Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I suspect a malware in GNR.EXE or GRN.EXE files


  • Please log in to reply

#46
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
To boot in normal mode:

Start, Run, msconfig , OK

Click on Normal Startup and Apply then when you boot you will be in normal mode but if you know which ones are bad you can then uncheck them and apply before you reboot. When msconfig comes up on its own after the boot you can check the box that says something like don't come up on next boot. If you are positive you know what it is then uninstall the associated program.
  • 0

Advertisements


#47
paulgleave

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron,

I have started in normal mode and it all seams to be fine, I think mcafee was a big problem after the malware. With avast and all the other things you have helped me do It is flying along. I did get another 1GB of ram just to seal the deal. I had forgotten what a normal computer is like :)

Is there any last test you would get me to do so you can see what you think?

I'm so happy and grateful for all your work.

Also I do have a laptop with trouble do I speak to you or start another post?

Kindest regards
Paul
  • 0

#48
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Process Explorer one more time please.

You can start the other one here if you like.
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#49
paulgleave

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron,
I have done the OTL scan here are both scans thanks.
Paul

OTL logfile created on: 30/07/2011 12:15:06 PM - Run 7
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Paul\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.94 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 59.82% Memory free
3.74 Gb Paging File | 3.11 Gb Available in Paging File | 83.16% Paging File free
Paging file location(s): C:\pagefile.sys 2000 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 118.59 Gb Total Space | 42.14 Gb Free Space | 35.53% Space Free | Partition Type: NTFS
Drive E: | 114.29 Gb Total Space | 72.34 Gb Free Space | 63.30% Space Free | Partition Type: NTFS

Computer Name: KOOROORA-61578C | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/30 12:09:07 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\My Documents\Downloads\OTL.exe
PRC - [2011/07/09 14:21:19 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/07/04 21:13:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 21:13:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/18 00:03:02 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/05/26 05:37:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Paul\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/03/08 15:23:54 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2010/12/01 23:56:40 | 000,574,216 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelAppStore\bin\serviceManager.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/06/22 13:22:52 | 000,138,752 | ---- | M] (Nokia) -- C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/05/11 10:11:58 | 000,134,144 | ---- | M] (Nokia) -- C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2009/10/27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/04/14 09:42:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/07/30 12:09:07 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\My Documents\Downloads\OTL.exe
MOD - [2011/07/04 21:13:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/24 01:42:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/18 14:02:32 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/07/04 21:13:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/18 00:03:02 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/04/01 01:47:32 | 000,745,472 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\GSService.exe -- (GSService)
SRV - [2011/02/16 09:37:38 | 000,245,760 | ---- | M] (SMServer) [Disabled | Stopped] -- C:\WINDOWS\System32\snmvtsvc.exe -- (SMServer)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 21:06:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 21:06:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 21:05:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 21:05:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 21:02:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 21:02:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 21:02:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/02/17 01:22:00 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2010/11/29 10:21:05 | 000,483,200 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.SYS -- (AF15BDA)
DRV - [2010/06/22 18:01:50 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/08/13 18:41:07 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/13 16:25:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007/06/22 09:54:32 | 000,087,424 | ---- | M] (Cmotech Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmusbnet.sys -- (cmusbnet) WAN Driver @ 3GPP (6280)
DRV - [2006/12/13 18:31:56 | 000,087,040 | ---- | M] (Cmotech Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmusbser.sys -- (cmusbser)
DRV - [2006/11/27 16:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/11/27 16:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/10/18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/07/09 04:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Paul\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2011/07/27 09:23:04 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files\Intel\IntelAppStore\bin\serviceManager.lnk ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Paul\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Paul\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/13 18:22:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/29 22:58:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/07/29 20:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2011/07/29 20:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/07/29 19:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Pro Antivirus
[2011/07/27 17:34:18 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/27 17:34:18 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/27 17:34:15 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/27 17:34:15 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/27 17:34:14 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/27 17:34:13 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/27 17:34:13 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/27 17:34:13 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/27 17:33:23 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/27 17:33:19 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/27 17:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/27 17:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/07/25 22:38:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/24 12:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
[2011/07/24 12:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/07/23 21:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\geekstogo software
[2011/07/23 21:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\log files
[2011/07/23 12:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Start Menu\Programs\Google Chrome
[2011/07/22 21:20:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/07/22 16:07:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/22 16:04:21 | 000,000,000 | ---D | C] -- C:\george
[2011/07/21 19:28:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/21 19:28:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/21 19:28:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/21 19:28:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/21 19:28:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/21 19:27:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/21 16:39:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Malwarebytes
[2011/07/21 16:39:44 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/21 16:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/21 16:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/21 16:39:35 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/21 16:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/21 16:11:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/20 22:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Windows Search
[2011/07/20 22:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Windows Desktop Search
[2011/07/20 22:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/07/20 22:19:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/07/20 22:18:18 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/07/20 21:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/20 21:33:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/20 21:33:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/20 21:33:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/20 18:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/20 18:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/07/20 18:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/07/20 18:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2011/07/20 18:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/07/20 18:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/07/20 16:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/07/20 16:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Citrix
[2011/07/19 11:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/18 22:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/18 20:43:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Nero_AG
[2011/07/18 20:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\BitTorrent
[2011/07/18 19:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\AVS4YOU
[2011/07/18 17:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Library
[2011/07/18 17:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\com.adobe.ExMan
[2011/07/18 16:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\PCHealth
[2011/07/18 15:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft Help
[2011/07/18 15:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/07/18 12:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Nero
[2011/07/18 12:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Nero
[2011/07/18 12:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2011/07/14 18:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2011/07/14 17:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/07/07 20:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\com.miniclip.vikingdefense
[2011/07/07 20:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\vikingdefense
[2011/07/02 14:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Lazy 8 Studios
[2011/07/02 14:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Lazy 8 Studios
[2011/07/01 19:22:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Dropbox
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/30 11:34:05 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1450960922-2146968213-1004UA.job
[2011/07/30 11:29:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/29 22:55:33 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/29 22:55:08 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/29 22:54:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/29 22:52:29 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/07/29 19:57:11 | 000,280,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/29 19:52:26 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/29 19:19:32 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2011/07/29 18:00:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/07/29 15:21:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/29 12:34:07 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1450960922-2146968213-1004Core.job
[2011/07/27 09:23:04 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/25 23:17:02 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/07/23 12:33:03 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/23 10:47:48 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/21 16:39:44 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/20 22:19:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/20 22:19:41 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/07/20 22:19:33 | 000,505,546 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/20 22:19:33 | 000,087,530 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/20 20:49:45 | 000,001,676 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\e-Sword.lnk
[2011/07/20 20:36:21 | 000,000,147 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/07/20 19:26:39 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop Elements 6.0.lnk
[2011/07/20 19:25:33 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Shrink 3.2.lnk
[2011/07/20 19:25:16 | 000,000,991 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Dropbox.lnk
[2011/07/20 18:08:44 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/07/20 17:01:06 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/07/20 10:45:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/18 20:17:07 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/18 16:09:36 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Angry Birds.lnk
[2011/07/18 13:15:36 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/07/18 13:15:36 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/07/15 13:28:40 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Cogs GO Lite.lnk
[2011/07/15 10:46:20 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fruit Ninja Lite.lnk
[2011/07/07 20:58:54 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\vikingdefense.lnk
[2011/07/07 18:02:35 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/04 21:13:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 21:13:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 21:06:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 21:06:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 21:05:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 21:05:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 21:05:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 21:02:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 21:02:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 21:02:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/30 19:45:00 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/29 19:19:32 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2011/07/29 15:39:13 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/07/29 15:39:13 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/07/28 20:20:49 | 000,000,991 | ---- | C] () -- C:\Documents and Settings\Paul\Start Menu\Programs\Startup\Dropbox.lnk
[2011/07/25 23:17:02 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/07/23 12:33:03 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/23 12:29:56 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1450960922-2146968213-1004UA.job
[2011/07/23 12:29:55 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1450960922-2146968213-1004Core.job
[2011/07/23 10:47:48 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/22 16:07:59 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2011/07/22 16:07:56 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/21 19:28:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/21 19:28:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/21 19:28:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/21 19:28:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/21 19:28:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/21 16:39:44 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/21 00:35:26 | 000,323,638 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-725345543-1450960922-2146968213-1004-0.dat
[2011/07/20 22:19:41 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/07/20 20:49:45 | 000,001,676 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\e-Sword.lnk
[2011/07/20 19:30:18 | 000,323,638 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/07/20 19:26:39 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop Elements 6.0.lnk
[2011/07/20 19:25:33 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Shrink 3.2.lnk
[2011/07/20 19:25:16 | 000,000,991 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Dropbox.lnk
[2011/07/20 19:10:27 | 000,000,147 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/07/20 16:41:29 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/07/19 12:36:22 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/07/18 15:48:33 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/07/18 13:15:45 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Paul\Start Menu\Programs\Windows Media Player.lnk
[2011/07/07 20:58:54 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\vikingdefense.lnk
[2011/07/07 20:58:53 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\vikingdefense.lnk
[2011/07/02 14:22:55 | 000,002,473 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Cogs GO Lite.lnk
[2011/07/02 14:22:55 | 000,002,018 | ---- | C] () -- C:\Documents and Settings\Paul\Start Menu\Programs\Cogs GO Lite.lnk
[2011/06/17 20:48:54 | 000,060,424 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/28 20:04:58 | 000,745,472 | ---- | C] () -- C:\WINDOWS\System32\GSService.exe
[2010/10/10 14:41:24 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo.dll
[2010/10/10 14:41:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/10/10 14:40:12 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\AF15IRTBL.bin
[2010/07/08 11:51:42 | 001,325,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/08 08:33:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/11 21:05:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/11/22 18:21:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Biblica.ini
[2009/09/29 16:20:00 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/31 13:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/08/31 13:00:21 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\MemWarp.dll
[2009/08/30 17:12:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/26 21:44:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/08/14 03:23:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/14 03:21:29 | 000,280,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/13 18:54:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/13 18:32:57 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/08/13 18:25:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/13 18:18:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/01/15 03:31:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/10/31 16:05:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/31 16:05:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/31 16:05:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/31 16:05:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/31 16:05:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/31 16:05:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/31 16:05:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/31 16:05:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/31 16:05:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/31 16:05:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/31 16:05:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/02/28 21:30:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 21:30:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 21:30:00 | 000,505,546 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 21:30:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 21:30:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 21:30:00 | 000,087,530 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 21:30:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 21:30:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 21:30:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 21:30:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 21:30:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 21:30:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >


Here is the extras log


OTL Extras logfile created on: 30/07/2011 12:15:06 PM - Run 7
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Paul\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.94 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 59.82% Memory free
3.74 Gb Paging File | 3.11 Gb Available in Paging File | 83.16% Paging File free
Paging file location(s): C:\pagefile.sys 2000 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 118.59 Gb Total Space | 42.14 Gb Free Space | 35.53% Space Free | Partition Type: NTFS
Drive E: | 114.29 Gb Total Space | 72.34 Gb Free Space | 63.30% Space Free | Partition Type: NTFS

Computer Name: KOOROORA-61578C | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Paul\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Paul\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 26
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35DF5855-7594-43C3-9119-0975FDFF6551}" = Fruit Ninja Lite 1.6.1
"{3B1329C8-C239-45F8-A4A7-E4477A9B0FED}" = Cogs GO Lite
"{3B345B4A-2E94-4346-A38F-17E1347A0DA7}" = HTC Sync
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F181B53-B319-470F-8AEE-97DEEE5CF651}" = Microsoft DirectX 9.0 SDK Update (October 2005)
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{467A73C0-B843-CF75-0587-3F5CC2FE1165}" = Wattpad
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2D930-E542-8438-B5C0-F494AF7BB76B}" = Viking Defense
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F8A6D44-5ABC-4C5A-9BD8-D6312EA1E9F8}" = BigPond Broadband ADSL
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{957645C3-8003-465B-839E-AFF5A5824B35}" = e-Sword
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC30CF7C-2D62-4910-9147-3EC8EA5EB6D1}" = Angry Birds
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"0D5BC5DD5940677F9B5623C12951388F5EF72436" = Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (02/07/2007 5.1283.0207.2007)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"84261EAEDFA5240ACFFEDFB145134E295B649795" = Windows Driver Package - Thomson (USB_RNDIS) Net (02/16/2004 1.0.0.3)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"avast" = avast! Pro Antivirus
"AVS Video Editor_is1" = AVS Video Editor 5
"com.miniclip.vikingdefense.none" = Viking Defense
"DVD Shrink_is1" = DVD Shrink 3.2
"EDE780BB5DCF2C3476C105BAE4CC1175516E9173" = Windows Driver Package - NETGEAR (W8335XP) Net (02/22/2005 3.1.1.7)
"ie8" = Windows Internet Explorer 8
"Intel AppUp(SM) center 18988" = Intel AppUp(SM) center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"McAfee Virtual Technician" = McAfee Virtual Technician
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MP Navigator 2.2" = Canon MP Navigator 2.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"OUTLOOKR" = Microsoft Office Outlook 2007
"SoundTaxi_is1" = SoundTaxi 4.1.8
"Speccy" = Speccy
"Wattpad.none" = Wattpad
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/07/2011 10:01:26 PM | Computer Name = KOOROORA-61578C | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x000010e1.

Error - 25/07/2011 10:33:28 PM | Computer Name = KOOROORA-61578C | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE
TOTAL PROTECTION.LNK> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 25/07/2011 10:33:28 PM | Computer Name = KOOROORA-61578C | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE
TOTAL PROTECTION.LNK> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 26/07/2011 7:57:38 PM | Computer Name = KOOROORA-61578C | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE
TOTAL PROTECTION.LNK> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 26/07/2011 7:57:38 PM | Computer Name = KOOROORA-61578C | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE
TOTAL PROTECTION.LNK> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 27/07/2011 3:40:31 AM | Computer Name = KOOROORA-61578C | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE
TOTAL PROTECTION.LNK> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 27/07/2011 3:40:31 AM | Computer Name = KOOROORA-61578C | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE
TOTAL PROTECTION.LNK> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 28/07/2011 6:50:54 AM | Computer Name = KOOROORA-61578C | Source = Application Error | ID = 1000
Description = Faulting application apdproxy.exe, version 4.5.0.20477, faulting module
apdboot.dll, version 4.5.0.20477, fault address 0x0000e6e1.

Error - 29/07/2011 10:29:22 AM | Computer Name = KOOROORA-61578C | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module hotplug.dll, version 5.1.2600.5512, fault address 0x000048c4.

Error - 29/07/2011 10:39:42 AM | Computer Name = KOOROORA-61578C | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module hotplug.dll, version 5.1.2600.5512, fault address 0x000048c4.

[ System Events ]
Error - 29/07/2011 2:03:23 AM | Computer Name = KOOROORA-61578C | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ServiceLayer
with arguments "" in order to run the server: {ACF50018-41F8-476D-85FD-CD953DAE4A49}

Error - 29/07/2011 2:03:26 AM | Computer Name = KOOROORA-61578C | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ServiceLayer
with arguments "" in order to run the server: {ACF50018-41F8-476D-85FD-CD953DAE4A49}

Error - 29/07/2011 2:03:29 AM | Computer Name = KOOROORA-61578C | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ServiceLayer
with arguments "" in order to run the server: {ACF50018-41F8-476D-85FD-CD953DAE4A49}

Error - 29/07/2011 2:07:59 AM | Computer Name = KOOROORA-61578C | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ServiceLayer
with arguments "" in order to run the server: {ACF50018-41F8-476D-85FD-CD953DAE4A49}

Error - 29/07/2011 2:08:02 AM | Computer Name = KOOROORA-61578C | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ServiceLayer
with arguments "" in order to run the server: {ACF50018-41F8-476D-85FD-CD953DAE4A49}

Error - 29/07/2011 2:11:42 AM | Computer Name = KOOROORA-61578C | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 29/07/2011 6:19:59 AM | Computer Name = KOOROORA-61578C | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 29/07/2011 6:23:29 AM | Computer Name = KOOROORA-61578C | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 29/07/2011 6:28:35 AM | Computer Name = KOOROORA-61578C | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ServiceLayer
with arguments "" in order to run the server: {ACF50018-41F8-476D-85FD-CD953DAE4A49}

Error - 29/07/2011 6:28:44 AM | Computer Name = KOOROORA-61578C | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ServiceLayer
with arguments "" in order to run the server: {ACF50018-41F8-476D-85FD-CD953DAE4A49}


< End of report >
  • 0

#50
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Uninstall:
PC Connectivity Solution (This is from Nokia and it's causing problems per the event logs.)
McAfee Security Scan Plus
McAfee Virtual Technician


Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses


:OTL
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - Reg Error: Key error. File not found
[2011/07/29 18:00:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/07/20 20:36:21 | 000,000,147 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/07/20 18:08:44 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config cisvc start= disabled /c

    
:Commands
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it :!:



:!: Disable your Antivirus software when downloading or running Combofix.

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted



Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.


If you haven't already done this:
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron
  • 0

#51
paulgleave

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron,
I have run OTL here is the log I will follow the rest of your instructions now.
Regards
Paul

========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk moved successfully.
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe moved successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\dssrequest\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}\ not found.
File {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\sacore\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}\ not found.
File {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-mfe-ipt\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EF5086B-5478-4598-A054-786C45D75692}\ not found.
C:\WINDOWS\tasks\ParetoLogic Registration.job moved successfully.
C:\WINDOWS\wininit.ini moved successfully.
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk not found.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Paul\Desktop\geekstogo software\cmd.bat deleted successfully.
C:\Documents and Settings\Paul\Desktop\geekstogo software\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Paul\Desktop\geekstogo software\cmd.bat deleted successfully.
C:\Documents and Settings\Paul\Desktop\geekstogo software\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Paul\Desktop\geekstogo software\cmd.bat deleted successfully.
C:\Documents and Settings\Paul\Desktop\geekstogo software\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Paul\Desktop\geekstogo software\cmd.bat deleted successfully.
C:\Documents and Settings\Paul\Desktop\geekstogo software\cmd.txt deleted successfully.
< sc config cisvc start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Paul\Desktop\geekstogo software\cmd.bat deleted successfully.
C:\Documents and Settings\Paul\Desktop\geekstogo software\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 07302011_165313

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#52
paulgleave

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron,

Im having a problem downloading malware from your link? it takes me to download then to this site http://majorgeeks.co...ad.php?det=5756 and then the dowload page will not open?

I did a google and got it from another place. here is the log
Regards
Paul


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7323

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30/07/2011 5:38:07 PM
mbam-log-2011-07-30 (17-38-07).txt

Scan type: Quick scan
Objects scanned: 164301
Time elapsed: 14 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by paulgleave, 30 July 2011 - 02:08 AM.

  • 0

#53
paulgleave

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron Combofix log :)


ComboFix 11-07-29.03 - Paul 30/07/2011 17:54:26.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1285 [GMT 9.5:30]
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-30 )))))))))))))))))))))))))))))))
.
.
2011-07-30 07:51 . 2011-07-06 10:22 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-30 07:51 . 2011-07-06 10:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-30 07:05 . 2011-07-30 07:05 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-30 06:55 . 2011-07-30 06:55 -------- d-----w- c:\windows\nview
2011-07-30 06:55 . 2011-07-30 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2011-07-30 06:07 . 2011-07-30 06:59 -------- d-s---w- c:\documents and settings\UpdatusUser
2011-07-30 05:36 . 2011-07-30 07:02 -------- d-----w- c:\program files\NVIDIA Corporation
2011-07-29 10:58 . 2011-07-29 10:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2011-07-29 10:39 . 2011-07-29 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-07-27 08:04 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-27 08:04 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-27 08:04 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-27 08:04 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-27 08:04 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-27 08:04 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-27 08:04 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-27 08:04 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-27 08:03 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-27 08:03 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-27 08:02 . 2011-07-27 08:02 -------- d-----w- c:\program files\AVAST Software
2011-07-27 08:02 . 2011-07-27 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-07-24 03:13 . 2011-07-24 03:13 -------- d-----w- c:\program files\Speccy
2011-07-22 06:34 . 2011-07-22 06:51 -------- d-----w- C:\george
2011-07-21 07:09 . 2011-07-21 07:09 -------- d-----w- c:\documents and settings\Paul\Application Data\Malwarebytes
2011-07-21 07:09 . 2011-07-21 07:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-21 07:09 . 2011-07-30 07:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-21 06:41 . 2011-07-21 06:41 -------- d-----w- C:\_OTL
2011-07-20 13:20 . 2011-07-20 13:20 -------- d-----w- c:\documents and settings\Paul\Application Data\Windows Search
2011-07-20 12:59 . 2011-07-20 12:59 -------- d-----w- c:\documents and settings\Paul\Application Data\Windows Desktop Search
2011-07-20 12:50 . 2011-07-20 12:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-07-20 12:49 . 2011-07-20 15:41 -------- d-----w- c:\program files\Windows Desktop Search
2011-07-20 12:49 . 2011-07-20 12:49 -------- d-----w- c:\windows\system32\GroupPolicy
2011-07-20 12:03 . 2011-07-20 12:03 -------- d-----w- c:\program files\Common Files\Java
2011-07-20 09:07 . 2011-07-23 08:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-20 09:07 . 2011-07-23 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-20 09:02 . 2011-07-20 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2011-07-20 07:23 . 2011-07-20 07:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2011-07-20 07:16 . 2011-07-20 07:16 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\Citrix
2011-07-19 02:19 . 2011-07-19 02:19 -------- d-----w- c:\program files\Trend Micro
2011-07-18 13:21 . 2011-07-18 13:21 -------- d-----w- c:\documents and settings\Paul\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-07-18 10:36 . 2011-07-18 10:42 -------- d-----w- c:\documents and settings\Paul\Application Data\BitTorrent
2011-07-18 07:48 . 2011-07-18 07:48 -------- d-----w- c:\documents and settings\Paul\Library
2011-07-18 07:48 . 2011-07-18 07:48 -------- d-----w- c:\documents and settings\Paul\Application Data\com.adobe.ExMan
2011-07-18 06:55 . 2011-07-18 06:55 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\PCHealth
2011-07-18 06:11 . 2011-07-18 06:11 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\Microsoft Help
2011-07-18 06:10 . 2011-07-30 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2011-07-18 03:16 . 2011-07-20 09:57 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\Nero
2011-07-18 03:16 . 2011-07-18 14:00 -------- d-----w- c:\documents and settings\Paul\Application Data\Nero
2011-07-18 02:57 . 2011-07-18 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2011-07-14 07:50 . 2011-07-30 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-07-07 11:29 . 2011-07-07 11:29 -------- d-----w- c:\documents and settings\Paul\Application Data\com.miniclip.vikingdefense
2011-07-07 11:28 . 2011-07-07 11:28 -------- d-----w- c:\program files\vikingdefense
2011-07-02 04:53 . 2011-07-02 04:53 -------- d-----w- c:\documents and settings\Paul\Application Data\Lazy 8 Studios
2011-07-02 04:52 . 2011-07-02 04:52 -------- d-----w- c:\program files\Lazy 8 Studios
2011-07-01 09:52 . 2011-07-01 09:52 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:02 . 2006-02-28 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-03 19:22 . 2010-06-03 08:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-03 16:55 . 2009-10-23 23:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2009-08-13 08:48 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((( [email protected]_06.48.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-11 13:35 . 2009-07-11 13:35 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 14:35 . 2009-07-11 14:35 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
- 2009-07-11 13:35 . 2009-07-11 13:35 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2009-07-11 14:35 . 2009-07-11 14:35 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2009-08-13 17:52 . 2006-02-28 12:00 13600 c:\windows\system32\dllcache\wfwnet.drv
- 2006-02-28 12:00 . 2006-02-28 12:00 13600 c:\windows\system32\dllcache\wfwnet.drv
- 2006-02-28 12:00 . 2006-02-28 12:00 19200 c:\windows\system32\dllcache\tapi.dll
+ 2009-08-13 17:52 . 2006-02-28 12:00 19200 c:\windows\system32\dllcache\tapi.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 82944 c:\windows\system32\dllcache\olecli.dll
+ 2009-08-13 17:52 . 2006-02-28 12:00 82944 c:\windows\system32\dllcache\olecli.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 68768 c:\windows\system32\dllcache\mmsystem.dll
+ 2009-08-13 17:52 . 2006-02-28 12:00 68768 c:\windows\system32\dllcache\mmsystem.dll
+ 2009-08-13 17:52 . 2006-02-28 12:00 28160 c:\windows\system32\dllcache\mciwave.drv
- 2006-02-28 12:00 . 2006-02-28 12:00 28160 c:\windows\system32\dllcache\mciwave.drv
+ 2009-08-13 08:48 . 2008-04-14 00:12 18432 c:\windows\system32\dllcache\hscupd.exe
+ 2009-08-13 17:52 . 2006-02-28 12:00 32816 c:\windows\system32\dllcache\commdlg.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 32816 c:\windows\system32\dllcache\commdlg.dll
- 2009-08-13 08:58 . 2011-07-22 05:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-13 08:58 . 2011-07-27 00:56 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-13 08:58 . 2011-07-22 05:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-08-13 08:58 . 2011-07-27 00:56 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-13 08:58 . 2011-07-22 05:33 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-07-24 09:59 . 2011-07-27 00:56 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-08-13 09:24 . 2011-07-28 11:05 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-08-13 09:24 . 2011-07-13 17:31 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-08-13 09:24 . 2011-07-28 11:05 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-08-13 09:24 . 2011-07-13 17:31 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-08-13 09:24 . 2011-07-13 17:31 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-08-13 09:24 . 2011-07-28 11:05 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-08-13 09:24 . 2011-07-13 17:31 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-08-13 09:24 . 2011-07-28 11:05 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-08-13 09:24 . 2011-07-28 11:05 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-08-13 09:24 . 2011-07-13 17:31 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-08-13 09:24 . 2011-07-28 11:05 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-08-13 09:24 . 2011-07-13 17:31 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2003-07-31 05:55 . 2003-07-31 05:55 64088 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
+ 2003-07-14 13:27 . 2003-07-14 13:27 87096 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL
- 2006-02-28 12:00 . 2006-02-28 12:00 2176 c:\windows\system32\dllcache\vga.drv
+ 2009-08-13 17:52 . 2006-02-28 12:00 2176 c:\windows\system32\dllcache\vga.drv
+ 2009-08-13 17:52 . 2006-02-28 12:00 5120 c:\windows\system32\dllcache\shell.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 5120 c:\windows\system32\dllcache\shell.dll
+ 2009-08-13 17:52 . 2006-02-28 12:00 9936 c:\windows\system32\dllcache\lzexpand.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 9936 c:\windows\system32\dllcache\lzexpand.dll
- 2009-08-13 09:24 . 2011-07-13 17:31 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-08-13 09:24 . 2011-07-28 11:05 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-07-11 14:32 . 2009-07-11 14:32 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
- 2009-07-11 13:32 . 2009-07-11 13:32 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
- 2009-07-11 13:32 . 2009-07-11 13:32 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 14:32 . 2009-07-11 14:32 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 14:35 . 2009-07-11 14:35 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
- 2009-07-11 13:35 . 2009-07-11 13:35 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 14:32 . 2009-07-11 14:32 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
- 2009-07-11 13:32 . 2009-07-11 13:32 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2006-10-31 06:35 . 2006-10-31 06:35 196608 c:\windows\system32\nvapi(3).dll
+ 2006-10-31 06:35 . 2006-10-31 06:35 196608 c:\windows\system32\nvapi(2).dll
+ 2009-08-13 17:51 . 2011-07-29 10:27 280536 c:\windows\system32\FNTCACHE.DAT
+ 2009-08-13 08:48 . 2008-04-14 00:12 150528 c:\windows\system32\dllcache\uploadm.exe
+ 2009-08-13 17:52 . 2006-02-28 12:00 109456 c:\windows\system32\dllcache\avifile.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 109456 c:\windows\system32\dllcache\avifile.dll
+ 2006-02-28 12:00 . 2008-04-14 00:12 256512 c:\windows\system32\dllcache\agentsvr.exe
+ 2008-11-05 02:32 . 2008-11-05 02:32 119296 c:\windows\Installer\7bbdf.msp
- 2009-08-13 09:24 . 2011-07-13 17:31 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-08-13 09:24 . 2011-07-28 11:05 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-08-13 09:24 . 2011-07-13 17:31 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-08-13 09:24 . 2011-07-28 11:05 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-08-13 09:24 . 2011-07-28 11:05 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-08-13 09:24 . 2011-07-13 17:31 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-08-13 09:24 . 2011-07-13 17:31 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-08-13 09:24 . 2011-07-28 11:05 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-08-13 09:24 . 2011-07-13 17:31 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-08-13 09:24 . 2011-07-28 11:05 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-08-13 09:24 . 2011-07-28 11:05 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-08-13 09:24 . 2011-07-13 17:31 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2003-07-31 05:55 . 2003-07-31 05:55 223800 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
+ 2003-07-14 13:21 . 2003-07-14 13:21 116288 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSCONV97.DLL
+ 2009-07-11 14:32 . 2009-07-11 14:32 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
- 2009-07-11 13:32 . 2009-07-11 13:32 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
- 2009-07-11 13:32 . 2009-07-11 13:32 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2009-07-11 14:32 . 2009-07-11 14:32 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2011-07-22 13:03 . 2011-07-30 07:07 2854496 c:\windows\system32\Restore\rstrlog.dat
+ 2006-10-31 06:35 . 2006-10-31 06:35 4493952 c:\windows\system32\nv4_disp(6).dll
+ 2006-10-31 06:35 . 2006-10-31 06:35 4493952 c:\windows\system32\nv4_disp(5).dll
+ 2006-10-31 06:35 . 2006-10-31 06:35 4493952 c:\windows\system32\nv4_disp(4).dll
+ 2006-10-31 06:35 . 2006-10-31 06:35 4493952 c:\windows\system32\nv4_disp(3).dll
+ 2006-10-31 06:35 . 2006-10-31 06:35 4493952 c:\windows\system32\nv4_disp(2).dll
+ 2009-04-13 19:20 . 2009-04-13 19:20 5191680 c:\windows\Installer\37859b9.msp
+ 2009-04-13 19:21 . 2009-04-13 19:21 1303040 c:\windows\Installer\37859b0.msp
+ 2009-05-06 23:34 . 2009-05-06 23:34 18341376 c:\windows\Installer\37859c2.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Paul\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Paul\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Paul\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Paul\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-08 26100520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"Intel AppUp(SM) center"="c:\program files\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-04-22 933]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"nwiz"="nwiz.exe" [2006-10-31 1622016]
"NvMediaCenter"="NvMCTray.dll" [2006-10-31 86016]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-03-08 585728]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Paul\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Paul\Application Data\Dropbox\bin\Dropbox.exe [2011-5-26 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Paul\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27/07/2011 5:34 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27/07/2011 5:34 PM 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/07/2011 5:34 PM 19544]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [28/04/2011 8:04 PM 23608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/06/2010 1:04 PM 136176]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [16/09/2010 2:06 PM 80896]
S3 cmusbnet;WAN Driver @ 3GPP (6280);c:\windows\system32\drivers\cmusbnet.sys [6/06/2007 11:36 AM 87424]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [13/12/2006 6:31 PM 87040]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14/06/2010 1:04 PM 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [16/05/2011 5:44 PM 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/2010 6:01 PM 21248]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
S4 GSService;GSService;c:\windows\system32\GSService.exe [28/04/2011 8:04 PM 745472]
S4 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [28/04/2011 8:04 PM 245760]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-14 03:34]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-14 03:34]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1450960922-2146968213-1004Core.job
- c:\documents and settings\Paul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-23 02:59]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1450960922-2146968213-1004UA.job
- c:\documents and settings\Paul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-23 02:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-30 18:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(440)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\documents and settings\Paul\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-07-30 18:24:32
ComboFix-quarantined-files.txt 2011-07-30 08:54
ComboFix2.txt 2011-07-24 08:45
ComboFix3.txt 2011-07-23 09:50
ComboFix4.txt 2011-07-22 06:51
.
Pre-Run: 44,668,899,328 bytes free
Post-Run: 44,496,744,448 bytes free
.
- - End Of File - - 45333E03EEC4B9548A0ACF6291227C5E
  • 0

#54
paulgleave

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron
here is the aswmbr log.
Thanks again


aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software
Run date: 2011-07-30 18:30:23
-----------------------------
18:30:23.890 OS Version: Windows 5.1.2600 Service Pack 3
18:30:23.890 Number of processors: 2 586 0x4B02
18:30:23.890 ComputerName: KOOROORA-61578C UserName: Paul
18:30:28.734 Initialize success
18:30:29.703 AVAST engine defs: 11072901
18:30:59.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
18:30:59.578 Disk 0 Vendor: WDC_WD2500JB-00REA0 20.00K20 Size: 238474MB BusType: 3
18:30:59.609 Disk 0 MBR read successfully
18:30:59.609 Disk 0 MBR scan
18:30:59.609 Disk 0 Windows XP default MBR code
18:30:59.656 Disk 0 scanning sectors +488392065
18:30:59.812 Disk 0 scanning C:\WINDOWS\system32\drivers
18:31:26.796 Service scanning
18:31:31.015 Disk 0 trace - called modules:
18:31:31.031 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
18:31:31.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a55cab8]
18:31:31.031 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000005d[0x8a5009e8]
18:31:31.031 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-c[0x8a4fbd98]
18:31:32.593 AVAST engine scan C:\WINDOWS
18:31:50.937 AVAST engine scan C:\WINDOWS\system32
18:38:12.875 AVAST engine scan C:\WINDOWS\system32\drivers
18:38:44.609 AVAST engine scan C:\Documents and Settings\Paul
19:10:52.312 AVAST engine scan C:\Documents and Settings\All Users
19:30:09.781 Scan finished successfully
20:56:20.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Paul\Desktop\MBR.dat"
20:56:20.687 The log file has been saved successfully to "C:\Documents and Settings\Paul\Desktop\aswMBR.txt"
  • 0

#55
paulgleave

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron,

After following this instruction Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

It got to about 20% into the scan and kept asking for the CD, the message was files must be copied to DLL cache. It didn't have an option to skip it was retry, more info, cancel I did cancel and then it asked to skip I did that and it kept asking the same thing and would go no further.

the sigverif didnt show anu list at the end it said finished that was all.

I did a reboot scan with avast the night I downloaded it it found one problem and then deleted it.

What would you like me to do?

Kindest Regards
Paul
  • 0

Advertisements


#56
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

#57
paulgleave

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron,

I did a boot scan with avast and it took 7hours got one virus. It was removed and deleted.

Here is Vino Rossi tool log
Vino's Event Viewer v01c run on Windows XP in English
Report run at 31/07/2011 5:30:28 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Regards
Paul

Edited by paulgleave, 31 July 2011 - 02:01 AM.

  • 0

#58
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Attach the file to your next post.


What exactly is wrong with this beast anyway?
  • 0

#59
paulgleave

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi Ron,

I suspect it was malware stuff and the fact I had mcafee was making it slow. I think its ok now, but wanted to know what you thought.

I will run the next 2 processes.

Kindest Regards
Paul
  • 0

#60
paulgleave

paulgleave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
HI Ron,
here are the logs. First speccy
Summary
Operating System
MS Windows XP Home 32-bit SP3
CPU
AMD Athlon 64 X2 4600+ 43 °C
Windsor 90nm Technology
RAM
2.00 GB Dual-Channel DDR2 @ 301MHz (5-5-5-15)
Motherboard
Gigabyte Technology Co., Ltd. M61SME-S2 (Socket M2) 38 °C
Graphics
AL1717 ([email protected])
GeForce 6100 nForce 405 (Gigabyte)
Hard Drives
244GB Western Digital WDC WD2500JB-00REA0 (PATA) 30 °C
Optical Drives
TSSTcorp CD/DVDW SH-W162Z
Audio
Realtek High Definition Audio
Operating System
MS Windows XP Home 32-bit SP3
Installation Date: 13 August 2009, 18:25

Windows Security Center
Firewall Enabled
Windows Update
AutoUpdate Download Automatically and Install at Set Scheduled time
Schedule Frequency Every day
Schedule Time 3 am
Antivirus
Antivirus Enabled
Company Name AVAST Software
Display Name avast! Antivirus
Product Version 5.0.100664499
TimeZone
TimeZone GMT +9 Hours
Language English
Country Australia
Currency $
Date Format M/d/yyyy
Time Format h:mm:ss tt
Power Profile
Active power scheme Home/Office Desk
Hibernation Disabled
Scheduler
7/31/2011 6:29 PM GoogleUpdateTaskMachineUA
7/31/2011 6:29 PM GoogleUpdateTaskMachineCore
7/31/2011 6:34 PM GoogleUpdateTaskUserS-1-5-21-725345543-1450960922-2146968213-1004UA
8/1/2011 12:34 PM GoogleUpdateTaskUserS-1-5-21-725345543-1450960922-2146968213-1004Core
Hotfixes
7/30/2011 nVidia - Display, Other hardware - NVIDIA GeForce 6100 nForce 405
7/30/2011 Update for Microsoft Office Outlook 2007 Help (KB963677)
7/30/2011 Update for Microsoft Script Editor Help (KB963671)
7/30/2011 Update for the 2007 Microsoft Office System Help for Common Features (KB963673)
7/28/2011 Update for Microsoft Office 2003 (KB949074)
7/23/2011 Security Update for Windows XP (KB959426)
7/20/2011 Security Update for Microsoft Visual C++ 2010 Redistributable Package (KB2467173)
7/20/2011 Security Update for Windows XP (KB963093)
7/19/2011 Update for Microsoft Office Outlook 2007 (KB2509470)
7/19/2011 Update for Microsoft Office 2007 System (KB2539530)
7/19/2011 Security Update for the 2007 Microsoft Office System (KB2288621)
7/19/2011 Security Update for Microsoft Office Word 2007 (KB2344993)
7/19/2011 Security Update for the 2007 Microsoft Office System (KB972581)
7/19/2011 Security Update for Microsoft Office 2007 System (KB2509488)
7/19/2011 Security Update for the 2007 Microsoft Office System (KB976321)
7/19/2011 Security Update for the 2007 Microsoft Office System (KB969559)
7/19/2011 Security Update for the 2007 Microsoft Office System (KB974234)
7/19/2011 Security Update for Microsoft Office 2007 System (KB2288931)
7/19/2011 Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2518870)
7/19/2011 Security Update for Microsoft Office Outlook 2007 (KB2288953)
7/18/2011 Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2478663)
7/18/2011 Update for the 2007 Microsoft Office System (KB967642)
7/18/2011 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2553975)
7/18/2011 The 2007 Microsoft Office Suite Service Pack 2 (SP2)
7/18/2011 Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2446708)
7/13/2011 Security Update for Windows XP (KB2507938)
7/13/2011 Windows Malicious Software Removal Tool - July 2011 (KB890830)
7/13/2011 Security Update for Microsoft Office 2003 (KB2493523)
7/13/2011 Security Update for Windows XP (KB2555917)
7/1/2011 Microsoft Office File Validation Add-in
6/29/2011 Update for Windows XP (KB2541763)
6/28/2011 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2518864)
6/28/2011 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2478658)
6/16/2011 Windows Malicious Software Removal Tool - June 2011 (KB890830)
6/16/2011 Update for Microsoft Office 2007 System (KB2539530)
6/16/2011 Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243)
6/16/2011 Security Update for Microsoft Silverlight (KB2512827)
6/16/2011 Security Update for Windows XP (KB2476490)
6/16/2011 Security Update for Windows XP (KB2503665)
6/16/2011 Security Update for Microsoft Office Excel 2003 (KB2541025)
6/16/2011 Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2553971)
6/16/2011 Security Update for Windows XP (KB2535512)
6/16/2011 Update for Microsoft Office 2003 (KB2539581)
6/16/2011 Security Update for the 2007 Microsoft Office System (KB2541012)
6/16/2011 Security Update for Windows XP (KB2536276)
6/16/2011 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2530548)
6/16/2011 Security Update for Windows XP (KB2544893)
6/16/2011 Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB2538242)
6/16/2011 Security Update for Internet Explorer 8 for Windows XP (KB2544521)
5/16/2011 Update for Microsoft XML Core Services 4.0 Service Pack 3 (KB973685)
5/11/2011 Windows Malicious Software Removal Tool - May 2011 (KB890830)
5/11/2011 Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2536411)
5/11/2011 Security Update for Microsoft Office PowerPoint 2003 (KB2535812)
5/11/2011 Security Update for Microsoft Office 2007 System (KB2540162)
4/27/2011 Windows Malicious Software Removal Tool - April 2011 (KB890830)
4/20/2011 Update for Microsoft Silverlight (KB2526954)
4/14/2011 Security Update for Microsoft Office Excel 2003 (KB2502786)
4/14/2011 Security Update for Windows XP (KB2485663)
4/14/2011 Security Update for Microsoft Office 2003 (KB2509503)
4/14/2011 Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2522981)
4/14/2011 Security Update for Windows XP (KB2506223)
4/14/2011 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2497640)
4/14/2011 Security Update for Windows XP (KB2412687)
4/14/2011 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2446704)
4/14/2011 Cumulative Security Update for ActiveX Killbits for Windows XP (KB2508272)
4/14/2011 Security Update for Microsoft Office 2007 System (KB2464635)
4/14/2011 Security Update for Windows XP (KB2503658)
4/14/2011 Security Update for Microsoft Office 2007 System (KB2509488)
4/14/2011 Security Update for Windows XP (KB2507618)
4/14/2011 Security Update for Windows XP (KB2508429)
4/14/2011 Security Update for Microsoft Office PowerPoint 2003 (KB2464588)
4/14/2011 Security Update for Windows XP (KB2511455)
4/14/2011 Security Update for the 2007 Microsoft Office System (KB2466156)
4/14/2011 Security Update for Windows XP (KB2506212)
4/14/2011 Windows Malicious Software Removal Tool - April 2011 (KB890830)
4/14/2011 Security Update for Windows XP (KB2509553)
4/14/2011 Security Update for Windows XP (KB2510531)
3/24/2011 Update for Windows XP (KB2524375)
3/9/2011 Security Update for Windows XP (KB2479943)
3/9/2011 Windows Malicious Software Removal Tool - March 2011 (KB890830)
3/9/2011 Security Update for Windows XP (KB2481109)
3/9/2011 Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2508974)
2/24/2011 Update for Windows XP (KB971029)
2/16/2011 Update for Microsoft Silverlight (KB2495644)
2/10/2011 Security Update for Windows XP (KB2478971)
2/10/2011 Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2492441)
2/10/2011 Security Update for Windows XP (KB2485376)
2/10/2011 Security Update for Windows XP (KB2479628)
2/10/2011 Security Update for Windows XP (KB2483185)
2/10/2011 Windows Malicious Software Removal Tool - February 2011 (KB890830)
2/10/2011 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2482017)
2/10/2011 Security Update for Windows XP (KB2476687)
2/10/2011 Security Update for Windows XP (KB2478960)
2/10/2011 Security Update for Windows XP (KB2393802)
1/14/2011 Windows Live Essentials
1/12/2011 Windows Malicious Software Removal Tool - January 2011 (KB890830)
1/12/2011 Security Update for Windows XP (KB2419632)
1/6/2011 Update for Microsoft Silverlight (KB2477244)
12/15/2010 Update for Microsoft Office Outlook 2003 (KB2449798)
12/15/2010 Security Update for Windows XP (KB2296199)
12/15/2010 Security Update for Windows XP (KB2443105)
12/15/2010 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2416400)
12/15/2010 Security Update for Windows XP (KB2440591)
12/15/2010 Update for Windows XP (KB2443685)
12/15/2010 Security Update for Windows XP (KB2436673)
12/15/2010 Update for Internet Explorer for Windows XP (KB2467659)
12/15/2010 Security Update for Microsoft Office 2003 (KB2289163)
12/15/2010 Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2466074)
12/15/2010 Security Update for Microsoft Office Publisher 2003 (KB2284695)
12/15/2010 Windows Malicious Software Removal Tool - December 2010 (KB890830)
12/15/2010 Security Update for Windows XP (KB2423089)
12/7/2010 Security Update for Microsoft Office Outlook 2003 (KB2293428)
12/7/2010 Security Update for Microsoft Office 2003 (KB976382)
12/7/2010 Security Update for Microsoft Office 2003 (KB2289187)
12/7/2010 Security Update for Microsoft Office Outlook 2003 (KB980373)
12/7/2010 Security Update for Microsoft Office 2003 (KB975051)
12/7/2010 Security Update for Microsoft Office 2003 (KB974554)
12/7/2010 Security Update for Microsoft Office Access 2003 (KB981716)
12/7/2010 Security Update for Microsoft Office Web Components (KB947319)
12/7/2010 Security Update for Microsoft Office Publisher 2003 (KB982122)
12/7/2010 Security Update for Microsoft Office Word 2003 (KB2344911)
12/7/2010 Security Update for Microsoft Works Suite 2005 (KB943973)
12/7/2010 Security Update for Microsoft Office PowerPoint 2003 (KB2413304)
12/7/2010 Update for Microsoft Office 2003 (KB978551)
12/7/2010 Security Update for Microsoft Office 2003 (KB951535)
12/7/2010 Security Update for Microsoft Office 2003 (KB921598)
12/7/2010 Security Update for Microsoft Office 2003 (KB972580)
12/7/2010 Security Update for Access Snapshot Viewer 2003 (KB955439)
12/7/2010 Security Update for Microsoft Office 2003 (KB2288613)
12/7/2010 Security Update for Microsoft Office Excel 2003 (KB2344893)
12/7/2010 Security Update for Microsoft Office InfoPath 2003 (KB980923)
12/6/2010 Security Update for Microsoft Office 2007 System (KB2289158)
12/6/2010 Update for Office 2003 (KB907417)
12/6/2010 Security Update for the 2007 Microsoft Office System (KB2344875)
12/6/2010 Security Update for the 2007 Microsoft Office System (KB2345043)
12/6/2010 Office 2003 Service Pack 3 (SP3)
12/6/2010 Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2435682)
12/6/2010 Security Update for Microsoft Visual C++ 2008 Redistributable Package (KB973924)
12/6/2010 Update for the 2007 Microsoft Office System (KB2284654)
11/10/2010 Windows Malicious Software Removal Tool - November 2010 (KB890830)
10/15/2010 Security Update for Windows XP (KB2387149)
10/15/2010 Security Update for Windows XP (KB2279986)
10/15/2010 Update for Windows XP (KB2345886)
10/15/2010 Security Update for Windows XP (KB2296011)
10/15/2010 Security Update for Windows XP (KB2378111)
10/15/2010 Security Update for Windows XP (KB982132)
10/15/2010 Security Update for Windows XP (KB979687)
10/15/2010 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2360131)
10/15/2010 Windows Malicious Software Removal Tool - October 2010 (KB890830)
10/15/2010 Security Update for Windows XP (KB981957)
10/15/2010 Security Update for Windows XP (KB2360937)
10/6/2010 Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 x86 (KB2416473)
10/6/2010 Security Update for Microsoft .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241)
9/29/2010 Update for Windows XP (KB2158563)
9/15/2010 Security Update for Windows XP (KB2259922)
9/15/2010 Security Update for Windows XP (KB975558)
9/15/2010 Security Update for Windows XP (KB2347290)
9/15/2010 Security Update for Windows XP (KB2121546)
9/15/2010 Security Update for Windows XP (KB982802)
9/15/2010 Security Update for Windows XP (KB981322)
9/15/2010 Windows Malicious Software Removal Tool - September 2010 (KB890830)
9/15/2010 Update for Windows XP (KB2141007)
8/13/2010 Security Update for Windows XP (KB982214)
8/13/2010 Security Update for Windows XP (KB2115168)
8/13/2010 Security Update for Windows XP (KB981852)
8/13/2010 Security Update for Windows XP (KB2079403)
8/13/2010 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB983583)
8/13/2010 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2183461)
8/13/2010 Security Update for Windows XP (KB2160329)
8/13/2010 Security Update for Windows XP (KB980436)
8/13/2010 Windows Malicious Software Removal Tool - August 2010 (KB890830)
8/13/2010 Security Update for Windows XP (KB981997)
8/13/2010 Security Update for Windows XP (KB982665)
8/3/2010 Security Update for Windows XP (KB2286198)
7/14/2010 Security Update for Windows XP (KB2229593)
7/14/2010 Windows Malicious Software Removal Tool - July 2010 (KB890830)
6/23/2010 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Update for Windows Server 2003 and Windows XP x86 (KB982524)
6/10/2010 Security Update for Windows XP (KB980218)
6/10/2010 Cumulative Security Update for ActiveX Killbits for Windows XP (KB980195)
6/10/2010 Security Update for Windows XP (KB979559)
6/10/2010 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB982381)
6/10/2010 Windows Malicious Software Removal Tool - June 2010 (KB890830)
6/10/2010 Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP3 (KB978695)
6/10/2010 Security Update for Windows XP (KB979482)
6/10/2010 Security Update for Windows XP (KB975562)
6/10/2010 Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168)
6/10/2010 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
5/26/2010 Update for Windows XP (KB981793)
5/12/2010 Windows Malicious Software Removal Tool - May 2010 (KB890830)
5/12/2010 Security Update for Windows XP (KB978542)
4/14/2010 Security Update for Windows XP (KB979683)
4/14/2010 Security Update for Windows XP (KB980232)
4/14/2010 Windows Malicious Software Removal Tool - April 2010 (KB890830)
4/14/2010 Security Update for Windows XP (KB978338)
4/14/2010 Security Update for Windows XP (KB977816)
4/14/2010 Security Update for Windows XP (KB978601)
4/14/2010 Security Update for Windows XP (KB981332)
4/14/2010 Security Update for Windows XP (KB979309)
4/4/2010 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB980182)
3/10/2010 Security Update for Windows XP (KB975561)
3/10/2010 Windows Malicious Software Removal Tool - March 2010 (KB890830)
2/24/2010 Update for Windows XP (KB976662)
2/24/2010 Update for Windows XP (KB979306)
2/20/2010 Update for Windows Media Player 11 for Windows XP (KB939683)
2/20/2010 Security Update for Windows XP (KB954154)
2/19/2010 Security Update for Windows XP Service Pack 3 (KB973540)
2/19/2010 Windows Media Player 11
2/10/2010 Cumulative Security Update for ActiveX Killbits for Windows XP (KB978262)
2/10/2010 Security Update for Windows XP (KB971468)
2/10/2010 Windows Malicious Software Removal Tool - February 2010 (KB890830)
2/10/2010 Security Update for Windows XP (KB978037)
2/10/2010 Security Update for Windows XP (KB975713)
2/10/2010 Security Update for Windows XP (KB978251)
2/10/2010 Security Update for Windows XP (KB975560)
2/10/2010 Security Update for Windows XP (KB977914)
2/10/2010 Security Update for Windows XP (KB978706)
2/10/2010 Security Update for Windows XP (KB977165)
1/22/2010 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB978207)
1/13/2010 Update for Windows XP (KB955759)
1/13/2010 Security Update for Windows XP (KB972270)
1/13/2010 Windows Malicious Software Removal Tool - January 2010 (KB890830)
12/9/2009 Update for Windows XP (KB970430)
12/9/2009 Security Update for Windows XP (KB974318)
12/9/2009 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB976325)
12/9/2009 Security Update for Windows XP (KB973904)
12/9/2009 Security Update for Windows XP (KB974392)
12/9/2009 Update for Windows XP (KB971737)
12/9/2009 Windows Malicious Software Removal Tool - December 2009 (KB890830)
11/25/2009 Update for Windows XP (KB976098)
11/25/2009 Update for Windows XP (KB973687)
11/25/2009 Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688)
11/11/2009 Windows Malicious Software Removal Tool - November 2009 (KB890830)
11/11/2009 Security Update for Windows XP (KB969947)
11/4/2009 Update for Internet Explorer 8 for Windows XP (KB976749)
10/14/2009 Microsoft .NET Framework 2.0 Service Pack 2 Security Update for Windows 2000, Windows Server 2003, and Windows XP (KB974417)
10/14/2009 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB974455)
10/14/2009 Security Update for Windows XP (KB958869)
10/14/2009 Windows Malicious Software Removal Tool - October 2009 (KB890830)
10/14/2009 Security Update for Windows XP (KB969059)
10/14/2009 Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP 3 (KB954155)
10/14/2009 Security Update for Windows XP (KB974112)
10/14/2009 Security Update for Windows XP (KB975025)
10/14/2009 Security Update for Windows XP (KB974571)
10/14/2009 Security Update for Windows XP (KB971486)
10/14/2009 Cumulative Security Update for ActiveX Killbits for Windows XP (KB973525)
10/14/2009 Security Update for Windows XP (KB975467)
10/6/2009 Windows Update Agent 7.2.6001.788
9/9/2009 Windows Malicious Software Removal Tool - September 2009 (KB890830)
9/9/2009 Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP 3 (KB968816)
9/9/2009 Security Update for Windows XP (KB956844)
9/9/2009 Security Update for Jscript 5.8 for Windows XP (KB971961)
9/1/2009 Update to .NET Framework 3.5 Service Pack 1 for the .NET Framework Assistant 1.0 x86 (KB963707)
8/26/2009 Update for Windows XP (KB970653)
8/21/2009 Update to .NET Framework 3.5 Service Pack 1 for the .NET Framework Assistant 1.0 x86 (KB963707)
8/21/2009 Windows Genuine Advantage Validation Tool (KB892130)
8/18/2009 Update for Windows XP (KB951978)
8/18/2009 Update for Windows XP (KB961118)
8/18/2009 Security Update for Windows XP (KB956744)
8/18/2009 Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86
8/18/2009 Security Update for Windows XP Service Pack 3 (KB973540)
8/18/2009 Update for Windows Media Format 11 SDK for Windows XP (KB929399)
8/18/2009 Security Update for Windows XP (KB954459)
8/18/2009 Security Update for Windows XP Service Pack 3 (KB952069)
8/17/2009 Security Update for Windows XP with Windows Media Format Runtime 9.5 and 11 (KB941569)
8/17/2009 Update for Windows XP (KB968389)
8/17/2009 Windows XP Service Pack 3 (KB936929)
8/17/2009 Internet Explorer 8 for Windows XP
8/17/2009 Internet Explorer 8 for Windows XP
8/17/2009 Windows Malicious Software Removal Tool - August 2009 (KB890830)
8/17/2009 Microsoft GDI+ Detection Tool (KB873374)
8/17/2009 Security Update for Windows XP with Windows Media Format Runtime 9.5 and 11 (KB941569)
8/17/2009 Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954430)
8/16/2009 Security Update for Windows XP (KB952954)
8/16/2009 Security Update for Windows XP (KB959426)
8/16/2009 Security Update for Windows XP (KB960859)
8/16/2009 Update for Windows XP (KB955839)
8/16/2009 Security Update for Windows XP (KB961371)
8/16/2009 Cumulative Security Update for Internet Explorer 6 for Windows XP (KB972260)
8/16/2009 Security Update for Windows XP Service Pack 2 (KB952069)
8/16/2009 Update for Windows XP (KB967715)
8/14/2009 Security Update for Windows XP (KB951376)
8/14/2009 Security Update for Windows XP (KB946648)
8/14/2009 Security Update for Windows XP (KB956803)
8/14/2009 Update for Windows XP (KB935448)
8/14/2009 Security Update for Windows XP (KB950974)
8/14/2009 Security Update for Windows XP (KB971657)
8/14/2009 Security Update for Windows XP (KB971557)
8/14/2009 Security Update for Windows XP (KB960225)
8/14/2009 Cumulative Security Update for ActiveX Killbits for Windows XP (KB973346)
8/14/2009 Security Update for Windows XP (KB956572)
8/14/2009 Security Update for Windows XP (KB961501)
8/14/2009 Security Update for Windows XP (KB938464)
8/14/2009 Security Update for Windows XP (KB971633)
8/14/2009 Security Update for Windows XP Service Pack 2 (KB952069)
8/14/2009 Security Update for Windows XP (KB973869)
8/14/2009 Security Update for Windows XP Service Pack 2 (KB973540)
8/14/2009 Security Update for Windows XP (KB952004)
8/14/2009 Security Update for Windows XP (KB973507)
8/14/2009 Security Update for Windows XP (KB950762)
8/14/2009 Security Update for Windows XP (KB957097)
8/14/2009 Security Update for Windows XP (KB958687)
8/14/2009 Update for Windows XP (KB952287)
8/14/2009 Security Update for Windows XP (KB973354)
8/14/2009 Security Update for Outlook Express for Windows XP (KB951066)
8/14/2009 Security Update for Windows XP (KB951748)
8/14/2009 Security Update for Windows XP (KB970238)
8/14/2009 Security Update for Windows XP (KB958470)
8/14/2009 Security Update for Windows XP (KB960803)
8/14/2009 Security Update for Windows XP (KB973815)
8/14/2009 Security Update for Windows XP (KB968537)
8/14/2009 Security Update for Windows XP (KB954600)
8/14/2009 Security Update for Windows XP (KB958644)
8/14/2009 Security Update for Windows XP (KB955069)
8/14/2009 Security Update for Windows XP (KB956802)
8/14/2009 Security Update for Flash Player (KB923789)
8/14/2009 Security Update for Windows XP (KB944338)
8/14/2009 Security Update for Windows XP (KB923561)
8/13/2009 Microsoft Windows Installer 3.1
8/13/2009 Update for Windows XP (KB898461)
Services
Running Adobe Active File Monitor V6
Running Application Layer Gateway Service
Running Automatic Updates
Running avast! Antivirus
Running Background Intelligent Transfer Service
Running Bluetooth Support Service
Running COM+ Event System
Running CryptSvc
Running DCOM Server Process Launcher
Running DHCP Client
Running Distributed Link Tracking Client
Running DNS Client
Running Error Reporting Service
Running Event Log
Running Fast User Switching Compatibility
Running Help and Support
Running HID Input Service
Running Internet Pass-Through Service
Running IPSEC Services
Running Java Quick Starter
Running Machine Debug Manager
Running Network Connections
Running Network Location Awareness (NLA)
Running NVIDIA Display Driver Service
Running Plug and Play
Running Print Spooler
Running Protected Storage
Running Remote Access Connection Manager
Running Remote Procedure Call (RPC)
Running Secondary Logon
Running Security Accounts Manager
Running Security Center
Running Server
Running Shell Hardware Detection
Running SSDP Discovery Service
Running System Event Notification
Running System Restore Service
Running Task Scheduler
Running TCP/IP NetBIOS Helper
Running Telephony
Running Terminal Services
Running Themes
Running WebClient
Running Windows Audio
Running Windows Driver Foundation - User-mode Driver Framework
Running Windows Firewall/Internet Connection Sharing (ICS)
Running Windows Image Acquisition (WIA)
Running Windows Management Instrumentation
Running Windows Search
Running Windows Time
Running Wireless Zero Configuration
Running Workstation
Stopped .NET Runtime Optimization Service v2.0.50727_X86
Stopped Alerter
Stopped ASP.NET State Service
Stopped ClipBook
Stopped COM+ System Application
Stopped Computer Browser
Stopped Distributed Transaction Coordinator
Stopped Extensible Authentication Protocol Service
Stopped FLEXnet Licensing Service
Stopped Google Update Service (gupdate)
Stopped Google Update Service (gupdatem)
Stopped GSService
Stopped Health Key and Certificate Management Service
Stopped HTTP SSL
Stopped IMAPI CD-Burning COM Service
Stopped Indexing Service
Stopped Logical Disk Manager
Stopped Logical Disk Manager Administrative Service
Stopped Messenger
Stopped Microsoft .NET Framework NGEN v4.0.30319_X86
Stopped Microsoft Office Diagnostics Service
Stopped MS Software Shadow Copy Provider
Stopped Net Logon
Stopped Net.Tcp Port Sharing Service
Stopped NetMeeting Remote Desktop Sharing
Stopped Network Access Protection Agent
Stopped Network DDE
Stopped Network DDE DSDM
Stopped Network Provisioning Service
Stopped NT LM Security Support Provider
Stopped Office Source Engine
Stopped Performance Logs and Alerts
Stopped Portable Media Serial Number Service
Stopped QoS RSVP
Stopped Remote Access Auto Connection Manager
Stopped Remote Desktop Help Session Manager
Stopped Remote Procedure Call (RPC) Locator
Stopped Removable Storage
Stopped Routing and Remote Access
Stopped Smart Card
Stopped SMServer
Stopped Uninterruptible Power Supply
Stopped Universal Plug and Play Device Host
Stopped Volume Shadow Copy
Stopped Windows CardSpace
Stopped Windows Installer
Stopped Windows Media Player Network Sharing Service
Stopped Windows Presentation Foundation Font Cache 3.0.0.0
Stopped Windows Presentation Foundation Font Cache 4.0.0.0
Stopped Wired AutoConfig
Stopped WMI Performance Adapter
Device Tree
ACPI Multiprocessor PC
Microsoft ACPI-Compliant System
AMD Athlon™ 64 X2 Dual Core Processor 4600+
AMD Athlon™ 64 X2 Dual Core Processor 4600+
ACPI Power Button
System board
ACPI Fixed Feature Button
PCI bus
PCI standard RAM Controller
NVIDIA nForce PCI System Management
PCI standard RAM Controller
PCI standard PCI-to-PCI bridge
NVIDIA MCP61 Serial ATA Controller
PCI standard host CPU bridge
PCI standard host CPU bridge
PCI standard host CPU bridge
PCI standard host CPU bridge
Motherboard resources
Motherboard resources
PCI standard ISA bridge
ISAPNP Read Data Port
Motherboard resources
Programmable interrupt controller
Direct memory access controller
System timer
System CMOS/real time clock
System speaker
Numeric data processor
Communications Port (COM1)
Communications Port (COM2)
Standard floppy disk controller
Floppy disk drive
Printer Port (LPT1)
Printer Port Logical Interface
Standard OpenHCD USB Host Controller
USB Root Hub
USB Composite Device
USB Human Interface Device
HID Keyboard Device
USB Human Interface Device
HID-compliant consumer control device
USB Human Interface Device
HID-compliant mouse
Standard Enhanced PCI to USB Host Controller
USB Root Hub
USB Composite Device
USB Video Device #3
USB Composite Device
Canon MP530
USB Printing Support
Canon MP530 Series Printer
USB Printing Support
Canon MP530 FAX
Microsoft UAA Bus Driver for High Definition Audio
Realtek High Definition Audio
Standard Dual Channel PCI IDE Controller
Secondary IDE Channel
Primary IDE Channel
TSSTcorp CD/DVDW SH-W162Z
WDC WD2500JB-00REA0
NVIDIA Network Bus Enumerator
NVIDIA nForce Networking Controller
NVIDIA GeForce 6100 nForce 405
Plug and Play Monitor
CPU
AMD Athlon 64 X2 4600+
Cores 2
Threads 2
Name AMD Athlon 64 X2 4600+
Code Name Windsor
Package Socket AM2 (940)
Technology 90nm
Specification AMD Athlon™ 64 X2 Dual Core Processor 4600+
Family F
Extended Family F
Model B
Extended Model 4B
Stepping 2
Revision BH-F2
Instructions MMX (+), 3DNow! (+), SSE, SSE2, SSE3, AMD 64
Virtualization Supported, Enabled
Hyperthreading Not supported
Fan Speed 2445 RPM
Bus Speed 200.9 MHz
Rated Bus Speed 1004.6 MHz
Stock Core Speed 2400 MHz
Stock Bus Speed 200 MHz
Average Temperature 43 °C
Caches
L1 Data Cache Size 2 x 64 KBytes
L1 Instructions Cache Size 2 x 64 KBytes
L2 Unified Cache Size 2 x 512 KBytes
Core 0
Core Speed 2410.4 MHz
Multiplier x 12.0
Bus Speed 200.9 MHz
Rated Bus Speed 1004.6 MHz
Temperature 45 °C
Thread 1
APIC ID 0
Core 1
Core Speed 2410.4 MHz
Multiplier x 12.0
Bus Speed 200.9 MHz
Rated Bus Speed 1004.6 MHz
Temperature 40 °C
Thread 1
APIC ID 1
RAM
Memory slots
Total memory slots 2
Used memory slots 2
Free memory slots 0
Memory
Type DDR2
Size 2048 MBytes
Channels # Dual
DRAM Frequency 301.4 MHz
CAS# Latency (CL) 5 clocks
RAS# to CAS# Delay (tRCD) 5 clocks
RAS# Precharge (tRP) 5 clocks
Cycle Time (tRAS) 15 clocks
Bank Cycle Time (tRC) 21 clocks
Command Rate (CR) 1T
Physical Memory
Memory Usage 31 %
Total Physical 1.94 GB
Available Physical 1.32 GB
Total Virtual 2.00 GB
Available Virtual 1.89 GB
SPD
Number Of SPD Modules 2
Slot #1
Type DDR2
Size 1024 MBytes
Manufacturer Kingston
Max Bandwidth PC2-5300 (333 MHz)
Part Number 9905316-005.A04LF
Serial Number 6C183411
Week/year 21 / 07
SPD Ext. EPP
JEDEC #3
Frequency 333.3 MHz
CAS# Latency 5.0
RAS# To CAS# 6
RAS# Precharge 6
tRAS 16
tRC 21
Voltage 1.800 V
JEDEC #2
Frequency 266.7 MHz
CAS# Latency 4.0
RAS# To CAS# 4
RAS# Precharge 4
tRAS 12
tRC 16
Voltage 1.800 V
JEDEC #1
Frequency 200.0 MHz
CAS# Latency 3.0
RAS# To CAS# 3
RAS# Precharge 3
tRAS 9
tRC 12
Voltage 1.800 V
Slot #2
Type DDR2
Size 1024 MBytes
Manufacturer Kingston
Max Bandwidth PC2-5300 (333 MHz)
Part Number
Serial Number A62679F6
Week/year 04 / 09
SPD Ext. EPP
JEDEC #3
Frequency 333.3 MHz
CAS# Latency 5.0
RAS# To CAS# 6
RAS# Precharge 6
tRAS 16
tRC 21
Voltage 1.800 V
JEDEC #2
Frequency 266.7 MHz
CAS# Latency 4.0
RAS# To CAS# 4
RAS# Precharge 4
tRAS 12
tRC 16
Voltage 1.800 V
JEDEC #1
Frequency 200.0 MHz
CAS# Latency 3.0
RAS# To CAS# 3
RAS# Precharge 3
tRAS 9
tRC 12
Voltage 1.800 V
Motherboard
Manufacturer Gigabyte Technology Co., Ltd.
Model M61SME-S2
Chipset Vendor NVIDIA
Chipset Model MCP61
Chipset Revision A2
Southbridge Vendor NVIDIA
Southbridge Model MCP61
Southbridge Revision A2
System Temperature 38 °C
BIOS
Brand Award Software International, Inc.
Version F2
Date 03/22/2007
Voltage
CPU CORE 1.360 V
MEMORY CONTROLLER 1.872 V
+3.3V 3.344 V
+5V 5.107 V
+12V 12.032 V
-12V -12.864 V
-5V -4.544 V
+5V HIGH THRESHOLD 4.892 V
CMOS BATTERY 3.088 V
PCI Data
1. PCI Available
2. PCI Available
Graphics
Monitor
Name AL1717 on NVIDIA GeForce 6100 nForce 405
Current Resolution 1152x864 pixels
Work Resolution 1152x834 pixels
State enabled, primary, output devices support
Monitor Width 1152
Monitor Height 864
Monitor BPP 32 bits per pixel
Monitor Frequency 75 Hz
Device \\.\DISPLAY1\Monitor0
GeForce 6100 nForce 405
GPU C61
Device ID 10DE-03D1
Revision A3
Subvendor Gigabyte (1458)
Current Performance Level Level 1
DirectX Support 9.0c
DirectX Shader Model 3.0
OpenGL Support 2.0
GPU Clock 425 MHz
Memory Clock 666 MHz
Driver nv4_disp.dll
Driver version 6.14.10.9163
ForceWare version 91.63
ROPs 2
Shaders Vertex 2/Pixel 2
Memory Type System
Pixel Fillrate 0.8 GPixels/s
Texture Fillrate 0.8 GTexels/s
Count of performance levels : 1
Level 0
Hard Drives
WDC WD2500JB-00REA0
Manufacturer Western Digital
Business Unit/Brand Enterprise/WD RE3; WD RE2 (3-platter)
Heads 16
Cylinders 16383
Device type Fixed
ATA Standard ATA/ATAPI-7
48-bit LBA Supported
Serial Number WD-WCANK5067417
Interface PATA
Capacity 244GB
Real size 250,058,268,160 bytes
S.M.A.R.T
01 Read Error Rate 200 (200 worst) Data 000000001A
03 Spin-Up Time 199 (009) Data 00000013BA
04 Start/Stop Count 100 (100) Data 0000000399
05 Reallocated Sectors Count 200 (200) Data 0000000000
07 Seek Error Rate 200 (200) Data 0000000000
09 Power-On Hours (POH) 066 (066) Data 0000006182
0A Spin Retry Count 100 (100) Data 0000000000
0B Recalibration Retries 100 (100) Data 0000000000
0C Device Power Cycle Count 100 (100) Data 000000035B
C2 Temperature 120 (096) Data 000000001E
C4 Reallocation Event Count 200 (200) Data 0000000000
C5 Current Pending Sector Count 200 (200) Data 0000000000
C6 Uncorrectable Sector Count 200 (200) Data 0000000000
C7 UltraDMA CRC Error Count 200 (200) Data 0000000001
C8 Write Error Rate / Multi-Zone Error Rate 200 (200) Data 0000000000
Temperature 30 °C
Temperature Range ok (less than 50 °C)
Status Good
Partition 0
Partition ID Disk #0, Partition #0
Disk Letter C:
File System NTFS
Volume Serial Number DCE5BCBE
Size 119GB
Used Space 78GB (67%)
Free Space 40GB (33%)
Partition 1
Partition ID Disk #0, Partition #1
Disk Letter E:
File System NTFS
Volume Serial Number B01C2698
Size 114GB
Used Space 42GB (37%)
Free Space 72GB (63%)
Optical Drives
TSSTcorp CD/DVDW SH-W162Z
Media Type CD-ROM
Name TSSTcorp CD/DVDW SH-W162Z
Availability Running/Full Power
Capabilities Random Access, Supports Removable Media
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive D:
Media Loaded FALSE
SCSI Bus 0
SCSI Logical Unit 0
SCSI Port 0
SCSI Target Id 0
Status OK
Audio
Sound Cards
Realtek High Definition Audio
SndTAudio
Playback Devices
Realtek HD Audio input
Realtek HD Digital input
SndTAudio Device 0
SndTAudio Device 1
SndTAudio Device 10
SndTAudio Device 2
SndTAudio Device 3
SndTAudio Device 4
SndTAudio Device 5
SndTAudio Device 6
SndTAudio Device 7
SndTAudio Device 8
Recording Devices
Realtek HD Audio output
SndTAudio Device 0
SndTAudio Device 1
SndTAudio Device 10
SndTAudio Device 2
SndTAudio Device 3
SndTAudio Device 4
SndTAudio Device 5
SndTAudio Device 6
SndTAudio Device 7
SndTAudio Device 8
SndTAudio Device 9
Peripherals
HID Keyboard Device
Device Kind Keyboard
Device Name HID Keyboard Device
Vendor Microsoft
Location Location 0
Driver
Date 7-1-2001
Version 5.1.2600.5512
File C:\WINDOWS\system32\DRIVERS\kbdhid.sys
File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
HID-compliant mouse
Device Kind Mouse
Device Name HID-compliant mouse
Vendor Microsoft
Location Location 0
Driver
Date 7-1-2001
Version 5.1.2600.0
File C:\WINDOWS\system32\DRIVERS\mouclass.sys
File C:\WINDOWS\system32\DRIVERS\mouhid.sys
Canon MP530 Series Printer
Device Kind Printer
Device Name Canon MP530 Series Printer
Location USB Printing Support
Driver
Date 9-13-2006
Version 2.0.4.13
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMLR7R.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMCB7R.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMDR7R.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMD57R.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMUI7R.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMUR7R.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMSR7R.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMIN7R.INI
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMPI7R.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMSM7R.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMSS7R.SMR
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMSD7R.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMSQ7R.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMSH7R.CHM
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMCP7R.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMUB7R.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMOP7R.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMSB7R.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMMH7R.CHM
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNB_2790.TBL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMP07R.DAT
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMP17R.DAT
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMP27R.DAT
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMFU7R.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMLH7R.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMPV7R.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMSE7R.EXE
File C:\WINDOWS\system32\CNMLM7R.DLL
File C:\WINDOWS\System32\spool\DRIVERS\COLOR\CNB7RCA0.ICM
File C:\WINDOWS\System32\spool\DRIVERS\COLOR\CNB7RCB0.ICM
File C:\WINDOWS\System32\spool\DRIVERS\COLOR\CNB7RCC0.ICM
File C:\WINDOWS\System32\spool\DRIVERS\COLOR\CNB7RDB0.ICM
File C:\WINDOWS\System32\spool\DRIVERS\COLOR\CNB7REB0.ICM
File C:\WINDOWS\System32\spool\DRIVERS\COLOR\CNB7RED0.ICM
File C:\WINDOWS\System32\spool\DRIVERS\COLOR\CNBJPRN2.ICM
File C:\WINDOWS\System32\spool\DRIVERS\COLOR\CNBJPRN3.ICM
File C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD7R.DLL
File C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPP7R.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMVS7R.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMW37R.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMLR7R0.411
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMUR7R0.411
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMSR7R0.411
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMMH7R0.411
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530837e\CNMSH7R0.411
Canon MP530 FAX
Device Kind Printer
Device Name Canon MP530 FAX
Location USB Printing Support
Driver
Date 9-19-2006
Version 7.1.0.7
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530_fax7f32\CNCF2Ga.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530_fax7f32\CNCF2Ua.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530_fax7f32\CNCF2Ma.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530_fax7f32\CNCF2Ka.PPD
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530_fax7f32\CNCFIMa.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530_fax7f32\CNCFDLa.DLL
File C:\WINDOWS\system32\CNCF2La.DLL
File C:\WINDOWS\system32\CNCFMSa.EXE
File C:\WINDOWS\system32\CNCFLaUS.DLL
File C:\WINDOWS\system32\CNCFLaJP.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530_fax7f32\CNCAAIa.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530_fax7f32\CNCAMGa.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530_fax7f32\CNCAWSa.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530_fax7f32\CNCAPFa.EXE
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530_fax7f32\CNCAABa.EXE
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530_fax7f32\CNCASVa.INI
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530_fax7f32\CNCFCaUS.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530_fax7f32\CNCFCaJP.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530_fax7f32\cncfcaUS.chm
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530_fax7f32\cncfcaJP.chm
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530_fax7f32\cncfhaUS.chm
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\canonmp530_fax7f32\cncfhaJP.chm
Canon MP530
Device Kind Camera/scanner
Device Name Canon MP530
Vendor Unknown
Comment Canon MP530
Location MP530 (Location 0)
Driver
Date 9-28-2006
Version 11.2.0.1
File C:\WINDOWS\system32\drivers\usbscan.sys
File C:\WINDOWS\system32\CNCC530.DLL
File C:\WINDOWS\system32\CNCI530.DLL
File C:\WINDOWS\system32\CNCL530.DLL
File C:\WINDOWS\twain_32\MP530\CISDS.DS
File C:\WINDOWS\twain_32\MP530\SGUI.DLL
File C:\WINDOWS\twain_32\MP530\SGRES_US.DLL
File C:\WINDOWS\twain_32\MP530\USDRESUS.DLL
File C:\WINDOWS\twain_32\MP530\SGRES_JP.DLL
File C:\WINDOWS\twain_32\MP530\USDRESJP.DLL
File C:\WINDOWS\twain_32\MP530\IOP.DLL
File C:\WINDOWS\twain_32\MP530\ITLIB32.DLL
File C:\WINDOWS\twain_32\MP530\SCANINTF.DLL
File C:\WINDOWS\twain_32\MP530\SCRPRMV.DLL
File C:\WINDOWS\twain_32\MP530\TPM.DLL
File C:\WINDOWS\twain_32\MP530\CNC530.DAT
File C:\WINDOWS\twain_32\MP530\MC2.TXT
File C:\WINDOWS\twain_32\MP530\JDA_CIMG.DLL
File C:\WINDOWS\twain_32\MP530\NBS4MB.DLL
File C:\WINDOWS\twain_32\MP530\NBSCOR4M.DLL
File C:\WINDOWS\twain_32\MP530\RMSLANTC.DLL
File C:\WINDOWS\twain_32\MP530\RSTCOL.DLL
File C:\WINDOWS\twain_32\MP530\BaLCo.dll
File C:\WINDOWS\twain_32\MP530\CFine2.dll
File C:\WINDOWS\twain_32\MP530\libBLC.dll
File C:\WINDOWS\system32\spool\drivers\Color\CNZ005.ICC
File C:\WINDOWS\system32\spool\drivers\Color\CNFMP53R.ICC
File C:\WINDOWS\media\CSSAMP1.MID
File C:\WINDOWS\system32\cncisco.dll
USB Video Device
Device Kind Camera/scanner
Device Name USB Video Device
Vendor Alcor Micro
Comment USB Video Device #3
Location Location 0
Driver
Date 7-1-2001
Version 5.1.2600.5512
File C:\WINDOWS\system32\drivers\usbvideo.sys
File C:\WINDOWS\system32\dshowext.ax
File C:\WINDOWS\system32\vfwwdm32.dll
File C:\WINDOWS\system32\iyuv_32.dll
File C:\WINDOWS\system32\msh263.drv
File C:\WINDOWS\system32\msyuv.dll
File C:\WINDOWS\system32\tsbyuv.dll
Network
You are connected to the internet
Connected through NVIDIA nForce Networking Controller - Packet Scheduler Miniport
IP Address 10.0.0.2
Subnet mask 255.255.255.0
Gateway server 10.0.0.138
Preferred DNS server 10.0.0.138
DHCP Enabled
DHCP server 10.0.0.138
External IP Address 58.166.226.224
Adapter Type Ethernet
NetBIOS over TCP/IP Enabled via DHCP
NETBIOS Node Type Unknown node type
Link Speed 0 kbps
Computer Name
NetBIOS Name KOOROORA-61578C
DNS Name kooroora-61578c
Domain Name KOOROORA-61578C
Remote Desktop
Console
State Active
Domain KOOROORA-61578C
WinInet Info
LAN Connection
Local system uses a local area network to connect to the Internet
Local system has RAS to connect to the Internet
Wi-Fi Info
Wi-Fi not enabled
WinHTTPInfo
WinHTTPSessionProxyType No proxy
Session Proxy
Session Proxy Bypass
Connect Retries 5
Connect Timeout 60000
HTTP Version HTTP 1.1
Max Connects Per 1.0 Servers INFINITE
Max Connects Per Servers INFINITE
Max HTTP automatic redirects 10
Max HTTP status continue 10
Send Timeout 30000
IEProxy Auto Detect No
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type No proxy
Default Config Proxy
Default Config Proxy Bypass
Adapters List
NVIDIA nForce Networking Controller - Packet Scheduler Miniport
IP Address 10.0.0.2
Subnet mask 255.255.255.0
Gateway server 10.0.0.138
Network Shares
No network shares
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP