Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware or spyware Im sure-wont let malware bytes or system restore ru

Started by Jessieboogie , Oct 09 2009 03:02 PM

  • Please log in to reply

#1
Jessieboogie
Posted 09 October 2009 - 03:02 PM

Jessieboogie

    Member

  • Member
  • PipPipPip
  • 105 posts
malware bytes wont run it says

runtime error 5003 unexpected error

the instruction at 0x773f65f1 referenced memory could not be read






system restore says

unhandled exception has occurred provider load failure


root repeal says could not load driver oxc0000035


otl ran all day 7am to 4pm then quit(not responding)


Thanks in advance.
  • 0

Advertisements

#2
Transience
Posted 10 October 2009 - 08:39 AM

Transience

    Unofficial Music Guru

  • Retired Staff
  • 2,448 posts
Hello and welcome to Geeks to Go! I'm Dave and I'll be helping you out. Let's get started:

Please go to the GMER Rootkit Scanner Download Site.
  • Click on the Download EXE button.
  • The file you are downloading will have a random name in order to circumvent the attempts of malware to block it from running.
  • Take note of the name of the file (please don't change it), and then save it directly to your desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click on the file you downloaded (Vista users please right-click it and select Run as Administrator). The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure that the "Show all" box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity, don't worry.
  • Click Ok.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it to a location where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

Then:

Please visit this webpage for download links and instructions for running ComboFix:

http://www.bleepingc...to-use-combofix

Click on any of the links at that website to download ComboFix. At the window that appears, please change the name of the file from ComboFix to cf.com. This name is important and must be exactly as I have given it to you here, including the .com file extension. After changing the name, click on the drop down menu for the box labeled Save as type: and change it to All files. Once you made these changes, save the file directly to your desktop.

Return to the above link and continue with the instructions provided there for running ComboFix. Be sure that you read ALL of the instructions on that page carefully and follow them exactly. It is particularly important to disable all your protection programs before running ComboFix. If you need further help figuring out how to disable a specific program look here for instructions. Installing the recovery console if you're running an XP machine is another critical step. Although these prelimiary steps may seem unnecessary, by following the directions in that guide closely you give ComboFix the best possible chance at a successful run and minimize the likelihood of having serious problems occur after an attempted removal of malware.

Once the program has finished running its log should pop up automatically, or if for some reason you lose it it can found at C:\ComboFix.txt. Please post the log's contents in your next reply.

Cheers,
Dave
  • 0

#3
Jessieboogie
Posted 11 October 2009 - 02:35 PM

Jessieboogie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
GMER will not run.

A blue screen comes on and says....a problem has been detected awxoqpog.sys beginning physical dump of memory.

Combofix.... Explorer will not run. I am using firefox and it will not allow me to "save as" to change the name to cf.com like you requested.
  • 0

#4
Transience
Posted 11 October 2009 - 03:15 PM

Transience

    Unofficial Music Guru

  • Retired Staff
  • 2,448 posts
In firefox you have to right-click the download link and select Save link as..., that will open up the download box, continue as I instructed above.

Cheers,
Dave
  • 0

#5
Jessieboogie
Posted 11 October 2009 - 05:23 PM

Jessieboogie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
yes I know...but when I do that nothing happens. save link as......nothing comes up.

never mind.....i changed the downloads to always ask where to save....this worked!!


Stay tuned!!

Edited by Jessieboogie, 11 October 2009 - 06:24 PM.

  • 0

#6
Jessieboogie
Posted 11 October 2009 - 07:01 PM

Jessieboogie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
ComboFix 09-10-11.01 - Compaq_Owner 10/11/2009 20:29.1.1 - NTFSx86
Running from: c:\documents and settings\Compaq_Owner\Desktop\cf.com.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\137868.msi
c:\windows\Installer\16212e.msi
c:\windows\Installer\304575f7.msp
c:\windows\Installer\6778aa.msi
c:\windows\Installer\ea6116d.msi
c:\windows\system32\ps2.bat

c:\windows\pchealth\helpctr\binaries\helpsvc.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.

2009-10-09 15:01 . 2009-10-09 15:01 34816 ----a-w- c:\windows\system32\drivers\rootrepeal2.sys
2009-10-09 11:09 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-09 11:09 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-09 11:09 . 2009-10-09 11:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-06 01:25 . 2009-10-06 01:25 -------- d-----w- c:\documents and settings\TEMP
2009-10-02 00:43 . 2009-10-02 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Princess Isabella
2009-10-02 00:40 . 2009-10-03 23:54 -------- d-----w- c:\program files\Princess Isabella
2009-09-25 23:30 . 2009-09-25 23:30 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Merscom
2009-09-25 23:30 . 2009-09-25 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2009-09-25 23:27 . 2009-10-02 00:31 -------- d-----w- c:\program files\Nanny 911
2009-09-22 00:32 . 2009-09-22 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\EscapeFromParadise2
2009-09-22 00:20 . 2009-09-23 18:39 -------- d-----w- c:\program files\Aveyond Lord of Twilight
2009-09-22 00:05 . 2009-09-22 00:05 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Aveyond 3
2009-09-21 23:42 . 2009-09-23 16:04 -------- d-----w- c:\program files\Escape From Paradise 2 A Kingdoms Quest
2009-09-21 23:19 . 2009-09-21 23:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-09-21 23:19 . 2009-09-21 23:26 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Azureus
2009-09-15 01:01 . 2009-09-15 01:01 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Auslogics
2009-09-15 01:01 . 2009-09-15 01:01 -------- d-----w- c:\program files\Auslogics

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 20:57 . 2008-03-05 16:30 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2009-10-11 20:56 . 2008-03-05 16:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-11 20:55 . 2009-06-15 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-09 00:43 . 2009-09-08 15:13 -------- d-----w- c:\program files\ERUNT
2009-10-07 00:32 . 2009-03-04 18:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-05 22:47 . 2008-02-06 05:06 -------- d-----w- c:\program files\PokerStars
2009-10-04 04:25 . 2008-02-06 02:10 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\LimeWire
2009-09-22 00:15 . 2008-02-06 02:02 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\BitTorrent
2009-09-15 01:08 . 2004-08-09 06:12 -------- d-----w- c:\program files\Java
2009-09-13 17:14 . 2008-02-06 00:55 -------- d-----w- c:\program files\LimeWire
2009-09-13 17:02 . 2008-02-10 01:48 -------- d-----w- c:\program files\Trend Micro
2009-08-20 23:59 . 2009-08-20 23:59 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\AVG8
2009-08-20 23:46 . 2009-08-20 23:46 -------- d-----w- c:\program files\Nancy Drew
2009-08-05 09:01 . 2004-08-09 04:28 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 09:23 . 2008-12-05 17:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 21:25 . 2008-04-24 15:49 16 ----a-w- c:\windows\popcinfo.dat
2009-07-17 19:01 . 2004-08-09 04:28 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-09 04:29 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-04-22 286720]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-30 88363]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 rootrepeal2;rootrepeal2;c:\windows\system32\drivers\rootrepeal2.sys [2009-10-09 34816]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cm.my.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\twdv52e7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - myyahoo.com
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-CTFMON - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-11 20:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-176964136-1637672285-2557995224-1009\Software\SecuROM\License information*]
"datasecu"=hex:67,50,46,50,27,46,f4,cd,1d,d1,fb,5b,49,bd,d4,3a,29,f6,1a,5f,92,
53,ca,1d,30,4d,b1,98,5a,86,23,65,16,8b,b4,08,a2,4c,a2,2d,bb,4c,e1,6d,ef,62,\
"rkeysecu"=hex:60,68,d9,99,0d,ca,ba,24,23,9c,42,ce,a1,f4,03,73
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-10-12 20:54
ComboFix-quarantined-files.txt 2009-10-12 00:54

Pre-Run: 127,908,659,200 bytes free
Post-Run: 127,996,661,760 bytes free

157 --- E O F --- 2009-10-11 20:59
  • 0

#7
Transience
Posted 12 October 2009 - 05:21 PM

Transience

    Unofficial Music Guru

  • Retired Staff
  • 2,448 posts
Hello

Quick heads-up for you before we continue:

I see you're using or have in the past used p2p software such as Azureus, LimeWire, and BitTorrent. Although p2p programs are not usually malware in their own right, oftentimes malware is installed alongside them. Even if the program is clean, people often upload infected files to be shared using these programs, and it is very easy to end up compromising your PC. It's your decision about whether or not you use p2p programs, you don't have to remove them to be deemed clean and I'll still give you help if you want to keep them. It's just important that you're aware of the risks. If you want to continue using p2p programs that's fine with me, all I ask is that you not download anything from them until you're clean so we aren't taking steps backwards here. To remove p2p programs if you wish to do so, uninstall them from the Add/Remove Programs (it's Programs and Features in Vista) menu of your Control Panel.

Log's looking better, let's run some deeper scans to see if there's anything else.

First we'll clean out your unnecessary temp files to speed up the scans:

1. TFC
  • Please download TFC to your desktop.
  • Save any work, then close all open windows.
  • Double-click TFC to run it, and allow the process to complete, which should not take more than a couple minutes.
  • You may or may not be prompted to reboot, if you are click "Yes" and allow the computer to reboot.
  • Close TFC when it has completed.
2. Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from here.

Doubleclick (Vista users please right-click Run as Administrator) on mbam-setup.exe to install the program.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware at the end of setup, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full Scan, then click Scan.
  • The scan is different from the quick scan and will take a fairly long time to finish (you can leave it to run and go do something else), please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab.
  • Copy & Paste the entire report in your next reply.
3. Kaspersky Online Scan

Kaspersky online scanner uses Java technology to perform the scan. Because your Java is out of date, we need to update it first so that the scan will run without issues.

Update Java

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts. A log will appear (JavaRa.log), DO NOT post this log, I have no need for it.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
Scan
  • Follow this link to the Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
So post back with the logs from MBAM and Kaspersky when you have them and give me an update on how the PC is running, and we should have you on your way :).

- Dave
  • 0

#8
Jessieboogie
Posted 13 October 2009 - 08:44 AM

Jessieboogie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Computer is still slow.....IE still won't run.

Malwarebytes will still not run...if you look at my first post you will see the error messages that it gives me.



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, October 13, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, October 13, 2009 01:20:34
Records in database: 2962997
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Objects scanned: 72060
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 06:29:56


File name / Threat / Threats count
C:\Documents and Settings\Compaq_Owner\My Documents\LimeWire\Saved\Air Supply - Every Woman In the World.wma Infected: Trojan-Downloader.WMA.Wimad.v 1
C:\Documents and Settings\Compaq_Owner\My Documents\LimeWire\Saved\Elizabeth Daily - Soundtrack Scarface - Shake It Up.wma Infected: Trojan-Downloader.WMA.Wimad.v 1

Selected area has been scanned.
  • 0

#9
Jessieboogie
Posted 13 October 2009 - 04:12 PM

Jessieboogie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
i am now having to run in safe mode....firefox wont run now.
  • 0

#10
Transience
Posted 15 October 2009 - 01:01 PM

Transience

    Unofficial Music Guru

  • Retired Staff
  • 2,448 posts
Sorry for the delay in getting back to you... please try uninstalling and then reinstalling MBAM, if you can only boot in safe mode then download the newest MBAM installer file on a different computer and transfer it to the infected one by removable storage. See if that gets rid of the MBAM error.

Cheers,
Dave
  • 0

#11
Jessieboogie
Posted 15 October 2009 - 05:36 PM

Jessieboogie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Neither of the two suggestions worked.....When uninstalling and reinstalling the error messages popped up the whole time and I had to keep clicking ok....also...the send error report to microsoft kept popping up as well. Any other ideas?

Edited by Jessieboogie, 16 October 2009 - 04:58 AM.

  • 0

#12
Transience
Posted 17 October 2009 - 02:01 PM

Transience

    Unofficial Music Guru

  • Retired Staff
  • 2,448 posts
Not sure about that error with MBAM, I'll check about it. As of now, what issues are you still experiencing with the computer?
  • 0

#13
Jessieboogie
Posted 17 October 2009 - 07:24 PM

Jessieboogie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
When I boot in regular mode a window pops up that says....

Generic host process for win32 services has encountered a problem and needs to close. Please tell micro soft about this problem.

Firefox and IE will not run at all in regular mode.

Windows Media Player says that it is not installed properly and needs to be reinstalled.
  • 0

#14
Transience
Posted 18 October 2009 - 10:24 AM

Transience

    Unofficial Music Guru

  • Retired Staff
  • 2,448 posts
Alright let's see where we're at here with those errors:

1. OTL
  • Please download OTL to your desktop.
  • Double click on the icon to run it. Make sure to close all other windows and let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are also saved in the same location as OTL.
  • Please copy (Edit -> Select All, Edit -> Copy) the contents of these files, one at a time, and post them with your next reply.

  • 0

#15
Jessieboogie
Posted 18 October 2009 - 05:10 PM

Jessieboogie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
OTL logfile created on: 10/18/2009 6:53:42 PM - Run 2
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 319.66 Mb Available Physical Memory | 62.50% Memory free
1.25 Gb Paging File | 1.13 Gb Available in Paging File | 90.77% Paging File free
Paging file location(s): C:\pagefile.sys 800 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 118.90 Gb Free Space | 79.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-22CA86D5C4
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Stopped]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (getPlus® Helper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (InCDsrv [Auto | Stopped]) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
SRV - (iPodService [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (JavaQuickStarterService [Auto | Stopped]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Auto | Stopped]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MDM [Auto | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AgereSoftModem [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXSENS [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (ALCXWDM [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (atirage3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\atimpae.sys (ATI Technologies Inc.)
DRV - (FET5X86V [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - (FETND5BV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - (FETNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys (VIA Technologies, Inc. )
DRV - (FETNDISB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (InCDfs [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\InCDFs.sys (Nero AG)
DRV - (InCDPass [System | Running]) -- C:\WINDOWS\System32\drivers\InCDPass.sys (Nero AG)
DRV - (incdrm [System | Running]) -- C:\WINDOWS\System32\drivers\InCDRm.sys (Nero AG)
DRV - (MCSTRM [Auto | Stopped]) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (rootrepeal2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\rootrepeal2.sys ()
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (USBIO [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbio.sys (Thesycon GmbH, Germany)
DRV - (viaagp1 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (viagfx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "myyahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3


FF - HKLM\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/01/17 13:33:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/23 21:00:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/05 13:06:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/09 17:27:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/13 17:30:59 | 00,000,000 | ---D | M]

[2009/06/30 16:22:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\mozilla\Extensions
[2009/06/30 16:22:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/27 19:42:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\mozilla\Extensions\[email protected]
[2009/10/17 21:31:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\mozilla\Firefox\Profiles\twdv52e7.default\extensions
[2009/06/30 17:43:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\mozilla\Firefox\Profiles\twdv52e7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/04/18 16:57:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\mozilla\Firefox\Profiles\twdv52e7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/04/18 16:57:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\mozilla\Firefox\Profiles\twdv52e7.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2009/09/14 10:23:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\mozilla\Firefox\Profiles\twdv52e7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/21 19:27:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\mozilla\Firefox\Profiles\twdv52e7.default\extensions\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}
[2009/10/17 21:31:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/14 17:32:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/13 19:01:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/10/12 19:51:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/09/14 17:31:58 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/14 17:31:58 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/31 15:23:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/14 17:32:00 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/06/11 23:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/24 07:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 07:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 07:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 07:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 07:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 07:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\System32\ps2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com...OnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1201993462062 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace...ronGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/09 01:45:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/21 19:19:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/09/21 20:32:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EscapeFromParadise2
[2009/09/25 19:30:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2009/10/01 20:43:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2009/09/21 20:05:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Aveyond 3
[2009/09/21 19:19:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Azureus
[2009/09/25 19:30:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Merscom
[2009/09/21 20:20:22 | 00,000,000 | ---D | C] -- C:\Program Files\Aveyond Lord of Twilight
[2009/09/21 19:42:37 | 00,000,000 | ---D | C] -- C:\Program Files\Escape From Paradise 2 A Kingdoms Quest
[2009/09/25 19:27:08 | 00,000,000 | ---D | C] -- C:\Program Files\Nanny 911
[2009/10/01 20:40:30 | 00,000,000 | ---D | C] -- C:\Program Files\Princess Isabella
[2009/10/18 18:53:02 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2009/10/12 19:51:06 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/12 19:51:06 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/12 19:51:06 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/12 19:25:46 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\TFC.exe
[2009/10/12 13:56:25 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/11 20:57:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/11 20:27:23 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/11 20:27:23 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/11 20:27:23 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/11 20:27:23 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/11 16:46:01 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/21 19:20:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\Azureus Downloads

========== Files - Modified Within 30 Days ==========

[2009/10/18 18:53:02 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2009/10/17 19:03:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/17 18:50:42 | 00,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/10/17 18:50:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/14 14:19:44 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/10/12 19:25:47 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\TFC.exe
[2009/10/12 13:58:35 | 05,743,422 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\IconCache.db
[2009/10/11 20:51:55 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/11 20:22:56 | 03,336,733 | R--- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\cf.com.exe
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/09 11:01:12 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal2.sys
[2009/10/08 20:43:40 | 00,000,775 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/01 20:43:30 | 00,000,675 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to Princess.lnk
[2009/09/29 11:11:01 | 00,000,517 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\New Limewire Downloads.lnk
[2009/09/23 14:39:00 | 00,000,800 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to Aveyond - Lord of Twilight.lnk
[2009/09/22 20:29:37 | 00,000,778 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to Escape2.lnk
[2009/09/21 19:31:58 | 00,277,504 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\R.A.A-P.C.exe
[2009/09/20 20:05:38 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/20 20:05:38 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/20 13:35:06 | 00,926,168 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\HPIM1478.JPG

========== Files - No Company Name ==========
[2009/10/11 20:27:23 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/11 20:27:23 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/11 20:27:23 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/11 20:27:23 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/11 20:22:55 | 03,336,733 | R--- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\cf.com.exe
[2009/10/09 11:01:02 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal2.sys
[2009/10/08 20:43:40 | 00,000,775 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/01 20:43:30 | 00,000,675 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to Princess.lnk
[2009/09/29 11:11:01 | 00,000,517 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\New Limewire Downloads.lnk
[2009/09/23 14:39:00 | 00,000,800 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to Aveyond - Lord of Twilight.lnk
[2009/09/22 20:29:37 | 00,000,778 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to Escape2.lnk
[2009/09/21 19:31:55 | 00,277,504 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\R.A.A-P.C.exe
[2009/09/20 20:08:20 | 00,926,168 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\HPIM1478.JPG
[2009/08/20 21:13:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\CastleMalloy.INI
[2008/12/27 20:57:28 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/08/15 11:39:57 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/07/05 15:18:26 | 00,045,605 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2008/07/05 15:18:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/07/05 15:18:04 | 00,002,150 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\HPSU_48BitScanUpdate.log
[2008/07/05 15:18:04 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008/04/01 18:51:07 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/06 20:48:01 | 00,036,337 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2008/03/06 20:48:01 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/02/06 23:18:57 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/04 18:27:12 | 00,028,360 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/02/04 18:14:39 | 00,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/02/02 23:48:13 | 05,743,422 | -H-- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\IconCache.db
[2008/02/02 23:48:13 | 00,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2008/02/02 23:48:13 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\desktop.ini
[2008/02/02 23:46:59 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/02/02 23:46:59 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/02/02 23:46:59 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/02/02 23:46:59 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/02/02 23:46:59 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/02/02 23:46:59 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/02/02 23:36:17 | 00,031,232 | ---- | C] () -- C:\WINDOWS\System32\traffic.dll
[2008/02/02 23:35:15 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\mcicda.dll
[2006/10/27 09:26:56 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/10 20:02:28 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/09 05:00:40 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/08/09 04:58:47 | 00,025,959 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/08/09 04:58:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/08/09 02:50:02 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/09 02:32:16 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/09 02:02:20 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/08/09 02:02:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/08/09 02:01:57 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/08/09 01:49:55 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/09 01:43:21 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\msh261.drv
[2004/08/09 00:29:17 | 00,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/09 00:29:14 | 02,458,112 | ---- | C] () -- C:\WINDOWS\System32\WMVCore.dll
[2004/08/09 00:29:13 | 08,231,936 | ---- | C] () -- C:\WINDOWS\System32\wmploc.dll
[2004/08/09 00:29:13 | 00,321,536 | ---- | C] () -- C:\WINDOWS\System32\mswmdm.dll
[2004/08/09 00:29:13 | 00,222,720 | ---- | C] () -- C:\WINDOWS\System32\wmasf.dll
[2004/08/09 00:29:02 | 00,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/09 00:28:50 | 00,000,546 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/09 00:28:48 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/09 00:28:23 | 00,092,672 | ---- | C] () -- C:\WINDOWS\System32\dskquota.dll
[2004/08/09 00:28:12 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\asycfilt.dll
[2004/08/08 18:37:33 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/04 03:56:58 | 00,294,912 | ---- | C] () -- C:\WINDOWS\System32\msh263.drv
[2001/07/06 16:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D17C178
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16B49C20
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D667795F
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >



There was no extras.txt
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP