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\carpserv.exe
PRC - [2003/03/26 14:15:24 | 000,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
========== Modules (SafeList) ==========
MOD - [2011/02/17 08:32:18 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg&Aleah\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/02/02 20:12:16 | 000,069,724 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2009/08/21 09:27:24 | 000,102,400 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2009/07/07 20:10:14 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ANIWConnService.exe -- (ANIWConnService)
========== Driver Services (SafeList) ==========
DRV - [2009/09/15 21:09:22 | 000,779,136 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Drt2870.sys -- (rt2870)
DRV - [2009/02/09 18:10:04 | 000,029,411 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005/02/02 19:59:00 | 000,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/05/15 18:29:12 | 000,701,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/02/17 17:59:18 | 000,273,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\calihal.sys -- (CALIHALA)
DRV - [2004/02/17 17:58:40 | 000,292,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\caliaud.sys -- (CALIAUD)
DRV - [2003/05/21 15:35:56 | 000,030,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/05/21 15:33:54 | 000,179,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWALI.sys -- (HSFHWALI)
DRV - [2003/05/21 15:32:32 | 000,631,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/05/21 15:31:22 | 001,063,040 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/05/02 05:58:22 | 000,173,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2003/03/26 14:20:24 | 000,062,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2003/03/26 14:20:16 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2003/03/26 14:17:14 | 000,025,930 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2003/03/26 14:17:12 | 000,030,662 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/03/26 14:17:10 | 000,144,250 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/03/26 14:15:28 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/03/26 14:15:02 | 000,241,280 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/08/30 05:04:56 | 000,023,570 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2002/08/28 19:00:00 | 000,016,512 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DP83815.sys -- (DP83815)
DRV - [2001/08/17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 02:48:56 | 000,289,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimpab.sys -- (atimpab)
DRV - [2001/08/17 02:19:48 | 000,174,464 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es198x.sys -- (allegro) ESS Allegro Audio Driver (WDM)
DRV - [2001/08/17 02:13:20 | 000,027,164 | ---- | M] (Xircom, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CE3N5.SYS -- (CE3)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2002/08/28 21:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [CARPService] C:\WINDOWS\System32\carpserv.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe ()
O4 - HKLM..\Run: [srmclean] C:\cpqs\scom\srmclean.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1297562394770 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Greg&Aleah\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Greg&Aleah\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (57153031023624192)
========== Files/Folders - Created Within 30 Days ==========
[2011/02/17 08:32:03 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Greg&Aleah\Desktop\OTL.exe
[2011/02/17 08:23:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/17 08:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/02/17 08:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/02/17 08:19:46 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Greg&Aleah\Desktop\erunt-setup.exe
[2011/02/15 21:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wise Disk Cleaner Free
[2011/02/15 21:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Disk Cleaner
[2011/02/15 21:23:25 | 004,543,339 | ---- | C] (wisecleaner.com ) -- C:\Documents and Settings\Greg&Aleah\Desktop\WDCFree.exe
[2011/02/15 21:17:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wise Registry Cleaner Free
[2011/02/15 21:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner
[2011/02/15 10:14:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2011/02/15 10:14:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/02/15 00:21:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg&Aleah\Application Data\DriverCure
[2011/02/15 00:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2011/02/15 00:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2011/02/14 23:41:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg&Aleah\Desktop\UnrealTournament
[2011/02/14 14:11:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\wb
[2011/02/14 00:15:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Greg&Aleah\IECompatCache
[2011/02/13 23:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg&Aleah\Application Data\Adobe
[2011/02/13 23:04:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg&Aleah\Application Data\Macromedia
[2011/02/13 22:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/02/13 22:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/02/13 22:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/02/13 22:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg&Aleah\Application Data\Sun
[2011/02/13 19:18:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/13 19:15:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Greg&Aleah\PrivacIE
[2011/02/13 19:13:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Greg&Aleah\IETldCache
[2011/02/13 19:05:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/02/13 19:03:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/02/13 19:02:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/02/13 18:21:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/02/13 17:42:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/02/13 17:28:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2011/02/13 17:28:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/02/13 17:28:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/02/13 17:28:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/02/13 17:15:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/02/13 11:49:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2011/02/13 11:49:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2011/02/13 11:44:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/02/13 11:34:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/02/13 11:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/02/12 23:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\D-Link
[2011/02/12 23:48:17 | 001,327,189 | ---- | C] (Funk Software, Inc.) -- C:\WINDOWS\System32\odSupp_M.dll
[2011/02/12 23:48:17 | 000,720,896 | ---- | C] (Wireless Service) -- C:\WINDOWS\System32\ANIWZCS2.dll
[2011/02/12 23:48:17 | 000,270,336 | ---- | C] (Wireless Service) -- C:\WINDOWS\System32\wnicapi.dll
[2011/02/12 23:47:57 | 000,011,904 | ---- | C] (ANI ) -- C:\WINDOWS\System32\anio4.sys
[2011/02/12 23:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\ANI
[2011/02/12 23:47:37 | 001,110,016 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2011/02/12 23:47:37 | 000,204,800 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2011/02/12 23:46:51 | 000,779,136 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\Drt2870.sys
[2011/02/12 23:46:50 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2011/02/12 23:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\D-Link
[2011/02/12 23:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg&Aleah\Application Data\InstallShield
[2011/02/12 21:48:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/02/12 21:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Multimedia
[2011/02/12 21:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2011/02/12 21:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg&Aleah\Application Data\InterTrust
[2011/02/12 21:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg&Aleah\Application Data\Identities
[2011/02/12 21:41:01 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Greg&Aleah\Application Data\Microsoft
[2011/02/12 21:41:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Greg&Aleah\Application Data
[2011/02/12 21:41:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Greg&Aleah\Desktop
[2011/02/12 21:41:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Greg&Aleah\Cookies
[2011/02/12 21:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg&Aleah\Application Data\Symantec
[2011/02/12 21:41:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Greg&Aleah\My Documents\My Music
[2011/02/12 21:41:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Greg&Aleah\Favorites
[2011/02/12 21:41:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Greg&Aleah\Local Settings
[2011/02/12 21:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg&Aleah\My Documents\My eBooks
[2011/02/12 21:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg&Aleah\Local Settings\Application Data\Microsoft
[2011/02/12 21:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg&Aleah\Local Settings\Application Data\ApplicationHistory
[2011/02/12 21:40:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Greg&Aleah\SendTo
[2011/02/12 21:40:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Greg&Aleah\Recent
[2011/02/12 21:40:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Greg&Aleah\Start Menu\Programs\Startup
[2011/02/12 21:40:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Greg&Aleah\Start Menu
[2011/02/12 21:40:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Greg&Aleah\My Documents\My Pictures
[2011/02/12 21:40:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Greg&Aleah\My Documents
[2011/02/12 21:40:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Greg&Aleah\Start Menu\Programs\Accessories
[2011/02/12 21:40:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Greg&Aleah\Templates
[2011/02/12 21:40:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Greg&Aleah\PrintHood
[2011/02/12 21:40:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Greg&Aleah\NetHood
[2011/02/12 21:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/02/12 21:13:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/02/12 21:12:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/02/12 21:11:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/02/12 21:00:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/02/12 20:52:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Greg&Aleah\UserData
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/02/17 08:32:18 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg&Aleah\Desktop\OTL.exe
[2011/02/17 08:22:28 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Greg&Aleah\Desktop\NTREGOPT.lnk
[2011/02/17 08:22:28 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Greg&Aleah\Desktop\ERUNT.lnk
[2011/02/17 08:19:54 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Greg&Aleah\Desktop\erunt-setup.exe
[2011/02/17 07:53:03 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure Startup.job
[2011/02/17 07:52:48 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{286C5884-0235-41F3-BBFC-6054D27D6904}
[2011/02/17 07:52:39 | 000,000,011 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{286C5884-0235-41F3-BBFC-6054D27D6904}
[2011/02/17 07:52:30 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2011/02/17 07:52:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/17 07:52:12 | 199,806,976 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/16 10:48:34 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Greg&Aleah\Local Settings\Application Data\housecall.guid.cache
[2011/02/15 21:23:49 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\Greg&Aleah\Desktop\Wise Disk Cleaner Free.lnk
[2011/02/15 21:23:49 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\Greg&Aleah\Desktop\Clean disk with 1 click.lnk
[2011/02/15 21:23:49 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Greg&Aleah\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Disk Cleaner.lnk
[2011/02/15 21:23:30 | 004,543,339 | ---- | M] (wisecleaner.com ) -- C:\Documents and Settings\Greg&Aleah\Desktop\WDCFree.exe
[2011/02/15 21:17:26 | 000,000,846 | ---- | M] () -- C:\Documents and Settings\Greg&Aleah\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Registry Cleaner.lnk
[2011/02/15 21:17:25 | 000,001,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Clear with 1 click.lnk
[2011/02/15 21:17:25 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2011/02/15 00:21:37 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2011/02/14 13:59:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/14 13:11:00 | 000,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/14 12:49:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/14 12:44:10 | 000,364,302 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/14 12:44:10 | 000,045,810 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/13 21:30:52 | 000,131,769 | ---- | M] () -- C:\Documents and Settings\Greg&Aleah\My Documents\AVGInstLog.cab
[2011/02/13 19:14:08 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Greg&Aleah\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/13 18:23:24 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/02/13 17:14:18 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/02/13 11:52:20 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/02/13 11:40:08 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/02/12 23:50:08 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wireless Connection Manager.lnk
[2011/02/12 21:42:32 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Greg&Aleah\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/02/12 21:42:25 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Greg&Aleah\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/12 21:42:22 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2011/02/12 21:41:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/02/12 21:41:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/02/12 21:41:27 | 000,001,714 | RHS- | M] () -- C:\WINDOWS\System32\drivers\HP_Pavilion ze4400 (DK583A)_YN_Pavi_QCNF331_E_4_I0024_SHP_VPQ1A79_BKAM1.44_T030623_WXH1_L409_M191_J30_7AMD_8mobile Athlon XP2200+_91.79_1_N100B0020_P12176972_Z10B95457_K_A10B95451_U10B95237_G10024336.MRK
[2011/02/12 21:39:56 | 000,002,419 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/02/17 08:22:28 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Greg&Aleah\Desktop\NTREGOPT.lnk
[2011/02/17 08:22:28 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Greg&Aleah\Desktop\ERUNT.lnk
[2011/02/16 10:48:34 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Greg&Aleah\Local Settings\Application Data\housecall.guid.cache
[2011/02/15 21:23:49 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\Greg&Aleah\Desktop\Wise Disk Cleaner Free.lnk
[2011/02/15 21:23:49 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\Greg&Aleah\Desktop\Clean disk with 1 click.lnk
[2011/02/15 21:23:49 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Greg&Aleah\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Disk Cleaner.lnk
[2011/02/15 21:17:26 | 000,000,846 | ---- | C] () -- C:\Documents and Settings\Greg&Aleah\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Registry Cleaner.lnk
[2011/02/15 21:17:25 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Clear with 1 click.lnk
[2011/02/15 21:17:25 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2011/02/15 00:21:39 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\DriverCure Startup.job
[2011/02/15 00:21:32 | 000,000,390 | ---- | C] () -- C:\WINDOWS\tasks\DriverCure.job
[2011/02/13 21:30:52 | 000,131,769 | ---- | C] () -- C:\Documents and Settings\Greg&Aleah\My Documents\AVGInstLog.cab
[2011/02/13 14:57:36 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2011/02/13 14:57:36 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011/02/13 14:57:36 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011/02/13 14:57:36 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2011/02/13 14:57:35 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011/02/13 14:57:35 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011/02/13 14:57:35 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011/02/13 14:57:35 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011/02/13 14:57:35 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011/02/13 14:57:35 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011/02/13 14:57:35 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011/02/13 14:57:35 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011/02/13 14:57:35 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011/02/13 14:57:35 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011/02/13 14:57:35 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011/02/13 14:57:35 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2011/02/13 14:57:35 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011/02/13 14:57:31 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011/02/13 14:57:31 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011/02/13 14:57:31 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011/02/13 14:57:31 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011/02/13 14:57:31 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011/02/13 14:57:31 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011/02/13 14:57:31 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011/02/13 14:57:31 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011/02/13 14:57:31 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011/02/13 14:57:31 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011/02/13 14:57:31 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011/02/13 14:57:24 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2011/02/13 14:57:24 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011/02/13 14:57:24 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011/02/13 14:57:17 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011/02/13 14:57:17 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011/02/13 14:57:17 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011/02/13 14:57:17 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011/02/13 14:57:17 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011/02/13 14:57:17 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011/02/13 14:57:15 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011/02/13 14:57:15 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011/02/13 14:57:15 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011/02/13 14:57:15 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011/02/13 14:57:08 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011/02/13 14:57:07 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2011/02/13 14:57:00 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2011/02/13 14:56:59 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2011/02/13 14:56:53 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011/02/13 14:56:53 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2011/02/13 14:56:53 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2011/02/13 14:56:53 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2011/02/13 14:56:53 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2011/02/13 14:56:53 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2011/02/13 14:56:53 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2011/02/13 14:56:53 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2011/02/13 14:56:53 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2011/02/13 14:56:53 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2011/02/13 14:56:53 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2011/02/13 14:56:53 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2011/02/13 14:56:53 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2011/02/13 14:56:53 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2011/02/13 14:56:53 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2011/02/13 14:56:52 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2011/02/13 14:56:46 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2011/02/13 14:56:42 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2011/02/13 14:56:42 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011/02/13 14:56:24 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2011/02/13 14:56:24 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2011/02/13 14:56:20 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011/02/13 14:56:20 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011/02/13 14:56:20 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011/02/13 14:56:13 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2011/02/13 14:55:53 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2011/02/13 14:55:44 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011/02/13 14:55:41 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2011/02/13 14:55:30 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2011/02/13 14:55:30 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2011/02/13 14:55:30 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011/02/13 14:55:30 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2011/02/13 14:55:30 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2011/02/13 14:55:30 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011/02/13 14:55:30 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011/02/13 14:55:30 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011/02/13 14:55:29 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011/02/13 14:55:29 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011/02/13 14:55:23 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011/02/13 13:15:16 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Greg&Aleah\Start Menu\Programs\Internet Explorer.lnk
[2011/02/13 13:15:13 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Greg&Aleah\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/13 11:51:56 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/02/13 01:53:42 | 000,007,208 | ---- | C] () -- C:\WINDOWS\System32\secupd.sig
[2011/02/13 01:53:42 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/02/13 01:53:41 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/02/12 23:50:08 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wireless Connection Manager.lnk
[2011/02/12 23:50:05 | 000,003,284 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCS{286C5884-0235-41F3-BBFC-6054D27D6904}
[2011/02/12 23:48:32 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{286C5884-0235-41F3-BBFC-6054D27D6904}
[2011/02/12 23:48:29 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ANIWConnService.exe
[2011/02/12 23:48:17 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll
[2011/02/12 23:48:17 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\aIPH.dll
[2011/02/12 23:48:17 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AQCKGen.dll
[2011/02/12 23:48:17 | 000,045,115 | ---- | C] () -- C:\WINDOWS\System32\ANICtl.dll
[2011/02/12 23:47:57 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\ANIOApi.dll
[2011/02/12 23:47:57 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\ANIO64.sys
[2011/02/12 23:47:57 | 000,029,411 | ---- | C] () -- C:\WINDOWS\System32\ANIO.sys
[2011/02/12 23:47:57 | 000,016,997 | ---- | C] () -- C:\WINDOWS\System32\ANIO.VXD
[2011/02/12 23:47:37 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\ANIWPS.exe
[2011/02/12 23:47:36 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\ANIOWPS.dll
[2011/02/12 23:46:50 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/02/12 21:41:37 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/02/12 21:41:37 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/02/12 21:41:27 | 000,001,714 | RHS- | C] () -- C:\WINDOWS\System32\drivers\HP_Pavilion ze4400 (DK583A)_YN_Pavi_QCNF331_E_4_I0024_SHP_VPQ1A79_BKAM1.44_T030623_WXH1_L409_M191_J30_7AMD_8mobile Athlon XP2200+_91.79_1_N100B0020_P12176972_Z10B95457_K_A10B95451_U10B95237_G10024336.MRK
[2011/02/12 21:41:18 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\Greg&Aleah\OCA_LOG.TXT
[2011/02/12 21:41:05 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Greg&Aleah\Application Data\Microsoft\Internet Explorer\Quick Launch\MUSICMATCH Jukebox.lnk
[2011/02/12 21:41:05 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Greg&Aleah\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/12 21:41:05 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Greg&Aleah\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/02/12 21:41:03 | 000,001,509 | ---- | C] () -- C:\Documents and Settings\Greg&Aleah\Start Menu\Programs\Remote Assistance.lnk
[2011/02/12 21:41:03 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Greg&Aleah\Start Menu\Programs\Windows Media Player.lnk
[2011/02/12 21:41:03 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Greg&Aleah\Start Menu\Programs\Outlook Express.lnk
[2011/02/12 21:19:58 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2004/08/04 02:56:42 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 02:56:42 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 02:56:42 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 02:56:42 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 02:56:42 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/05/15 18:27:54 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/02/13 14:23:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/02/13 14:14:19 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/02/13 14:13:52 | 000,000,139 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/09/09 10:15:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/09/09 09:49:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
========== LOP Check ==========
[2011/02/15 00:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2011/02/13 19:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/15 00:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg&Aleah\Application Data\DriverCure
[2003/02/13 14:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg&Aleah\Application Data\InterTrust
[2011/02/17 07:53:03 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\DriverCure Startup.job
[2011/02/15 00:21:37 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\DriverCure.job
========== Purity Check ==========
========== Custom Scans ==========
< MD5 for: AGP440.SYS >
[2011/02/13 11:34:48 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011/02/13 17:04:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011/02/13 11:34:48 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2011/02/13 17:04:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2011/02/13 11:34:48 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\sp2.cab:AGP440.sys
[2011/02/13 17:04:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\agp440.sys
< MD5 for: ATAPI.SYS >
[2002/08/29 02:00:00 | 010,158,890 | R--- | M] () .cab file -- C:\i386\sp1.cab:atapi.sys
[2002/08/28 21:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2011/02/13 11:34:48 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011/02/13 17:04:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011/02/13 11:34:48 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2011/02/13 17:04:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2011/02/13 11:34:48 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\sp2.cab:atapi.sys
[2011/02/13 17:04:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< c:\windows\system32\*.dll /lockedfiles >
[1 c:\windows\system32\*.tmp files -> c:\windows\system32\*.tmp -> ]
< c:\windows\system32\drivers\*.sys /lockedfiles >
< %systemroot%\*. /mp /s >
< >
< >
< >
< End of report >
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-17 09:06:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHT2030AT rev.009A
Running: gmer.exe; Driver: C:\DOCUME~1\GREG&A~1\LOCALS~1\Temp\uxgirkog.sys
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[2500] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2500] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2500] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2500] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2500] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2500] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2500] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2500] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2500] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B15 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD16D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBC8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3108] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E53B0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----
#4
Posted 17 February 2011 - 08:28 AM
The machine barely has the minimum to run XP. You should increasing its memory to see an improvement in speed.
Logs looks clear. Lets try sweeping the system for stragglers.
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Next
Save these instructions so you can have access to them while in Safe Mode.
Please click here to download AVP Tool by Kaspersky.
- Save it to your desktop.
- Reboot your computer into SafeMode.
You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight SafeMode then hit enter. - Double click the setup file to run it.
- Click Next to continue.
- Accept the Licence agreement and click on next
- It will by default install it to your desktop folder.Click Next.
- It will then open a box There will be a tab that says Automatic scan.
- Under Automatic scan make sure these are checked.
- Hidden Startup Objects
- System Memory
- Disk Boot Sectors.
- My Computer.
- Also any other drives (Removable that you may have)
Leave the rest of the settings as they appear as default.
- Then click on Scan at the to right hand Corner.
- It will automatically Neutralize any objects found.
- If some objects are left un-neutralized then click the button that says Neutralize all
- If it says it cannot be Neutralized then chooose The delete option when prompted.
- After that is done click on the reports button at the bottom and save it to file name it Kas.
- Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.
#5
Posted 23 February 2011 - 09:23 PM
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users