Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

VIRUS?

Started by ARCTICWRATH , Sep 29 2011 02:30 AM

  • This topic is locked This topic is locked

#1
ARCTICWRATH
Posted 29 September 2011 - 02:30 AM

ARCTICWRATH

    Member

  • Member
  • PipPip
  • 16 posts
before I describe my problem be advised that I am pretty sad with computers I know how to switch them on but not much more, over the last week my com has taken on a life of its own every say 20 minutes the mouse pointer will jump about the screen go to start and open up random programs by itself freezing the com while doing it after a few minutes I have control back, I had avast which found nothing even in safemode, I have superant spyware which found 1 trojan and 40 tracking cookies in safemode , I removed then and the problem continues, I have uninstalled avast and installed avg antvirus and also did a system restore and installed spybot, the problem continues,, before I lose the last of my 56 year old hair can anyone help
  • 0

Advertisements

#2
Render
Posted 29 September 2011 - 02:33 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Please follow the steps bellow:

Step 1

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

  • On your desktop should be a file MBR.dat.
  • Right-click that file, point to Send To, and then click Compressed (zipped) Folder.
  • A new compressed file is created.
  • Please attach that file in your next reply.

How to add an attachment to a new topic or reply

Step 2

Posted Image OTL Custom Scan

  • Download OTL to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:
  • aswMBR log
  • OTL scan log
  • Extras log
  • Attached MBR.zip file

  • 0

#3
ARCTICWRATH
Posted 30 September 2011 - 07:45 AM

ARCTICWRATH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
as requsted I poat the first log, I will post the rest as soon as I cam as I am having problems completeing any tast with this machine

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-30 11:21:27
-----------------------------
11:21:27.875 OS Version: Windows 5.1.2600 Service Pack 3
11:21:27.875 Number of processors: 1 586 0x209
11:21:27.875 ComputerName: PCOWNER-2DA7D68 UserName: PCOWNER
11:21:29.812 Initialize success
11:22:08.718 AVAST engine defs: 11092902
11:22:37.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:22:37.734 Disk 0 Vendor: ST380011A 8.01 Size: 76319MB BusType: 3
11:22:39.765 Disk 0 MBR read successfully
11:22:39.765 Disk 0 MBR scan
11:22:39.890 Disk 0 Windows XP default MBR code
11:22:39.906 Disk 0 scanning sectors +156280320
11:22:40.031 Disk 0 scanning C:\WINDOWS\system32\drivers
11:23:03.312 Service scanning
11:23:06.375 Modules scanning
11:23:27.296 Disk 0 trace - called modules:
11:23:27.312 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:23:27.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8236fab8]
11:23:27.312 3 CLASSPNP.SYS[f8575fd7] -> nt!IofCallDriver -> \Device\00000060[0x82355f18]
11:23:27.359 5 ACPI.sys[f84ec620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82394940]
11:23:28.234 AVAST engine scan C:\WINDOWS
11:23:36.609 AVAST engine scan C:\WINDOWS\system32
11:28:35.359 AVAST engine scan C:\WINDOWS\system32\drivers
11:28:56.765 AVAST engine scan C:\Documents and Settings\PCOWNER
12:44:28.562 AVAST engine scan C:\Documents and Settings\All Users
12:45:59.593 Scan finished successfully
13:55:11.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\PCOWNER\Desktop\MBR.dat"
13:55:11.875 The log file has been saved successfully to "C:\Documents and Settings\PCOWNER\Desktop\aswMBR.txt"
  • 0

#4
ARCTICWRATH
Posted 30 September 2011 - 07:48 AM

ARCTICWRATH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I attache the zip file requested (MBRdata)

Attached Files

  • Attached File  MBR.zip   499bytes   124 downloads

  • 0

#5
Render
Posted 30 September 2011 - 08:23 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Thank you. Waiting for OTL scan logs.
  • 0

#6
ARCTICWRATH
Posted 30 September 2011 - 12:24 PM

ARCTICWRATH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I now post the extras log I hope I have followed instuctions correctly

OTL Extras logfile created on: 30/09/2011 15:23:41 - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\PCOWNER\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 157.13 Mb Available Physical Memory | 30.72% Memory free
1.22 Gb Paging File | 0.68 Gb Available in Paging File | 55.78% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 55.30 Gb Free Space | 74.21% Space Free | Partition Type: NTFS

Computer Name: PCOWNER-2DA7D68 | User Name: PCOWNER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1606980848-1757981266-2147020463-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Raptr\raptr.exe" = C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client -- ()
"C:\Program Files\Raptr\raptr_im.exe" = C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM -- ()
"C:\Program Files\24hPoker\pokerclient\24hPoker.exe" = C:\Program Files\24hPoker\pokerclient\24hPoker.exe:*:Enabled:Poker Client Software -- (Entraction Solutions AB)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 26
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}" = BabasChess
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A50D15F4-332F-4384-8933-8A68ACC7C126}" = JokerClick
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Broadband Support Tools
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1180-6883-2514-0226-24hPoker-PROD" = 24hPoker
"5050poker (Poker)" = 5050 Poker
"888poker" = 888poker
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Search" = AOL Search
"Avira AntiVir Desktop" = Avira AntiVir Premium
"Betfair Poker JPC_is1" = Betfair Poker JPC 1.0.0
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BTHomeHub" = BTHomeHub
"CCleaner" = CCleaner
"CelebPoker" = CelebPoker
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Dracula Poker" = Dracula Poker
"Glary Utilities_is1" = Glary Utilities 2.35.0.1216
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 7.0.1 (x86 en-GB)" = Mozilla Firefox 7.0.1 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"PartyPoker" = PartyPoker
"Plus500" = Plus500
"RedKings Poker_is1" = RedKings Poker
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wisdom-soft Set up ScreenHunter 5.1 Pro" = Wisdom-soft Set up ScreenHunter 5.1 Pro
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = BT Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1606980848-1757981266-2147020463-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CarbonPoker" = CarbonPoker
"ManiakPoker_269_0" = ManiakPoker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/09/2011 15:48:43 | Computer Name = PCOWNER-2DA7D68 | Source = Application Hang | ID = 1002
Description = Hanging application MyLuckyHand.exe, version 15.1.3061.18412, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 21/09/2011 15:48:53 | Computer Name = PCOWNER-2DA7D68 | Source = Application Hang | ID = 1001
Description = Fault bucket -1679186760.

Error - 22/09/2011 11:24:41 | Computer Name = PCOWNER-2DA7D68 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 6.0.2.4262, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 25/09/2011 13:02:05 | Computer Name = PCOWNER-2DA7D68 | Source = Application Hang | ID = 1002
Description = Hanging application MyLuckyHand.exe, version 15.1.3061.18412, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 27/09/2011 03:18:04 | Computer Name = PCOWNER-2DA7D68 | Source = Application Hang | ID = 1002
Description = Hanging application Everest Poker.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28/09/2011 04:48:11 | Computer Name = PCOWNER-2DA7D68 | Source = Pokernet | ID = 0
Description = Pokernet Cannot Connect to Upload Server

Error - 28/09/2011 08:56:02 | Computer Name = PCOWNER-2DA7D68 | Source = Application Error | ID = 1000
Description = Faulting application pprekop.exe, version 4.2.0.172, faulting module
ole32.dll, version 5.1.2600.2182, fault address 0x10017bed.

Error - 29/09/2011 04:18:16 | Computer Name = PCOWNER-2DA7D68 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.29.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 29/09/2011 12:37:45 | Computer Name = PCOWNER-2DA7D68 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 7.0.0.4282, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 30/09/2011 09:43:42 | Computer Name = PCOWNER-2DA7D68 | Source = Windows Live Mail | ID = 1000
Description =

[ System Events ]
Error - 29/09/2011 02:59:52 | Computer Name = PCOWNER-2DA7D68 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 29/09/2011 03:33:46 | Computer Name = PCOWNER-2DA7D68 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avgwd service.

Error - 29/09/2011 04:36:57 | Computer Name = PCOWNER-2DA7D68 | Source = Service Control Manager | ID = 7034
Description = The Volume Shadow Copy service terminated unexpectedly. It has done
this 1 time(s).

Error - 29/09/2011 04:36:57 | Computer Name = PCOWNER-2DA7D68 | Source = Service Control Manager | ID = 7034
Description = The Distributed Transaction Coordinator service terminated unexpectedly.
It has done this 1 time(s).

Error - 29/09/2011 07:57:44 | Computer Name = PCOWNER-2DA7D68 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 29/09/2011 07:58:49 | Computer Name = PCOWNER-2DA7D68 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm KLIF SASDIFSV SASKUTIL

Error - 29/09/2011 09:54:52 | Computer Name = PCOWNER-2DA7D68 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 30/09/2011 05:36:40 | Computer Name = PCOWNER-2DA7D68 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 30/09/2011 10:16:17 | Computer Name = PCOWNER-2DA7D68 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 30/09/2011 10:16:17 | Computer Name = PCOWNER-2DA7D68 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053


< End of report >
  • 0

#7
ARCTICWRATH
Posted 30 September 2011 - 12:28 PM

ARCTICWRATH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I now post the last ;ag. once again I hope I have followed instructions but it has been difficult with little exspierience and the machine going stupid, anyway thx for your time ,,


TL logfile created on: 30/09/2011 15:23:41 - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\PCOWNER\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 157.13 Mb Available Physical Memory | 30.72% Memory free
1.22 Gb Paging File | 0.68 Gb Available in Paging File | 55.78% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 55.30 Gb Free Space | 74.21% Space Free | Partition Type: NTFS

Computer Name: PCOWNER-2DA7D68 | User Name: PCOWNER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/30 15:22:06 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PCOWNER\My Documents\Downloads\OTL(4).exe
PRC - [2011/09/30 14:37:49 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/29 19:58:46 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/29 19:58:07 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/09/29 19:57:57 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/09/29 19:57:55 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/29 19:57:52 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/09/28 12:32:01 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2010/01/14 22:12:21 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2001/08/17 23:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/30 14:37:47 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/01/28 14:00:45 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/09/29 19:58:46 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/29 19:58:07 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/09/29 19:57:57 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/09/29 19:57:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/09/28 12:32:01 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/09/29 19:58:52 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/29 19:58:51 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/28 12:31:50 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/28 12:31:50 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/09/24 11:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/04/14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 13:20:16 | 000,297,728 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97sis.sys -- (SiS7018) Service for AC'97 Sample Driver (WDM)
DRV - [2001/08/17 13:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 13:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 13:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 13:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1606980848-1757981266-2147020463-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
IE - HKU\S-1-5-21-1606980848-1757981266-2147020463-1004\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll (America Online, Inc.)
IE - HKU\S-1-5-21-1606980848-1757981266-2147020463-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1606980848-1757981266-2147020463-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://isearch.avg.c...9:02&sap=ku&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 14:37:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/28 14:22:57 | 000,000,000 | ---D | M]

[2011/09/28 09:26:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PCOWNER\Application Data\Mozilla\Extensions
[2011/09/29 08:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PCOWNER\Application Data\Mozilla\Firefox\Profiles\sjav08tp.default\extensions
[2011/09/28 19:40:45 | 000,003,849 | ---- | M] () -- C:\Documents and Settings\PCOWNER\Application Data\Mozilla\Firefox\Profiles\sjav08tp.default\searchplugins\avg-secure-search.xml
[2011/09/28 09:25:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/02 13:33:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/26 10:04:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/04/02 13:33:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/21 22:22:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/30 14:37:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/08/27 20:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/23 02:58:35 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/03/25 19:48:41 | 000,002,242 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\AOL Search.xml
[2011/09/23 02:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/23 02:58:35 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/23 02:58:35 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/23 02:58:35 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/09/29 08:50:32 | 000,249,881 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8710 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O3 - HKLM\..\Toolbar: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1606980848-1757981266-2147020463-1004\..\Toolbar\WebBrowser: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1606980848-1757981266-2147020463-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-1757981266-2147020463-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\PCOWNER\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\PCOWNER\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64272A2A-B5E9-4E65-87A7-38B4EFC7B50E}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\PCOWNER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\PCOWNER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/09 20:08:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/29 17:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/09/29 17:43:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/09/29 17:42:55 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/09/29 17:42:55 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/09/29 17:42:54 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/09/29 17:42:54 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/09/29 17:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/09/29 08:53:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/09/29 08:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/29 08:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/09/29 08:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/09/29 08:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PCOWNER\Desktop\Downloads
[2011/09/29 08:37:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PCOWNER\Application Data\GetRightToGo
[2011/09/29 08:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/09/28 20:38:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PCOWNER\Application Data\AVG
[2011/09/28 20:37:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/09/28 19:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PCOWNER\Application Data\AVG2012
[2011/09/28 19:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/28 19:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/09/28 19:17:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/09/28 19:17:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/09/28 18:17:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PCOWNER\Start Menu\Programs\Plus500
[2011/09/28 18:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Plus500
[2011/09/28 18:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PCOWNER\Local Settings\Application Data\Plus500
[2011/09/28 13:54:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PCOWNER\Start Menu\Programs\PartyPoker
[2011/09/28 13:53:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/28 13:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/09/28 13:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/09/28 11:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PCOWNER\Application Data\JokerClick
[2011/09/28 11:05:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PCOWNER\Start Menu\Programs\ManiakPoker
[2011/09/28 11:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\JokerClick
[2011/09/28 10:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\JokerClick
[2011/09/28 10:46:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\5050 Poker
[2011/09/28 09:38:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\PCOWNER\Recent
[2011/09/28 09:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\24hPoker
[2011/09/28 09:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\PacificPoker
[2011/09/28 09:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PCOWNER\Application Data\PacificPoker
[2011/09/28 09:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PCOWNER\Start Menu\Programs\BabasChess
[2011/09/28 09:38:06 | 000,000,000 | ---D | C] -- C:\Betfair JPC
[2011/09/28 09:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\CarbonPoker
[2011/09/28 09:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PCOWNER\Start Menu\Programs\CarbonPoker
[2011/09/28 09:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RedKings Poker
[2011/09/28 09:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PCOWNER\Start Menu\Programs\Games
[2011/09/28 09:25:41 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/09/22 18:25:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\JokerClick
[2011/09/15 16:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\MyLuckyHand
[2011/09/14 12:08:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PCOWNER\Local Settings\Application Data\CPN
[2011/09/07 06:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\ComeOn Poker
[2011/09/01 13:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PCOWNER\My Documents\ManiakPoker
[2011/09/01 13:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PCOWNER\Application Data\ManiakPoker
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/30 15:17:40 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/09/30 15:15:02 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/09/30 15:14:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/30 15:14:28 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/30 14:47:03 | 000,000,499 | ---- | M] () -- C:\Documents and Settings\PCOWNER\Desktop\MBR.zip
[2011/09/30 14:42:10 | 000,000,022 | ---- | M] () -- C:\Documents and Settings\PCOWNER\Desktop\New Compressed (zipped) Folder.zip
[2011/09/30 13:55:11 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\PCOWNER\Desktop\MBR.dat
[2011/09/30 10:09:07 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\JokerClick.lnk
[2011/09/29 19:58:52 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/09/29 19:58:51 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/09/29 17:44:16 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/09/29 10:20:33 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\PCOWNER\Local Settings\Application Data\WebpageIcons.db
[2011/09/29 09:12:42 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/09/29 08:50:32 | 000,249,881 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/29 08:47:15 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\PCOWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/29 08:47:15 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\PCOWNER\Desktop\Spybot - Search & Destroy.lnk
[2011/09/28 20:38:02 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\PCOWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/09/28 20:38:02 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\PCOWNER\Desktop\AVG PC Tuneup 2011.lnk
[2011/09/28 19:04:12 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/09/28 18:17:37 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\PCOWNER\Desktop\Plus500.lnk
[2011/09/28 17:32:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/28 13:54:40 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\PCOWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\PartyPoker.lnk
[2011/09/28 13:54:40 | 000,001,650 | ---- | M] () -- C:\Documents and Settings\PCOWNER\Desktop\PartyPoker.lnk
[2011/09/28 13:54:26 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\PCOWNER\Desktop\Glary Utilities (2).lnk
[2011/09/28 13:54:25 | 000,001,618 | ---- | M] () -- C:\Documents and Settings\PCOWNER\Desktop\SUPERAntiSpyware Alternate Start (2).lnk
[2011/09/28 13:54:24 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\PCOWNER\Desktop\Mozilla Firefox.lnk
[2011/09/28 13:53:21 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\PCOWNER\Desktop\SpywareBlaster.lnk
[2011/09/28 11:05:40 | 000,000,992 | ---- | M] () -- C:\Documents and Settings\PCOWNER\Desktop\ManiakPoker.lnk
[2011/09/28 10:54:44 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\PCOWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\5050 Poker.lnk
[2011/09/28 10:54:40 | 000,001,649 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\5050 Poker.lnk
[2011/09/28 10:24:37 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CelebPoker.lnk
[2011/09/28 10:12:33 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\PCOWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/28 10:12:33 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/28 09:42:05 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/26 18:53:23 | 000,191,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/25 10:39:03 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/09 10:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/03 11:17:37 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\crypt32(3).dll
[2011/09/01 14:23:51 | 000,744,620 | ---- | M] () -- C:\Documents and Settings\PCOWNER\My Documents\id2.jpg
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/30 14:47:03 | 000,000,499 | ---- | C] () -- C:\Documents and Settings\PCOWNER\Desktop\MBR.zip
[2011/09/30 14:42:10 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\PCOWNER\Desktop\New Compressed (zipped) Folder.zip
[2011/09/30 13:55:11 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\PCOWNER\Desktop\MBR.dat
[2011/09/29 17:44:15 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/09/29 14:55:44 | 536,399,872 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/29 10:20:24 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\PCOWNER\Local Settings\Application Data\WebpageIcons.db
[2011/09/29 08:47:15 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\PCOWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/29 08:47:15 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\PCOWNER\Desktop\Spybot - Search & Destroy.lnk
[2011/09/29 08:40:47 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/09/28 20:38:02 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\PCOWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/09/28 20:38:02 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\PCOWNER\Desktop\AVG PC Tuneup 2011.lnk
[2011/09/28 18:17:37 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\PCOWNER\Desktop\Plus500.lnk
[2011/09/28 17:32:24 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/09/28 13:54:40 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\PCOWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\PartyPoker.lnk
[2011/09/28 13:54:40 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\PCOWNER\Desktop\PartyPoker.lnk
[2011/09/28 13:54:26 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\PCOWNER\Desktop\Glary Utilities (2).lnk
[2011/09/28 13:54:25 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\PCOWNER\Desktop\SUPERAntiSpyware Alternate Start (2).lnk
[2011/09/28 13:54:24 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\PCOWNER\Desktop\Mozilla Firefox.lnk
[2011/09/28 13:53:21 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\PCOWNER\Desktop\SpywareBlaster.lnk
[2011/09/28 11:05:40 | 000,000,992 | ---- | C] () -- C:\Documents and Settings\PCOWNER\Desktop\ManiakPoker.lnk
[2011/09/28 10:54:51 | 000,002,259 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\JokerClick.lnk
[2011/09/28 10:46:45 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\PCOWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\5050 Poker.lnk
[2011/09/28 10:46:41 | 000,001,649 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\5050 Poker.lnk
[2011/09/28 10:24:37 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\CelebPoker.lnk
[2011/09/28 10:24:37 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CelebPoker.lnk
[2011/09/26 18:53:23 | 000,191,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/15 14:16:39 | 000,113,192 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/01 14:23:50 | 000,744,620 | ---- | C] () -- C:\Documents and Settings\PCOWNER\My Documents\id2.jpg
[2011/07/06 21:33:27 | 000,000,053 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2011/07/05 13:06:25 | 000,005,078 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bltofzsb.qlf
[2011/07/04 23:05:08 | 000,001,744 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/19 11:58:57 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\PCOWNER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/30 19:21:25 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2011/03/26 15:45:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/03/26 15:17:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2011/03/22 19:27:31 | 000,001,632 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/03/09 20:29:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/03/09 20:11:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/09 20:01:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/09 19:53:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 12:00:00 | 000,435,592 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 12:00:00 | 000,068,504 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/04/23 23:02:10 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2003/02/19 02:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2002/03/23 23:04:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

========== LOP Check ==========

[2011/09/28 19:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/29 12:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/28 19:17:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/09/28 11:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JokerClick
[2011/09/29 08:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/26 09:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2011/09/02 08:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pokernet
[2011/09/29 07:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/28 20:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PCOWNER\Application Data\AVG
[2011/09/28 19:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PCOWNER\Application Data\AVG2012
[2011/04/02 10:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PCOWNER\Application Data\Azureus
[2011/03/26 15:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PCOWNER\Application Data\DriverFinder
[2011/09/29 08:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PCOWNER\Application Data\GetRightToGo
[2011/03/23 13:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PCOWNER\Application Data\GlarySoft
[2011/06/10 19:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PCOWNER\Application Data\HighPulse
[2011/09/30 10:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PCOWNER\Application Data\JokerClick
[2011/09/29 19:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PCOWNER\Application Data\ManiakPoker
[2011/09/28 11:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PCOWNER\Application Data\Microgaming
[2011/06/30 14:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PCOWNER\Application Data\MSNInstaller
[2011/09/28 09:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PCOWNER\Application Data\MyPokerLab
[2011/05/24 10:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PCOWNER\Application Data\Nuance
[2011/09/28 09:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PCOWNER\Application Data\PacificPoker
[2011/03/26 22:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PCOWNER\Application Data\Participatory Culture Foundation
[2011/03/27 11:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PCOWNER\Application Data\PCF-VLC
[2011/03/26 22:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PCOWNER\Application Data\Raptr
[2011/05/24 09:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PCOWNER\Application Data\Zeon
[2011/09/30 15:15:02 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2011/09/30 15:17:40 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/30 14:37:42 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/30 14:37:42 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/30 14:37:42 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/30 14:37:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/30 14:37:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/30 14:37:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/14 05:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/14 05:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/14 05:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008/04/14 05:42:24 | 000,093,184 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/30 14:37:42 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/30 14:37:42 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/30 14:37:42 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/30 14:37:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/30 14:37:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/30 14:37:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/14 05:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/14 05:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/14 05:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008/04/14 05:42:24 | 000,093,184 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
  • 0

#8
ARCTICWRATH
Posted 30 September 2011 - 12:48 PM

ARCTICWRATH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Thank you. Waiting for OTL scan logs.



thx for your quick response, if the machine is beyond help so be it but I am thankful that you gave your time,
  • 0

#9
Render
Posted 01 October 2011 - 05:13 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
I can't see nothing malicious so far. It looks like a hardware problem.

Anyway to be sure proceed with this:

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#10
ARCTICWRATH
Posted 01 October 2011 - 05:24 AM

ARCTICWRATH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
very well I will proceed as instructed, it is an old machine so perhaps I will have to replace it, I have a laptop but this machine is for my use only for poker and email, so I hope we can resolve the problem, once again I thank you for your time
  • 0

Advertisements

#11
ARCTICWRATH
Posted 02 October 2011 - 08:47 AM

ARCTICWRATH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I attache the avptool system report file, I am havig some difficulty getting the scan report , the scan completed successfully and found no threats but for some reason it will not let me save the report

Attached Files


  • 0

#12
Render
Posted 02 October 2011 - 12:01 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
From the Start menu open your Computer
You should see something like this:

Posted Image

Right click your system partition (usually C) and select Properties

Posted Image

Select Tools tab and then Check now...
The second window will popup
Ensure you have ticks in both boxes
Then click Start
Windows will schedule it for the next boot
Reboot

Once that has completed:

Go to Start > All Programs > Accessories
Right click Command Prompt and select Run as administrator
When the prompt opens type the following bolded text and press enter

sfc /scannow (Note: There is a space between sfc and /scannow)

On completion reboot

Let me know then if there is any improvement
  • 0

#13
ARCTICWRATH
Posted 03 October 2011 - 07:55 AM

ARCTICWRATH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I have cpmpleted all instructions and today I have been on the com for about 2 hours and had no problewms so far , I have not played poker yet as obviously it can be exspensive if the com gos silly while playing for money so I will wait and see if it behaves , I thank you for your help and will let you know if the problem comes back ,if it does I may have to think about replaceing the old girl ??
  • 0

#14
Render
Posted 03 October 2011 - 08:27 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
I want you to run your PC as normal and if you encounter any problems come back to me.

Anyway, how old is this "girl"?
  • 0

#15
ARCTICWRATH
Posted 03 October 2011 - 11:13 AM

ARCTICWRATH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
as far as we recall the com is 9-10 years old . it was in the loft for 3 years before being pressed back into service a year ago when my wife got upset with not being able to access her laptop as I was useing it a lot, I have been thinking of get new one but money is tight at the moment
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP