Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help! Computer wont do anything by pop up Windows XP repair

Started by jennefur8675 , Jun 18 2011 12:00 AM

  • This topic is locked This topic is locked

#1
jennefur8675
Posted 18 June 2011 - 12:00 AM

jennefur8675

    Member

  • Member
  • PipPip
  • 79 posts
My laptop running XP just popped up a window saying 'Windows XP Repair' I was thinking this is a malware/spyware but I am not sure. I searched the forums, but I didn't come up with anything on this particular pop up. Now after I rebooted the computer, I can't get past this pop up and when I click on start it looks like everything has been wiped. Anyone been thru this before? What can I do now? Thanks for any help, I appreciate it!
  • 0

Advertisements

#2
Essexboy
Posted 18 June 2011 - 10:02 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there - before we start I must ask you not to use any temporary file cleaners until I give the all clear. All these programmes can be run from safe mode with networking

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %USERPROFILE%\..|smtmp;true;true;true /FP
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
jennefur8675
Posted 18 June 2011 - 08:51 PM

jennefur8675

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
Hello I ran the RogueKiller, here is the report it generated.

Since I cannot use my Windows laptop because of this problem, I had to get on my mac to download the roguekiller, but I couldn't get it to download the OTL on the mac. Is there a way to get online on the Windows pc to download the OTL program?


RogueKiller V5.2.3 [06/16/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode
User: Administrator [Admin rights]
Mode: Scan -- Date : 06/18/2011 21:44:36

Bad processes: 0

Registry Entries: 5
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{99B62E89-82C7-43FB-A687-E2269C7A9047} : NameServer (151.164.1.8,206.13.28.12) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{99B62E89-82C7-43FB-A687-E2269C7A9047} : NameServer (151.164.1.8,206.13.28.12) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#4
jennefur8675
Posted 18 June 2011 - 08:54 PM

jennefur8675

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
Nevermind, I tried downloading the OTL again on my mac to transfer it to the PC and it worked, I will post the OTL log when I am done, thank you.
  • 0

#5
jennefur8675
Posted 18 June 2011 - 09:06 PM

jennefur8675

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
OTL.txt log.....


OTL logfile created on: 6/18/2011 10:01:28 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 86.30% Memory free
2.52 Gb Paging File | 2.46 Gb Available in Paging File | 97.55% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.65 Gb Total Space | 6.33 Gb Free Space | 12.26% Space Free | Partition Type: NTFS
Drive D: | 4.22 Gb Total Space | 1.65 Gb Free Space | 39.16% Space Free | Partition Type: FAT32
Drive F: | 1.87 Gb Total Space | 1.83 Gb Free Space | 98.21% Space Free | Partition Type: FAT
Drive G: | 494.00 Mb Total Space | 468.63 Mb Free Space | 94.86% Space Free | Partition Type: FAT

Computer Name: LAPTOP | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/17 10:10:00 | 000,579,072 | ---- | M] (OldTimer Tools) -- F:\OTL.com
PRC - [2010/07/16 21:42:43 | 001,101,152 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/12 07:55:03 | 000,218,112 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/17 10:10:00 | 000,579,072 | ---- | M] (OldTimer Tools) -- F:\OTL.com
MOD - [2010/11/09 09:52:35 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbc32.dll
MOD - [2010/10/22 19:51:27 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/04/03 06:39:36 | 002,377,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WMVCore.dll
MOD - [2008/04/13 19:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/13 19:12:05 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shgina.dll
MOD - [2008/04/13 19:12:02 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/13 19:12:02 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/13 19:12:02 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/13 19:12:01 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008/04/13 19:11:59 | 000,997,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msgina.dll
MOD - [2008/04/13 19:11:52 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/13 19:11:51 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2008/04/13 12:26:05 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbcint.dll
MOD - [2007/10/27 18:40:06 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wmasf.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/07/20 18:03:21 | 000,921,952 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/16 21:43:32 | 000,308,136 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/15 07:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/06/27 02:37:04 | 000,172,032 | -H-- | M] (New Boundary Technologies, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - [2011/05/05 16:04:35 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 21:43:01 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 14:14:28 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/01/19 04:00:00 | 000,385,072 | -H-- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2004/06/26 04:05:30 | 000,341,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2003/10/20 21:09:26 | 000,065,664 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\rmedia.sys -- (rmedia)
DRV - [2003/10/14 22:08:22 | 000,197,120 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/10/14 22:05:48 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/10/14 22:04:16 | 001,043,072 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/08/13 02:27:22 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2001/08/17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-652489410-3071714004-1282925375-500\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.gatewaybiz.com
IE - HKU\S-1-5-21-652489410-3071714004-1282925375-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKU\S-1-5-21-652489410-3071714004-1282925375-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
IE - HKU\S-1-5-21-652489410-3071714004-1282925375-500\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =



O1 HOSTS File: ([2004/08/04 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-652489410-3071714004-1282925375-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} http://dlm.tools.aka...vex-2.2.0.5.cab (DownloadManager Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by13fd.bay13....es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://www.slide.com...ageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 13:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/18 21:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Local Settings\Application Data\Google
[2011/06/18 21:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Desktop\RK_Quarantine
[2011/06/18 21:43:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.LAPTOP\IETldCache
[2011/06/18 21:41:56 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Microsoft
[2011/06/18 21:41:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Favorites
[2011/06/18 21:41:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Application Data
[2011/06/18 21:41:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.LAPTOP\Cookies
[2011/06/18 21:41:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Application Data\SampleView
[2011/06/18 21:41:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Identities
[2011/06/18 21:41:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Desktop
[2011/06/18 21:41:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Start Menu\Programs\Startup
[2011/06/18 21:41:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Start Menu
[2011/06/18 21:41:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.LAPTOP\SendTo
[2011/06/18 21:41:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Recent
[2011/06/18 21:41:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.LAPTOP\My Documents\My Pictures
[2011/06/18 21:41:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.LAPTOP\My Documents\My Music
[2011/06/18 21:41:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.LAPTOP\My Documents
[2011/06/18 21:41:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Start Menu\Programs\Accessories
[2011/06/18 21:41:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LAPTOP\WINDOWS
[2011/06/18 21:41:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Templates
[2011/06/18 21:41:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LAPTOP\PrintHood
[2011/06/18 21:41:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LAPTOP\NetHood
[2011/06/18 21:41:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Local Settings\Application Data\Microsoft
[2011/06/18 21:41:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Local Settings
[2006/07/21 10:44:00 | 003,742,383 | -H-- | C] (InstallShield Software Corporation) -- C:\Program Files\CoffeeFreeFTPInstaller.exe
[2006/05/18 00:27:24 | 020,809,296 | -H-- | C] (eBay ) -- C:\Program Files\turboLister.exe
[2006/03/03 01:07:28 | 020,588,253 | -H-- | C] (eBay ) -- C:\Program Files\turbolister2.exe
[34 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/18 21:41:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/18 21:36:50 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/18 21:36:48 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/18 00:58:09 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-652489410-3071714004-1282925375-1007UA.job
[2011/06/18 00:44:28 | 000,000,176 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~20373284
[2011/06/18 00:44:28 | 000,000,128 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~20373284r
[2011/06/18 00:37:21 | 000,000,328 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\20373284
[2011/06/18 00:37:15 | 000,410,624 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\20373284.exe
[2011/06/18 00:36:28 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/18 00:31:10 | 000,120,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\11720.sys
[2011/06/18 00:30:43 | 000,465,920 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\GdfsjdvCUlN.exe
[2011/06/17 21:32:54 | 041,221,120 | RH-- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/06/17 21:32:44 | 022,152,192 | RH-- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/06/17 18:40:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/17 13:53:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-652489410-3071714004-1282925375-1007Core.job
[2011/06/15 16:28:54 | 000,001,791 | -H-- | M] () -- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/14 22:57:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/09 17:16:02 | 077,566,112 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[34 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/18 21:41:58 | 000,001,791 | -H-- | C] () -- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/18 21:41:58 | 000,000,779 | -H-- | C] () -- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/18 21:41:58 | 000,000,079 | -H-- | C] () -- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/18 21:41:56 | 000,001,599 | -H-- | C] () -- C:\Documents and Settings\Administrator.LAPTOP\Start Menu\Programs\Remote Assistance.lnk
[2011/06/18 21:41:56 | 000,000,767 | -H-- | C] () -- C:\Documents and Settings\Administrator.LAPTOP\Start Menu\Programs\Internet Explorer.lnk
[2011/06/18 21:41:56 | 000,000,738 | -H-- | C] () -- C:\Documents and Settings\Administrator.LAPTOP\Start Menu\Programs\Outlook Express.lnk
[2011/06/18 00:40:45 | 000,000,176 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~20373284
[2011/06/18 00:40:45 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~20373284r
[2011/06/18 00:37:21 | 000,000,328 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\20373284
[2011/06/18 00:37:15 | 000,410,624 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\20373284.exe
[2011/06/18 00:31:10 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\11720.sys
[2011/06/18 00:30:46 | 000,465,920 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\GdfsjdvCUlN.exe
[2011/01/18 11:32:12 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2010/06/01 23:06:57 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/06/01 23:06:57 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2009/11/08 22:37:38 | 000,000,825 | ---- | C] () -- C:\WINDOWS\System32\wininit.dll
[2008/10/20 19:04:54 | 000,001,524 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/06/11 15:48:01 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2007/06/11 15:48:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2007/06/11 15:48:00 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/06/11 15:47:46 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2007/06/11 15:47:46 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2007/06/11 15:47:44 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/06/11 15:47:39 | 000,009,013 | ---- | C] () -- C:\WINDOWS\HL-2040.INI
[2007/06/11 15:45:22 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/06/11 15:45:22 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2040.DAT
[2007/01/11 20:27:45 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/09 21:34:56 | 000,098,958 | ---- | C] () -- C:\WINDOWS\hpiins02.dat
[2006/12/09 21:34:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl02.dat
[2006/12/03 14:12:26 | 000,003,701 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/11/13 01:54:04 | 002,855,080 | -H-- | C] () -- C:\Program Files\aawsepersonal.exe
[2006/09/11 22:07:22 | 000,066,532 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/09/11 22:07:22 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2006/09/11 22:07:22 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2006/09/11 22:07:22 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2006/09/11 22:07:22 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2006/09/11 22:07:22 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2006/09/11 22:07:22 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/09/11 22:07:21 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/09/11 22:07:21 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2006/09/11 22:07:21 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2006/09/11 22:07:21 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006/09/11 22:07:21 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2006/09/11 22:07:21 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2006/09/11 22:07:21 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2006/09/11 22:04:28 | 000,000,025 | ---- | C] () -- C:\WINDOWS\EPCX7800.ini
[2006/04/30 01:54:16 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2006/04/30 01:46:23 | 000,000,196 | ---- | C] () -- C:\WINDOWS\EPSONCX6400.ini
[2006/03/03 03:27:15 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/10/24 02:28:49 | 000,353,298 | -H-- | C] () -- C:\Program Files\LimeWireWin.exe
[2005/10/06 12:34:33 | 000,159,744 | -H-- | C] () -- C:\Program Files\setup.exe
[2005/07/06 00:25:59 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/07/04 14:40:37 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2005/06/27 02:37:05 | 000,471,298 | ---- | C] () -- C:\WINDOWS\wallpg.exe
[2005/06/27 02:34:36 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/06/27 02:30:48 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/08/27 05:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/27 04:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/08/26 13:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/26 13:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/26 11:12:43 | 000,001,228 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 11:12:43 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 11:12:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/26 11:12:10 | 000,380,918 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/26 11:12:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/26 11:12:10 | 000,053,166 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/26 11:12:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/26 11:12:08 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/26 11:12:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/26 11:12:05 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/26 11:12:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/26 11:11:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/26 11:11:58 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\ljp13ig.dll
[2004/08/26 11:11:58 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2004/08/26 11:11:58 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2004/08/26 11:11:58 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2004/08/26 11:11:58 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2004/08/26 11:11:58 | 000,000,335 | ---- | C] () -- C:\WINDOWS\System32\gnzd6yo.dll
[2004/08/26 11:11:58 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2004/08/26 11:11:58 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/08/26 11:11:58 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\mv53urg.dll
[2004/08/26 11:11:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/26 11:11:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/26 05:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/26 05:54:01 | 000,208,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/09/03 21:04:00 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2005/06/27 02:41:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator.LAPTOP\Application Data\SampleView
[2010/01/20 19:21:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/16 18:42:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/10/23 13:32:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/01/01 16:52:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/05/08 19:21:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/20 17:45:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\VertusTech
[2011/01/18 11:32:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/06/27 02:41:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2009/11/11 18:36:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\General\Application Data\Common Files
[2008/12/04 18:09:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\General\Application Data\LimeWire
[2008/12/04 18:09:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\General\Application Data\SampleView
[2005/06/27 02:41:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\QBDataServiceUser17\Application Data\SampleView
[2011/06/14 22:57:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< SYSTEMDRIVE%\*.exe >

< USERPROFILE%\..|smtmp;true;true;true /FP >

< md5start >

< xplorer.exe >

< inlogon.exe >

< serinit.exe >

< vchost.exe >

< md5stop >

< systemroot%\*. /mp /s >

< klm\software\clients\startmenuinternet|command /rs >
KLM\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/13 18:52:23 | 001,011,768 | -H-- | M] (Google Inc.)
KLM\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/13 18:52:23 | 001,011,768 | -H-- | M] (Google Inc.)
KLM\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/13 18:52:23 | 001,011,768 | -H-- | M] (Google Inc.)
KLM\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/13 18:52:23 | 001,011,768 | -H-- | M] (Google Inc.)
KLM\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/13 18:52:23 | 001,011,768 | -H-- | M] (Google Inc.)
KLM\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 07:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
KLM\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 07:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
KLM\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 07:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
KLM\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
KLM\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)

< SYSTEMDRIVE%\*.exe >

< USERPROFILE%\..|smtmp;true;true;true /FP >

< md5start >

< xplorer.exe >

< inlogon.exe >

< serinit.exe >

< vchost.exe >

< md5stop >

< systemroot%\*. /mp /s >

< klm\software\clients\startmenuinternet|command /rs >
KLM\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/13 18:52:23 | 001,011,768 | -H-- | M] (Google Inc.)
KLM\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/13 18:52:23 | 001,011,768 | -H-- | M] (Google Inc.)
KLM\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/13 18:52:23 | 001,011,768 | -H-- | M] (Google Inc.)
KLM\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/13 18:52:23 | 001,011,768 | -H-- | M] (Google Inc.)
KLM\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/13 18:52:23 | 001,011,768 | -H-- | M] (Google Inc.)
KLM\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 07:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
KLM\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 07:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
KLM\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 07:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
KLM\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
KLM\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)

< REATERESTOREPOINT >

========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B682472

< End of report >
  • 0

#6
jennefur8675
Posted 18 June 2011 - 09:07 PM

jennefur8675

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
Extras.txt log....


OTL Extras logfile created on: 6/18/2011 10:01:28 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 86.30% Memory free
2.52 Gb Paging File | 2.46 Gb Available in Paging File | 97.55% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.65 Gb Total Space | 6.33 Gb Free Space | 12.26% Space Free | Partition Type: NTFS
Drive D: | 4.22 Gb Total Space | 1.65 Gb Free Space | 39.16% Space Free | Partition Type: FAT32
Drive F: | 1.87 Gb Total Space | 1.83 Gb Free Space | 98.21% Space Free | Partition Type: FAT
Drive G: | 494.00 Mb Total Space | 468.63 Mb Free Space | 94.86% Space Free | Partition Type: FAT

Computer Name: LAPTOP | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34F6BA44-7960-47B7-9391-81649C06C091}" = Brother HL-2040
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}" = Rhapsody Player Engine
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABE068DF-8DC4-4947-ABFC-DD2B40850225}" = SFR2
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF2606C7-63AF-40F4-8919-F2EC654ACC91}" = Napster for Windows Media Player
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6691488-C717-4FBA-8079-7BE021EC8BE9}" = Creative Zen Nano
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"AVG9Uninstall" = AVG Free 9.0
"BigFix" = BigFix
"CCleaner" = CCleaner
"ClubDJ Pro" = ClubDJ Pro
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_2030161F" = SoftK56 Data Fax Modem
"Creative Mass Storage Drivers" = Creative Mass Storage Drivers
"EPSON Printer and Utilities" = EPSON Printer Software
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2005b" = Microsoft Money 2005
"MuVo Driver" = Creative Mass Storage Drivers
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoParade.exe" = PhotoParade Player
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VertusBlingIt" = Vertus Bling! It 1.0.2
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool 1v7
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/19/2011 11:14:50 AM | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 10.0.0.3802, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/22/2011 9:02:04 PM | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application EasyShare.exe, version 5.3.33.27, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/23/2011 12:57:01 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x093d8fc0.

Error - 5/23/2011 11:11:18 AM | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/24/2011 3:17:49 AM | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/11/2011 5:12:19 PM | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/11/2011 5:12:19 PM | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/11/2011 6:37:01 PM | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 10.0.0.3802, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/11/2011 6:37:49 PM | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/17/2011 1:16:36 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 10.0.0.3802, faulting module
wmp.dll, version 10.0.0.4081, fault address 0x001307f9.

[ System Events ]
Error - 6/18/2011 10:42:53 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 6/18/2011 10:42:53 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 6/18/2011 10:42:53 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AvgLdx86 AvgMfx86 AvgTdiX eeCtrl Fips intelppm IPSec Lbd MRxSmb NetBIOS NetBT RasAcd Rdbss
Tcpip

Error - 6/18/2011 10:43:56 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/18/2011 10:46:49 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/18/2011 10:47:29 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/18/2011 10:53:22 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/18/2011 10:57:59 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/18/2011 10:59:27 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/18/2011 11:00:32 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >
  • 0

#7
Essexboy
Posted 19 June 2011 - 03:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Now I can see what the problems are - to work. RogueKiller will stop the processes again,but this time kill them dead. OTL will remove the malware files and try to reset the attributes on your files and folders that the malware has hidden. Then RogueKiller again to restore any files that OTL could not get. I have attached the OTL script, if you are unable to copy and paste then drag and drop the fix.txt onto the custom scans and fixes area then press run fix.

OK run RogueKiller again please but this time option 2

NEXT

Run OTL[attachment=50878:fix.txt]
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    [2011/06/18 00:44:28 | 000,000,176 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~20373284
    [2011/06/18 00:44:28 | 000,000,128 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~20373284r
    [2011/06/18 00:37:21 | 000,000,328 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\20373284
    [2011/06/18 00:37:15 | 000,410,624 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\20373284.exe
    [2011/06/18 00:31:10 | 000,120,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\11720.sys
    [2011/06/18 00:30:43 | 000,465,920 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\GdfsjdvCUlN.exe
    [2011/06/18 21:41:56 | 000,001,599 | -H-- | C] () -- C:\Documents and Settings\Administrator.LAPTOP\Start Menu\Programs\Remote Assistance.lnk
    [2011/06/18 00:40:45 | 000,000,176 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~20373284
    [2011/06/18 00:40:45 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~20373284r
    [2011/06/18 00:37:21 | 000,000,328 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\20373284
    [2011/06/18 00:37:15 | 000,410,624 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\20373284.exe
    [2011/06/18 00:31:10 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\11720.sys
    [2011/06/18 00:30:46 | 000,465,920 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\GdfsjdvCUlN.exe
    [2011/01/18 11:32:12 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe

    :Files
    ipconfig /flushdns /c
    attrib -H c:\*.* /s /d /c

    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

NOW

Run RogueKiller option 6

Once done could you run a fresh OTL scan and let me know the current state
  • 0

#8
jennefur8675
Posted 19 June 2011 - 08:09 PM

jennefur8675

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
Hello, thanks again. When you say 'Once done, run a fresh OTL scan and let me know the current state'

What do you mean run a fresh OTL scan? I am sorry, I am trying my best to understand you, but I am sooo lost.
  • 0

#9
jennefur8675
Posted 19 June 2011 - 08:22 PM

jennefur8675

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
Here is the OTL txt from the Quick Scan...


OTL logfile created on: 6/19/2011 9:17:10 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 87.49% Memory free
2.52 Gb Paging File | 2.46 Gb Available in Paging File | 97.35% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.65 Gb Total Space | 6.33 Gb Free Space | 12.25% Space Free | Partition Type: NTFS
Drive D: | 4.22 Gb Total Space | 1.65 Gb Free Space | 39.16% Space Free | Partition Type: FAT32
Drive F: | 1.87 Gb Total Space | 1.83 Gb Free Space | 98.10% Space Free | Partition Type: FAT
Drive G: | 494.00 Mb Total Space | 468.63 Mb Free Space | 94.86% Space Free | Partition Type: FAT

Computer Name: LAPTOP | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/17 10:10:00 | 000,579,072 | ---- | M] (OldTimer Tools) -- F:\OTL.com
PRC - [2010/07/16 21:42:43 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/17 10:10:00 | 000,579,072 | ---- | M] (OldTimer Tools) -- F:\OTL.com
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/07/20 18:03:21 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/16 21:43:32 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/06/27 02:37:04 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - [2011/05/05 16:04:35 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 21:43:01 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 14:14:28 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/01/19 04:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2004/06/26 04:05:30 | 000,341,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2003/10/20 21:09:26 | 000,065,664 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\rmedia.sys -- (rmedia)
DRV - [2003/10/14 22:08:22 | 000,197,120 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/10/14 22:05:48 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/10/14 22:04:16 | 001,043,072 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/08/13 02:27:22 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2001/08/17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.gatewaybiz.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =



O1 HOSTS File: ([2011/06/19 21:13:26 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} http://dlm.tools.aka...vex-2.2.0.5.cab (DownloadManager Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by13fd.bay13....es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://www.slide.com...ageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 13:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/18 21:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Local Settings\Application Data\Google
[2011/06/18 21:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Desktop\RK_Quarantine
[2011/06/18 21:43:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.LAPTOP\IETldCache
[2011/06/18 21:41:56 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Microsoft
[2011/06/18 21:41:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Favorites
[2011/06/18 21:41:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Application Data
[2011/06/18 21:41:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.LAPTOP\Cookies
[2011/06/18 21:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Application Data\SampleView
[2011/06/18 21:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Identities
[2011/06/18 21:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Desktop
[2011/06/18 21:41:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Start Menu\Programs\Startup
[2011/06/18 21:41:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Start Menu
[2011/06/18 21:41:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LAPTOP\SendTo
[2011/06/18 21:41:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Recent
[2011/06/18 21:41:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LAPTOP\My Documents\My Pictures
[2011/06/18 21:41:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LAPTOP\My Documents\My Music
[2011/06/18 21:41:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LAPTOP\My Documents
[2011/06/18 21:41:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Start Menu\Programs\Accessories
[2011/06/18 21:41:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Local Settings
[2011/06/18 21:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LAPTOP\WINDOWS
[2011/06/18 21:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Templates
[2011/06/18 21:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LAPTOP\PrintHood
[2011/06/18 21:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LAPTOP\NetHood
[2011/06/18 21:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Local Settings\Application Data\Microsoft
[2006/07/21 10:44:00 | 003,742,383 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\CoffeeFreeFTPInstaller.exe
[2006/05/18 00:27:24 | 020,809,296 | ---- | C] (eBay ) -- C:\Program Files\turboLister.exe
[2006/03/03 01:07:28 | 020,588,253 | ---- | C] (eBay ) -- C:\Program Files\turbolister2.exe
[34 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/19 21:16:17 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/19 21:15:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/19 21:13:26 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/18 21:36:48 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/18 00:58:09 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-652489410-3071714004-1282925375-1007UA.job
[2011/06/18 00:36:28 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/17 21:32:54 | 041,221,120 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/06/17 21:32:44 | 022,152,192 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/06/17 18:40:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/17 13:53:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-652489410-3071714004-1282925375-1007Core.job
[2011/06/15 16:28:54 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/14 22:57:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/09 17:16:02 | 077,566,112 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[34 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/18 21:41:58 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/18 21:41:58 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/18 21:41:58 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/18 21:41:56 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator.LAPTOP\Start Menu\Programs\Internet Explorer.lnk
[2011/06/18 21:41:56 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator.LAPTOP\Start Menu\Programs\Outlook Express.lnk
[2010/06/01 23:06:57 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/06/01 23:06:57 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2009/11/08 22:37:38 | 000,000,825 | ---- | C] () -- C:\WINDOWS\System32\wininit.dll
[2008/10/20 19:04:54 | 000,001,524 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/06/11 15:48:01 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2007/06/11 15:48:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2007/06/11 15:48:00 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/06/11 15:47:46 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2007/06/11 15:47:46 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2007/06/11 15:47:44 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/06/11 15:47:39 | 000,009,013 | ---- | C] () -- C:\WINDOWS\HL-2040.INI
[2007/06/11 15:45:22 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/06/11 15:45:22 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2040.DAT
[2007/01/11 20:27:45 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/09 21:34:56 | 000,098,958 | ---- | C] () -- C:\WINDOWS\hpiins02.dat
[2006/12/09 21:34:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl02.dat
[2006/12/03 14:12:26 | 000,003,701 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/11/13 01:54:04 | 002,855,080 | ---- | C] () -- C:\Program Files\aawsepersonal.exe
[2006/09/11 22:07:22 | 000,066,532 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/09/11 22:07:22 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2006/09/11 22:07:22 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2006/09/11 22:07:22 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2006/09/11 22:07:22 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2006/09/11 22:07:22 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2006/09/11 22:07:22 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/09/11 22:07:21 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/09/11 22:07:21 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2006/09/11 22:07:21 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2006/09/11 22:07:21 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006/09/11 22:07:21 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2006/09/11 22:07:21 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2006/09/11 22:07:21 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2006/09/11 22:04:28 | 000,000,025 | ---- | C] () -- C:\WINDOWS\EPCX7800.ini
[2006/04/30 01:54:16 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2006/04/30 01:46:23 | 000,000,196 | ---- | C] () -- C:\WINDOWS\EPSONCX6400.ini
[2006/03/03 03:27:15 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/10/24 02:28:49 | 000,353,298 | ---- | C] () -- C:\Program Files\LimeWireWin.exe
[2005/10/06 12:34:33 | 000,159,744 | ---- | C] () -- C:\Program Files\setup.exe
[2005/07/06 00:25:59 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/07/04 14:40:37 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2005/06/27 02:37:05 | 000,471,298 | ---- | C] () -- C:\WINDOWS\wallpg.exe
[2005/06/27 02:34:36 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/06/27 02:30:48 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/08/27 05:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/27 04:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/08/26 13:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/26 13:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/26 11:12:43 | 000,001,228 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 11:12:43 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 11:12:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/26 11:12:10 | 000,380,918 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/26 11:12:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/26 11:12:10 | 000,053,166 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/26 11:12:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/26 11:12:08 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/26 11:12:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/26 11:12:05 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/26 11:12:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/26 11:11:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/26 11:11:58 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\ljp13ig.dll
[2004/08/26 11:11:58 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2004/08/26 11:11:58 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2004/08/26 11:11:58 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2004/08/26 11:11:58 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2004/08/26 11:11:58 | 000,000,335 | ---- | C] () -- C:\WINDOWS\System32\gnzd6yo.dll
[2004/08/26 11:11:58 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2004/08/26 11:11:58 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/08/26 11:11:58 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\mv53urg.dll
[2004/08/26 11:11:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/26 11:11:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/26 05:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/26 05:54:01 | 000,208,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/09/03 21:04:00 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2005/06/27 02:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.LAPTOP\Application Data\SampleView
[2010/01/20 19:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/16 18:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/10/23 13:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/01/01 16:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/05/08 19:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/20 17:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VertusTech
[2011/01/18 11:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/06/14 22:57:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B682472

< End of report >
  • 0

#10
jennefur8675
Posted 19 June 2011 - 08:29 PM

jennefur8675

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
I hope this is the OTL scan you were looking for.....


OTL logfile created on: 6/19/2011 9:26:50 PM - Run 3
OTL by OldTimer - Version 3.2.24.1 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 83.99% Memory free
2.52 Gb Paging File | 2.43 Gb Available in Paging File | 96.21% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.65 Gb Total Space | 6.33 Gb Free Space | 12.25% Space Free | Partition Type: NTFS
Drive D: | 4.22 Gb Total Space | 1.65 Gb Free Space | 39.16% Space Free | Partition Type: FAT32
Drive F: | 1.87 Gb Total Space | 1.83 Gb Free Space | 98.10% Space Free | Partition Type: FAT
Drive G: | 494.00 Mb Total Space | 468.63 Mb Free Space | 94.86% Space Free | Partition Type: FAT

Computer Name: LAPTOP | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/17 10:10:00 | 000,579,072 | ---- | M] (OldTimer Tools) -- F:\OTL.com
PRC - [2010/07/16 21:42:43 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/17 10:10:00 | 000,579,072 | ---- | M] (OldTimer Tools) -- F:\OTL.com
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/07/20 18:03:21 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/16 21:43:32 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/06/27 02:37:04 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - [2011/05/05 16:04:35 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 21:43:01 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 14:14:28 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/01/19 04:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2004/06/26 04:05:30 | 000,341,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2003/10/20 21:09:26 | 000,065,664 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\rmedia.sys -- (rmedia)
DRV - [2003/10/14 22:08:22 | 000,197,120 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/10/14 22:05:48 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/10/14 22:04:16 | 001,043,072 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/08/13 02:27:22 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2001/08/17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.gatewaybiz.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =



O1 HOSTS File: ([2011/06/19 21:13:26 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} http://dlm.tools.aka...vex-2.2.0.5.cab (DownloadManager Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by13fd.bay13....es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://www.slide.com...ageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 13:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | --S- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/18 21:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Local Settings\Application Data\Google
[2011/06/18 21:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Desktop\RK_Quarantine
[2011/06/18 21:43:55 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.LAPTOP\IETldCache
[2011/06/18 21:41:56 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Microsoft
[2011/06/18 21:41:56 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.LAPTOP\Cookies
[2011/06/18 21:41:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Favorites
[2011/06/18 21:41:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Application Data
[2011/06/18 21:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Application Data\SampleView
[2011/06/18 21:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Identities
[2011/06/18 21:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Desktop
[2011/06/18 21:41:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Start Menu\Programs\Startup
[2011/06/18 21:41:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Start Menu
[2011/06/18 21:41:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LAPTOP\SendTo
[2011/06/18 21:41:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Recent
[2011/06/18 21:41:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LAPTOP\My Documents\My Pictures
[2011/06/18 21:41:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LAPTOP\My Documents\My Music
[2011/06/18 21:41:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LAPTOP\My Documents
[2011/06/18 21:41:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Start Menu\Programs\Accessories
[2011/06/18 21:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LAPTOP\WINDOWS
[2011/06/18 21:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Templates
[2011/06/18 21:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LAPTOP\PrintHood
[2011/06/18 21:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LAPTOP\NetHood
[2011/06/18 21:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Local Settings\Application Data\Microsoft
[2011/06/18 21:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.LAPTOP\Local Settings
[2006/07/21 10:44:00 | 003,742,383 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\CoffeeFreeFTPInstaller.exe
[2006/05/18 00:27:24 | 020,809,296 | ---- | C] (eBay ) -- C:\Program Files\turboLister.exe
[2006/03/03 01:07:28 | 020,588,253 | ---- | C] (eBay ) -- C:\Program Files\turbolister2.exe
[34 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/19 21:16:17 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/19 21:15:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/19 21:13:26 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/18 21:36:48 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/18 00:58:09 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-652489410-3071714004-1282925375-1007UA.job
[2011/06/18 00:36:28 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/17 21:32:54 | 041,221,120 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/06/17 21:32:44 | 022,152,192 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/06/17 18:40:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/17 13:53:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-652489410-3071714004-1282925375-1007Core.job
[2011/06/15 16:28:54 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/14 22:57:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/09 17:16:02 | 077,566,112 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[34 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/18 21:41:58 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/18 21:41:58 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/18 21:41:58 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/18 21:41:56 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator.LAPTOP\Start Menu\Programs\Internet Explorer.lnk
[2011/06/18 21:41:56 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator.LAPTOP\Start Menu\Programs\Outlook Express.lnk
[2010/06/01 23:06:57 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/06/01 23:06:57 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2009/11/08 22:37:38 | 000,000,825 | ---- | C] () -- C:\WINDOWS\System32\wininit.dll
[2008/10/20 19:04:54 | 000,001,524 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/06/11 15:48:01 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2007/06/11 15:48:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2007/06/11 15:48:00 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/06/11 15:47:46 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2007/06/11 15:47:46 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2007/06/11 15:47:44 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/06/11 15:47:39 | 000,009,013 | ---- | C] () -- C:\WINDOWS\HL-2040.INI
[2007/06/11 15:45:22 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/06/11 15:45:22 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2040.DAT
[2007/01/11 20:27:45 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/09 21:34:56 | 000,098,958 | ---- | C] () -- C:\WINDOWS\hpiins02.dat
[2006/12/09 21:34:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl02.dat
[2006/12/03 14:12:26 | 000,003,701 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/11/13 01:54:04 | 002,855,080 | ---- | C] () -- C:\Program Files\aawsepersonal.exe
[2006/09/11 22:07:22 | 000,066,532 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/09/11 22:07:22 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2006/09/11 22:07:22 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2006/09/11 22:07:22 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2006/09/11 22:07:22 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2006/09/11 22:07:22 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2006/09/11 22:07:22 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/09/11 22:07:21 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/09/11 22:07:21 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2006/09/11 22:07:21 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2006/09/11 22:07:21 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006/09/11 22:07:21 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2006/09/11 22:07:21 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2006/09/11 22:07:21 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2006/09/11 22:04:28 | 000,000,025 | ---- | C] () -- C:\WINDOWS\EPCX7800.ini
[2006/04/30 01:54:16 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2006/04/30 01:46:23 | 000,000,196 | ---- | C] () -- C:\WINDOWS\EPSONCX6400.ini
[2006/03/03 03:27:15 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/10/24 02:28:49 | 000,353,298 | ---- | C] () -- C:\Program Files\LimeWireWin.exe
[2005/10/06 12:34:33 | 000,159,744 | ---- | C] () -- C:\Program Files\setup.exe
[2005/07/06 00:25:59 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/07/04 14:40:37 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2005/06/27 02:37:05 | 000,471,298 | ---- | C] () -- C:\WINDOWS\wallpg.exe
[2005/06/27 02:34:36 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/06/27 02:30:48 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/08/27 05:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/27 04:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/08/26 13:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/26 13:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/26 11:12:43 | 000,001,228 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 11:12:43 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 11:12:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/26 11:12:10 | 000,380,918 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/26 11:12:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/26 11:12:10 | 000,053,166 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/26 11:12:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/26 11:12:08 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/26 11:12:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/26 11:12:05 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/26 11:12:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/26 11:11:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/26 11:11:58 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\ljp13ig.dll
[2004/08/26 11:11:58 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2004/08/26 11:11:58 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2004/08/26 11:11:58 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2004/08/26 11:11:58 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2004/08/26 11:11:58 | 000,000,335 | ---- | C] () -- C:\WINDOWS\System32\gnzd6yo.dll
[2004/08/26 11:11:58 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2004/08/26 11:11:58 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/08/26 11:11:58 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\mv53urg.dll
[2004/08/26 11:11:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/26 11:11:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/26 05:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/26 05:54:01 | 000,208,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/09/03 21:04:00 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2005/06/27 02:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.LAPTOP\Application Data\SampleView
[2010/01/20 19:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/16 18:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/10/23 13:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/01/01 16:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/05/08 19:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/20 17:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VertusTech
[2011/01/18 11:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/06/14 22:57:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B682472

< End of report >
  • 0

Advertisements

#11
Essexboy
Posted 20 June 2011 - 10:34 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It looks as though all your files and folders have returned :)

How is your computer behaving now ?

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#12
jennefur8675
Posted 20 June 2011 - 01:23 PM

jennefur8675

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6904

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/20/2011 2:21:17 PM
mbam-log-2011-06-20 (14-21-17).txt

Scan type: Quick scan
Objects scanned: 190986
Time elapsed: 17 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\spool\prtprocs\w32x86\1211F.tmp (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\jar_cache9119519134671653589.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  • 0

#13
Essexboy
Posted 20 June 2011 - 01:56 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What problems are remaining ?
  • 0

#14
jennefur8675
Posted 22 June 2011 - 02:23 PM

jennefur8675

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
seems to be all good as of now. Thanks so much for your help!! I do have another computer that got a virus or malware last year and I just went out and bought a mac cuz I didnt want to deal with all the headaches that PC's have caused me. But now my daughter wants a computer so I need to clean this PC up so it will work for her. Would you be able to help with this one too?
  • 0

#15
Essexboy
Posted 22 June 2011 - 02:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Aw go on then - let me clear this one first and then I will ask for the logs on the second

Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :unsure:


OK NEXT PLEASE :)

What problems is it experiencing ?

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP