WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93125 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] Malwarebytes not working Plus More

Started by topband , Mar 01 2009 08:59 PM

Page 6 of 11
4
5
6
7
8

This topic is locked

152 replies to this topic

#76 topband

Authentic Member

Authentic Member
83 posts

Posted 20 May 2009 - 12:40 PM

thnx ...i'll be on to that task in a few days ... jh

Advertisements

Register to Remove

#77 topband

Authentic Member

Authentic Member
83 posts

Posted 20 May 2009 - 01:30 PM

HI OM Here's a new one for me .... comp b was running great working fast not freezing online perfect ...then i went to try to burn a cd because before i couldn't burn a cd and I opened the cd drive which had a blank cd in there ...'BAM' the whole thing shut down .... then i started it again , it went to the OPENING WINDOW with the blue windows screen looking normal and then ....it repeated again the initial start up window and then apparantly now it's working as it gave the "system recovered from a serious error prompt ...so i copied all i coudl get from that and here is the code from the "SERIOUS ERROR" ...system A-OK now ...apparantly ... i'll chk it thru the day I SALVAGED the "SERIOUS ERROR" Prompt BCCode : 10000050 BCP1 : FFFF0040 BCP2 : 00000000 BCP3 : 805AD89E BCP4 : 00000000 OSVer : 5_1_2600 SP : 2_0 Product : 768_1 and then the click here part of that prompt showing the code: C:\DOCUME~1\JOHNHA~1\LOCALS~1\Temp\WER5251.dir00\Mini052009-02.dmp C:\DOCUME~1\JOHNHA~1\LOCALS~1\Temp\WER5251.dir00\sysdata.xml

#78 topband

Authentic Member

Authentic Member
83 posts

Posted 20 May 2009 - 02:52 PM

OK HI OM ...in the testing of COMP B on daily work ...i attempted to burn a music CD ( i am a DJ in the Music Biz) and it failed in ITUNES and NERO ...here is the NERO LOG .... can you pls suggest what I have not done to reset this ...it was also failing prior and I was burning things on my COMP A and then rehooking it up ...a pain in the %^$# ...so here's the error log : Jhon Hancock Personal 1a23-0006-7130-1885-6235-0921 Windows XP 5.1 IA32 WinAspi: - ahead WinASPI: File 'C:\Program Files\Ahead\nero\Wnaspi32.dll': Ver=2.0.1.68, size=160016 bytes, created 7/22/2004 6:33:44 PM Nero version: 6.3.1.25 (Nero Express) Recorder: <PIONEER DVD-RW DVR-107D>Version: 1.10 - HA 1 TA 0 - 6.3.1.25 Adapter driver: <atapi> HA 1 Drive buffer : 2000kB Bus Type : default (0) -> ATAPI, detected: ATAPI CD-ROM: <ASUS CD-S520/A4 >Version: 1.0 - HA 1 TA 1 - 6.3.1.25 Adapter driver: <atapi> HA 1 === Scsi-Device-Map === DiskPeripheral : ST3160021A atapi Port 0 ID 0 DMA: On CdRomPeripheral : PIONEER DVD-RW DVR-107D atapi Port 1 ID 0 DMA: On CdRomPeripheral : ASUS CD-S520/A4 atapi Port 1 ID 1 DMA: Off === CDRom-Device-Map === PIONEER DVD-RW DVR-107D E: CDRom0 ASUS CD-S520/A4 F: CDRom1 TigerJet CD-ROM I: CDRom2 ======================= AutoRun : 1 Excluded drive IDs: WriteBufferSize: 66060288 (0) Byte ShowDrvBufStat : 0 BUFE : 0 Physical memory : 446MB (457200kB) Free physical memory: 50MB (51900kB) Memory in use : 88 % Uncached PFiles: 0x0 Use Static Write Speed Table: 0 Use Inquiry : 1 Global Bus Type: default (0) Check supported media : Disabled (0) 20.5.2009 Audio CD 1:48:22 PM #1 CDADOC -1 File Cdadoc.cpp, Line 1508 Audio item log info: Audio document burn settings: ============================= Burn mode: DAO, CD Text: On, Cache disk or network files: No, Cache small files: No, Cache files smaller than 65536 bytes. Audio Multisession: No List of audio tracks: ===================== Track 01: Length: 01:27.08, Pause frames: 150, Filters: 0, Name: 'Sesame Street - Cookie Monster - C Is For Cookie.mp3'. Track 02: Length: 03:03.03, Pause frames: 150, Filters: 0, Name: 'Sesame Street - Elmo - Hold My Hand.mp3'. Track 03: Length: 01:13.42, Pause frames: 150, Filters: 0, Name: 'Sesame Street - Happy Birthday Song.mp3'. Track 04: Length: 02:23.19, Pause frames: 150, Filters: 0, Name: 'Sesame Street - Rubber Duckie.mp3'. Track 05: Length: 01:54.07, Pause frames: 150, Filters: 0, Name: 'sesame street. bert and ernie. la la la.MP3'. Track 06: Length: 03:49.36, Pause frames: 150, Filters: 0, Name: 'Stomp The Yard - Original Soundtrack - 08 - The Deepest Hood - Al Kapone.mp3'. Track 07: Length: 01:22.05, Pause frames: 150, Filters: 0, Name: 'Temptations - Sugar Pie, Honey Bunch.mp3'. Track 08: Length: 06:25.01, Pause frames: 150, Filters: 0, Name: 'Tim McGraw - Gin and Juice (Kenny Chesney, Garth Brooks ).mp3'. Track 09: Length: 02:44.31, Pause frames: 150, Filters: 0, Name: 'Tina Turner - Son Of A Preacherman.mp3'. Track 10: Length: 04:02.33, Pause frames: 150, Filters: 0, Name: 'T-Pain Ft Akon - Bartender.mp3'. Track 11: Length: 02:51.72, Pause frames: 150, Filters: 0, Name: 'Tracy Byrd - Lifestyles of the Not So Rich and Famous.mp3'. Track 12: Length: 01:08.46, Pause frames: 150, Filters: 0, Name: 'Wiggles - If You're Happy And You Know It.mp3'. Total size: 32:49.03 1:48:22 PM #2 Phase 90 File dlgbrnst.cpp, Line 1855 Buffer Underrun Protection activated 1:48:22 PM #3 Text 0 File Reader.cpp, Line 126 Reader running 1:48:22 PM #4 Text 0 File Writer.cpp, Line 124 Writer PIONEER DVD-RW DVR-107D running 1:48:22 PM #5 Text 0 File AudioCompilationImpl.cpp, Line 817 DRM: StartDrmRecording(RealRec:1, ImageRec:0, Copies:1) DRM: Beginning burn process. 1:48:22 PM #6 Text 0 File Burncd.cpp, Line 3152 Turn on Disc-at-once, using CD-R/RW media 1:48:23 PM #7 Text 0 File DlgWaitCD.cpp, Line 247 Last possible write address on media: 359848 ( 79:59.73) Last address to be written: 147527 ( 32:49.02) 1:48:23 PM #8 Text 0 File DlgWaitCD.cpp, Line 259 Write in overburning mode: NO (enabled: CD) 1:48:23 PM #9 Text 0 File DlgWaitCD.cpp, Line 2162 Recorder: PIONEER DVD-RW DVR-107D; CDR code: 00 97 17 06; OSJ entry from: Moser Baer India Limited ATIP Data: Special Info [hex] 1: D0 00 A0, 2: 61 11 06 (LI 97:17.06), 3: 4F 3B 4A (LO 79:59.74) Additional Info [hex] 1: FF FF FF (invalid), 2: FF FF FF (invalid), 3: FF FF FF (invalid) 1:48:23 PM #10 Text 0 File DlgWaitCD.cpp, Line 420 >>> Protocol of DlgWaitCD activities: <<< ========================================= 1:48:23 PM #11 Text 0 File ThreadedTransferInterface.cpp, Line 813 Setup items (after recorder preparation) 0: TRM_AUDIO_NOPRE (Sesame Street - Cookie Monster - C Is For Cookie.mp3) 2 indices, index0 (150) not provided original disc pos #0 + 6533 (6533) = #6533/1:27.8 relocatable, disc pos for caching/writing not required/not required, no patch infos -> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 6533 blocks [PIONEER DVD-RW DVR-107D] 1: TRM_AUDIO_NOPRE (Sesame Street - Elmo - Hold My Hand.mp3) 2 indices, index0 (150) not provided original disc pos #0 + 13728 (13728) = #13728/3:3.3 relocatable, disc pos for caching/writing not required/not required, no patch infos -> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 13728 blocks [PIONEER DVD-RW DVR-107D] 2: TRM_AUDIO_NOPRE (Sesame Street - Happy Birthday Song.mp3) 2 indices, index0 (150) not provided original disc pos #0 + 5517 (5517) = #5517/1:13.42 relocatable, disc pos for caching/writing not required/not required, no patch infos -> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 5517 blocks [PIONEER DVD-RW DVR-107D] 3: TRM_AUDIO_NOPRE (Sesame Street - Rubber Duckie.mp3) 2 indices, index0 (150) not provided original disc pos #0 + 10744 (10744) = #10744/2:23.19 relocatable, disc pos for caching/writing not required/not required, no patch infos -> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 10744 blocks [PIONEER DVD-RW DVR-107D] 4: TRM_AUDIO_NOPRE (sesame street. bert and ernie. la la la.MP3) 2 indices, index0 (150) not provided original disc pos #0 + 8557 (8557) = #8557/1:54.7 relocatable, disc pos for caching/writing not required/not required, no patch infos -> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 8557 blocks [PIONEER DVD-RW DVR-107D] 5: TRM_AUDIO_NOPRE (Stomp The Yard - Original Soundtrack - 08 - The Deepest Hood - Al Kapone.mp3) 2 indices, index0 (150) not provided original disc pos #0 + 17211 (17211) = #17211/3:49.36 relocatable, disc pos for caching/writing not required/not required, no patch infos -> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 17211 blocks [PIONEER DVD-RW DVR-107D] 6: TRM_AUDIO_NOPRE (Temptations - Sugar Pie, Honey Bunch.mp3) 2 indices, index0 (150) not provided original disc pos #0 + 6155 (6155) = #6155/1:22.5 relocatable, disc pos for caching/writing not required/not required, no patch infos -> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 6155 blocks [PIONEER DVD-RW DVR-107D] 7: TRM_AUDIO_NOPRE (Tim McGraw - Gin and Juice (Kenny Chesney, Garth Brooks ).mp3) 2 indices, index0 (150) not provided original disc pos #0 + 28876 (28876) = #28876/6:25.1 relocatable, disc pos for caching/writing not required/not required, no patch infos -> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 28876 blocks [PIONEER DVD-RW DVR-107D] 8: TRM_AUDIO_NOPRE (Tina Turner - Son Of A Preacherman.mp3) 2 indices, index0 (150) not provided original disc pos #0 + 12331 (12331) = #12331/2:44.31 relocatable, disc pos for caching/writing not required/not required, no patch infos -> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 12331 blocks [PIONEER DVD-RW DVR-107D] 9: TRM_AUDIO_NOPRE (T-Pain Ft Akon - Bartender.mp3) 2 indices, index0 (150) not provided original disc pos #0 + 18183 (18183) = #18183/4:2.33 relocatable, disc pos for caching/writing not required/not required, no patch infos -> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 18183 blocks [PIONEER DVD-RW DVR-107D] 10: TRM_AUDIO_NOPRE (Tracy Byrd - Lifestyles of the Not So Rich and Famous.mp3) 2 indices, index0 (150) not provided original disc pos #0 + 12897 (12897) = #12897/2:51.72 relocatable, disc pos for caching/writing not required/not required, no patch infos -> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 12897 blocks [PIONEER DVD-RW DVR-107D] 11: TRM_AUDIO_NOPRE (Wiggles - If You're Happy And You Know It.mp3) 2 indices, index0 (150) not provided original disc pos #0 + 5146 (5146) = #5146/1:8.46 relocatable, disc pos for caching/writing not required/not required, no patch infos -> TRM_AUDIO_NOPRE, 2352, config 0, wanted index0 0 blocks, length 5146 blocks [PIONEER DVD-RW DVR-107D] -------------------------------------------------------------- 1:48:23 PM #12 Text 0 File ThreadedTransferInterface.cpp, Line 984 Prepare recorder [PIONEER DVD-RW DVR-107D] for write in CUE-sheet-DAO DAO infos: ========== MCN: "" TOCType: 0x00; Session Closed, disc fixated Tracks 1 to 12: 1: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 0 352800 15718416, ISRC "" 2: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 15718416 16071216 48359472, ISRC "" 3: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 48359472 48712272 61688256, ISRC "" 4: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 61688256 62041056 87310944, ISRC "" 5: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 87310944 87663744 107789808, ISRC "" 6: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 107789808 108142608 148622880, ISRC "" 7: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 148622880 148975680 163452240, ISRC "" 8: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 163452240 163805040 231721392, ISRC "" 9: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 231721392 232074192 261076704, ISRC "" 10: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 261076704 261429504 304195920, ISRC "" 11: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 304195920 304548720 334882464, ISRC "" 12: TRM_AUDIO_NOPRE, 2352/0x00, FilePos 334882464 335235264 347338656, ISRC "" DAO layout: =========== __Start_|____Track_|_Idx_|_RecDep_|_CtrlAdr_ -150 | lead-in | 0 | 0x00 | 0x01 -150 | 1 | 0 | 0x00 | 0x21 0 | 1 | 1 | 0x00 | 0x21 6533 | 2 | 0 | 0x00 | 0x21 6683 | 2 | 1 | 0x00 | 0x21 20411 | 3 | 0 | 0x00 | 0x21 20561 | 3 | 1 | 0x00 | 0x21 26078 | 4 | 0 | 0x00 | 0x21 26228 | 4 | 1 | 0x00 | 0x21 36972 | 5 | 0 | 0x00 | 0x21 37122 | 5 | 1 | 0x00 | 0x21 45679 | 6 | 0 | 0x00 | 0x21 45829 | 6 | 1 | 0x00 | 0x21 63040 | 7 | 0 | 0x00 | 0x21 63190 | 7 | 1 | 0x00 | 0x21 69345 | 8 | 0 | 0x00 | 0x21 69495 | 8 | 1 | 0x00 | 0x21 98371 | 9 | 0 | 0x00 | 0x21 98521 | 9 | 1 | 0x00 | 0x21 110852 | 10 | 0 | 0x00 | 0x21 111002 | 10 | 1 | 0x00 | 0x21 129185 | 11 | 0 | 0x00 | 0x21 129335 | 11 | 1 | 0x00 | 0x21 142232 | 12 | 0 | 0x00 | 0x21 142382 | 12 | 1 | 0x00 | 0x21 147528 | lead-out | 1 | 0x00 | 0x01 1:48:24 PM #13 Phase 36 File dlgbrnst.cpp, Line 1855 Burn process started at 24x (3,600 KB/s) 1:48:24 PM #14 Text 0 File ThreadedTransferInterface.cpp, Line 2344 Verifying disc position of item 0 (relocatable, no disc pos, no patch infos, orig at #0): write at #0 1:48:24 PM #15 Text 0 File ThreadedTransferInterface.cpp, Line 2344 Verifying disc position of item 1 (relocatable, no disc pos, no patch infos, orig at #0): write at #6683 1:48:24 PM #16 Text 0 File ThreadedTransferInterface.cpp, Line 2344 Verifying disc position of item 2 (relocatable, no disc pos, no patch infos, orig at #0): write at #20561 1:48:24 PM #17 Text 0 File ThreadedTransferInterface.cpp, Line 2344 Verifying disc position of item 3 (relocatable, no disc pos, no patch infos, orig at #0): write at #26228 1:48:24 PM #18 Text 0 File ThreadedTransferInterface.cpp, Line 2344 Verifying disc position of item 4 (relocatable, no disc pos, no patch infos, orig at #0): write at #37122 1:48:24 PM #19 Text 0 File ThreadedTransferInterface.cpp, Line 2344 Verifying disc position of item 5 (relocatable, no disc pos, no patch infos, orig at #0): write at #45829 1:48:24 PM #20 Text 0 File ThreadedTransferInterface.cpp, Line 2344 Verifying disc position of item 6 (relocatable, no disc pos, no patch infos, orig at #0): write at #63190 1:48:24 PM #21 Text 0 File ThreadedTransferInterface.cpp, Line 2344 Verifying disc position of item 7 (relocatable, no disc pos, no patch infos, orig at #0): write at #69495 1:48:24 PM #22 Text 0 File ThreadedTransferInterface.cpp, Line 2344 Verifying disc position of item 8 (relocatable, no disc pos, no patch infos, orig at #0): write at #98521 1:48:24 PM #23 Text 0 File ThreadedTransferInterface.cpp, Line 2344 Verifying disc position of item 9 (relocatable, no disc pos, no patch infos, orig at #0): write at #111002 1:48:24 PM #24 Text 0 File ThreadedTransferInterface.cpp, Line 2344 Verifying disc position of item 10 (relocatable, no disc pos, no patch infos, orig at #0): write at #129335 1:48:24 PM #25 Text 0 File ThreadedTransferInterface.cpp, Line 2344 Verifying disc position of item 11 (relocatable, no disc pos, no patch infos, orig at #0): write at #142382 1:48:24 PM #26 Text 0 File Mmc.cpp, Line 16038 StartDAO : CD-Text - On 1:48:24 PM #27 Text 0 File Mmc.cpp, Line 20660 Set BUFE: supported -> ON 1:48:24 PM #28 Text 0 File Mmc.cpp, Line 16327 CueData, Len=208 01 00 00 41 00 00 00 00 01 01 00 00 00 00 00 00 01 01 01 00 00 00 02 00 01 02 00 00 00 01 1d 08 01 02 01 00 00 01 1f 08 01 03 00 00 00 04 22 0b 01 03 01 00 00 04 24 0b 01 04 00 00 00 05 31 35 01 04 01 00 00 05 33 35 01 05 00 00 00 08 0e 48 01 05 01 00 00 08 10 48 01 06 00 00 00 0a 0b 04 01 06 01 00 00 0a 0d 04 01 07 00 00 00 0e 02 28 01 07 01 00 00 0e 04 28 01 08 00 00 00 0f 1a 2d 01 08 01 00 00 0f 1c 2d 01 09 00 00 00 15 35 2e 01 09 01 00 00 15 37 2e 01 0a 00 00 00 18 28 02 01 0a 01 00 00 18 2a 02 01 0b 00 00 00 1c 2c 23 01 0b 01 00 00 1c 2e 23 01 0c 00 00 00 1f 26 20 01 0c 01 00 00 1f 28 20 01 aa 01 01 00 20 31 03 1:48:54 PM #29 SCSI -1106 File Cdrdrv.cpp, Line 1445 SCSI Exec, HA 1, TA 0, LUN 0, buffer 0x06540000 Status: 0x04 (0x01, SCSI_ERR) HA-Status 0x00 (0x00, OK) TA-Status 0x02 (0x01, SCSI_TASTATUS_CHKCOND) Sense Key: 0x03 (KEY_MEDIUM_ERROR) Sense Code: 0x73 Sense Qual: 0x03 CDB Data: 0x2A 0x00 0xFF 0xFF 0xCF 0xAF 0x00 0x02 0xAA 0x00 0x00 0x00 Sense Data: 0x70 0x00 0x03 0x00 0x00 0x00 0x00 0x0E 0x00 0x00 0x00 0x00 0x73 0x03 1:48:54 PM #30 CDR -1106 File Writer.cpp, Line 304 Power calibration error 1:48:55 PM #31 Text 0 File ThreadedTransfer.cpp, Line 229 all writers idle, stopping conversion 1:48:55 PM #32 Text 0 File ThreadedTransfer.cpp, Line 223 conversion idle, stopping reader 1:48:55 PM #33 Text 0 File dlgbrnst.cpp, Line 1713 Set remaining time: 0:00,000 (0ms) -> OK 1:48:55 PM #34 Phase 38 File dlgbrnst.cpp, Line 1855 Burn process failed at 24x (3,600 KB/s) 1:48:55 PM #35 Text 0 File AudioCompilationImpl.cpp, Line 828 DRM: DRM burn session terminated. 1:48:55 PM #36 Text 0 File AudioCompilationImpl.cpp, Line 857 DRM: Closing entire DRM handling. Bye. Existing drivers: File 'Drivers\CDRALW2K.SYS': Ver=8.0.0.212 , size=9464 bytes, created 2/24/2009 12:35:32 PM File 'Drivers\PXHELP20.SYS': Ver=3.00.56a, size=43528 bytes, created 2/24/2009 12:35:32 PM (Prassi/Veritas driver for win 2K) File 'Drivers\atapi.sys': Ver=5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), size=95360 bytes, created 8/4/2004 5:00:00 AM (Adapter driver for rec) Registry Keys: HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\AllocateCDROMs : 0 (Security Option)

#79 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 20 May 2009 - 03:40 PM

Hi Topband,

This sounds like a hardware problem. Perhaps a failed/failing cd burner. I had one that would crash/freeze the entire system as soon as a disk was inserted.

This error appears in the log
Power calibration error

Have a look here for a posible solution
http://www.megaleech...libration_Error

The laser may be getting weak. Do you have another drive you an try?

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#80 topband

Authentic Member

Authentic Member
83 posts

Posted 26 May 2009 - 01:42 AM

Hi OM i dont have an external drive ...i tried that site but did not get it to work, i'll go after that one again cuz there were a couple fo suggested fix moves ...i';m gonna try cleaning the laser with one of those cleaning discs but I have to get one ....Also, I will be setting up the COMPUTER A to attack the problem there shortly ...this unit seems to be running pretty smoothly now ... so i will use a flash drive to transfer your 'fix' protocols and hope that i am as lucky on that one .... i am running out of time on my VAST and will install the 2nd one you suggested ....hopefully it doesn't change anything ...thnx OM talk to you real soon cuz I'm gonna get comp A in the set up stage so i can click it on and off more easily to access the 'fixes' thnx jh

#81 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 26 May 2009 - 03:21 AM

Hi Topband,

Avast is free. If you are still using the trial version, all you need to do is register it.

http://avast.com/eng...p#register-form

You will be sent a key that will be good for a year.

If you are going to use a USB flash drive to transfer files, logs etc, use this utility on it first. Do it on the clean computer.

Download Flash_Disinfector.exe by sUBs and save it to your desktop.

Plug in the flash drive before you run the tool.

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.

Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#82 topband

Authentic Member

Authentic Member
83 posts

Posted 10 July 2009 - 01:38 AM

Hi OM

Been a while ...still on comp B ..but i wanna move ...i have to ...it's just hard to with all the other stuff i am trying to get accomplished ...it will be this time i will disinfect the FLASH drives and we'll make it happen .... for now COMP B runs great except i installed webcam from microsoft and lost all of my sound ...cant get it back ...any ideas her is the latest HJT Log ... your expetise again would be appreciated before we move to COMP A ...which is really wherre I have to be

All the Best OM ...thanks

John Hancock

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:37 AM, on 7/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox...aspx?tbid=80230
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80230
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox...aspx?tbid=80230
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80230
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\John Hancock\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1181019296906
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...lineScanner.cab
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/JOHNHA~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 10598 bytes

#83 topband

Authentic Member

Authentic Member
83 posts

Posted 11 July 2009 - 03:55 AM

OM Hi

i fixed my audio ...so forget that unless you see something messed up in that current log I sent ...here is the most current HJT Log just FYI

hopefully we can work together on the comp A fix we had planned oh what seemed so long ago ...thnx man take care and l'll proceed on your last instruct and submit the data directly

john hancock

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:53:59 AM, on 7/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\Yahoo!\SEARCH~1\SEARCH~1.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DivX\DivX Updater\DivXVersionChecker.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox...aspx?tbid=80230
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80230
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox...aspx?tbid=80230
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80230
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\John Hancock\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\RunOnce: [ypagerps] cmd.exe /C del "C:\Program Files\Yahoo!\Messenger\ypagerps.dll"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1181019296906
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...lineScanner.cab
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/JOHNHA~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 10912 bytes

#84 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 12 July 2009 - 07:43 AM

Hi Topband, Ready when you are.

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#85 topband

Authentic Member

Authentic Member
83 posts

Posted 04 August 2009 - 04:45 PM

Hi OM Long time no type ....OK the latest in tech terms which I know is your favorite jargon ...here is the layman's take: Computer running very intermittantly ...that is ...on the internet it varies from 250 kb to 4.9 mb ...applications slow .....so i had ATT, the DSL guy actually come in and see why .......... internet worked before and ...he fixed a few wiring problems throughout the system and we attempted to again hardwire the internet modem (2wire new technology) and it again appeared that the wireless was faster than the wired FYI (still very below par ) ....the wireless was faster than the hardwired .... been this way for three weeks ...i didn't have time to deal with it and assumed that it was in the wiring and the recepticls etc...so consequently, the tech guy ...a good one ...came on site ....so we have resolved the issue of the provider ..they show 5+mb on SPEAKEASY.NET .... now it is fairly conclusive that it's in the computer ...and this is COMPUTER B ...so it appears that we have to re-tweak COMP B computer to solve Computer A's failure to connect to the internet .... The GOAL is to reinitiate the updated technology of COMPUTER A ....you have sent me the initial procedures which i have not commenced because of the speed and conditions of COMP B....therefore, I have included the latest HIJACK file for your consideration , and at your convenience , your able assistance is requested : topband Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:28:51 PM, on 8/4/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Tall Emu\Online Armor\OAcat.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Belkin\F5D9050\Belkinwcui.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Tall Emu\Online Armor\OAhlp.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\HijackThis.exe O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 4418 bytes

Advertisements

Register to Remove

#86 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 05 August 2009 - 10:30 PM

Hi TopBand,

This last HJT log is certainly different the last one. Let's have a look with a different scanner.

Download OTListIt2 to your desktop.

Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
In the Services section, set it to All
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

No need for a Hijackthis log this time.

Thanks

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#87 topband

Authentic Member

Authentic Member
83 posts

Posted 06 August 2009 - 02:35 AM

HI OM for simplicity two files hers is the OTL Text

OTL logfile created on: 8/5/2009 11:57:08 PM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\John Hancock\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 198.60 Mb Available Physical Memory | 44.48% Memory free
1.27 Gb Paging File | 0.77 Gb Available in Paging File | 60.31% Paging File free
Paging file location(s): C:\pagefile.sys 920 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.75 Gb Total Space | 0.75 Gb Free Space | 0.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 17.59 Mb Total Space | 17.29 Mb Free Space | 98.25% Space Free | Partition Type: FAT

Computer Name: CHARITO
Current User Name: John Hancock
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Tall Emu\Online Armor\OAcat.exe (Tall Emu)
PRC - C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Belkin\F5D9050\Belkinwcui.exe (Belkin)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Ahead\Ahead\data\Xtras\mssysmgr.exe ()
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Tall Emu\Online Armor\OAhlp.exe (Tall Emu)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
PRC - C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe (Skype Technologies S.A.)
PRC - C:\Documents and Settings\John Hancock\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (All) ==========

SRV - (Alerter [Disabled | Stopped]) -- C:\WINDOWS\System32\alrsvc.dll (Microsoft Corporation)
SRV - (ALG [On_Demand | Running]) -- C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
SRV - (AppMgmt [On_Demand | Stopped]) -- C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
SRV - (ASKUpgrade [Disabled | Stopped]) -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (AudioSrv [Auto | Running]) -- C:\WINDOWS\System32\audiosrv.dll (Microsoft Corporation)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (BITS [On_Demand | Stopped]) -- C:\WINDOWS\System32\qmgr.dll (Microsoft Corporation)
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Browser [Auto | Running]) -- C:\WINDOWS\System32\browser.dll (Microsoft Corporation)
SRV - (CiSvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\cisvc.exe (Microsoft Corporation)
SRV - (ClipSrv [Disabled | Stopped]) -- C:\WINDOWS\System32\clipsrv.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (COMSysApp [On_Demand | Stopped]) -- C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation)
SRV - (CryptSvc [Auto | Running]) -- C:\WINDOWS\System32\cryptsvc.dll (Microsoft Corporation)
SRV - (DcomLaunch [Auto | Running]) -- C:\WINDOWS\System32\rpcss.dll (Microsoft Corporation)
SRV - (Dhcp [Auto | Running]) -- C:\WINDOWS\System32\dhcpcsvc.dll (Microsoft Corporation)
SRV - (dmadmin [On_Demand | Stopped]) -- C:\WINDOWS\System32\dmadmin.exe (Microsoft Corp., Veritas Software)
SRV - (dmserver [On_Demand | Stopped]) -- C:\WINDOWS\System32\dmserver.dll (Microsoft Corp.)
SRV - (Dnscache [Auto | Running]) -- C:\WINDOWS\System32\dnsrslvr.dll (Microsoft Corporation)
SRV - (ERSvc [Disabled | Stopped]) -- C:\WINDOWS\System32\ersvc.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\WINDOWS\System32\services.exe (Microsoft Corporation)
SRV - (EventSystem [On_Demand | Running]) -- C:\WINDOWS\System32\es.dll (Microsoft Corporation)
SRV - (FastUserSwitchingCompatibility [On_Demand | Running]) -- C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (ForcewareWebInterface [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (HidServ [Disabled | Stopped]) -- C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
SRV - (HTTPFilter [On_Demand | Stopped]) -- C:\WINDOWS\System32\w3ssl.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (ImapiService [Disabled | Stopped]) -- C:\WINDOWS\System32\imapi.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (lanmanserver [Auto | Running]) -- C:\WINDOWS\System32\srvsvc.dll (Microsoft Corporation)
SRV - (lanmanworkstation [Auto | Running]) -- C:\WINDOWS\System32\wkssvc.dll (Microsoft Corporation)
SRV - (LmHosts [Auto | Running]) -- C:\WINDOWS\System32\lmhsvc.dll (Microsoft Corporation)
SRV - (Messenger [Disabled | Stopped]) -- C:\WINDOWS\System32\msgsvc.dll (Microsoft Corporation)
SRV - (mnmsrvc [Disabled | Stopped]) -- C:\WINDOWS\System32\mnmsrvc.exe (Microsoft Corporation)
SRV - (MSDTC [On_Demand | Stopped]) -- C:\WINDOWS\System32\msdtc.exe (Microsoft Corporation)
SRV - (MSIServer [On_Demand | Stopped]) -- C:\WINDOWS\System32\msiexec.exe (Microsoft Corporation)
SRV - (NetDDE [Disabled | Stopped]) -- C:\WINDOWS\System32\netdde.exe (Microsoft Corporation)
SRV - (NetDDEdsdm [Disabled | Stopped]) -- C:\WINDOWS\System32\netdde.exe (Microsoft Corporation)
SRV - (Netlogon [On_Demand | Stopped]) -- C:\WINDOWS\System32\lsass.exe (Microsoft Corporation)
SRV - (Netman [On_Demand | Running]) -- C:\WINDOWS\System32\netman.dll (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Nla [On_Demand | Running]) -- C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
SRV - (nSvcIp [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA)
SRV - (nSvcLog [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)
SRV - (NtLmSsp [On_Demand | Stopped]) -- C:\WINDOWS\System32\lsass.exe (Microsoft Corporation)
SRV - (NtmsSvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\ntmssvc.dll (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (OAcat [Auto | Running]) -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe (Tall Emu)
SRV - (PlugPlay [Auto | Running]) -- C:\WINDOWS\System32\services.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Disabled | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (PolicyAgent [Auto | Running]) -- C:\WINDOWS\System32\lsass.exe (Microsoft Corporation)
SRV - (ProtectedStorage [Auto | Running]) -- C:\WINDOWS\System32\lsass.exe (Microsoft Corporation)
SRV - (RasAuto [On_Demand | Stopped]) -- C:\WINDOWS\System32\rasauto.dll (Microsoft Corporation)
SRV - (RasMan [On_Demand | Running]) -- C:\WINDOWS\System32\rasmans.dll (Microsoft Corporation)
SRV - (RDSessMgr [Disabled | Stopped]) -- C:\WINDOWS\System32\sessmgr.exe (Microsoft Corporation)
SRV - (RemoteAccess [Disabled | Stopped]) -- C:\WINDOWS\System32\mprdim.dll (Microsoft Corporation)
SRV - (RpcLocator [On_Demand | Stopped]) -- C:\WINDOWS\System32\locator.exe (Microsoft Corporation)
SRV - (RpcSs [Auto | Running]) -- C:\WINDOWS\System32\rpcss.dll (Microsoft Corporation)
SRV - (RSVP [On_Demand | Stopped]) -- C:\WINDOWS\System32\rsvp.exe (Microsoft Corporation)
SRV - (SamSs [Auto | Running]) -- C:\WINDOWS\System32\lsass.exe (Microsoft Corporation)
SRV - (SCardSvr [Disabled | Stopped]) -- C:\WINDOWS\System32\SCardSvr.exe (Microsoft Corporation)
SRV - (Schedule [Auto | Running]) -- C:\WINDOWS\System32\schedsvc.dll (Microsoft Corporation)
SRV - (seclogon [Auto | Running]) -- C:\WINDOWS\System32\seclogon.dll (Microsoft Corporation)
SRV - (SENS [Auto | Running]) -- C:\WINDOWS\System32\sens.dll (Microsoft Corporation)
SRV - (SharedAccess [Auto | Running]) -- C:\WINDOWS\System32\ipnathlp.dll (Microsoft Corporation)
SRV - (ShellHWDetection [Auto | Running]) -- C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)
SRV - (Spooler [Auto | Running]) -- C:\WINDOWS\System32\spoolsv.exe (Microsoft Corporation)
SRV - (srservice [Auto | Running]) -- C:\WINDOWS\System32\srsvc.dll (Microsoft Corporation)
SRV - (SSDPSRV [On_Demand | Running]) -- C:\WINDOWS\System32\ssdpsrv.dll (Microsoft Corporation)
SRV - (stisvc [Auto | Running]) -- C:\WINDOWS\System32\wiaservc.dll (Microsoft Corporation)
SRV - (SvcOnlineArmor [Auto | Running]) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)
SRV - (SwPrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation)
SRV - (SysmonLog [On_Demand | Stopped]) -- C:\WINDOWS\System32\smlogsvc.exe (Microsoft Corporation)
SRV - (TapiSrv [On_Demand | Running]) -- C:\WINDOWS\System32\tapisrv.dll (Microsoft Corporation)
SRV - (TermService [On_Demand | Running]) -- C:\WINDOWS\System32\termsrv.dll (Microsoft Corporation)
SRV - (Themes [Auto | Running]) -- C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)
SRV - (TrkWks [Auto | Running]) -- C:\WINDOWS\System32\trkwks.dll (Microsoft Corporation)
SRV - (upnphost [On_Demand | Running]) -- C:\WINDOWS\System32\upnphost.dll (Microsoft Corporation)
SRV - (UPS [Disabled | Stopped]) -- C:\WINDOWS\System32\ups.exe (Microsoft Corporation)
SRV - (VSS [On_Demand | Stopped]) -- C:\WINDOWS\System32\vssvc.exe (Microsoft Corporation)
SRV - (W32Time [Auto | Running]) -- C:\WINDOWS\System32\w32time.dll (Microsoft Corporation)
SRV - (WebClient [Auto | Running]) -- C:\WINDOWS\System32\webclnt.dll (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (winmgmt [Auto | Running]) -- C:\WINDOWS\System32\wbem\WMIsvc.dll (Microsoft Corporation)
SRV - (WmdmPmSN [On_Demand | Stopped]) -- C:\WINDOWS\System32\MsPMSNSv.dll (Microsoft Corporation)
SRV - (WmiApSrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\wbem\wmiapsrv.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (wscsvc [Auto | Running]) -- C:\WINDOWS\System32\wscsvc.dll (Microsoft Corporation)
SRV - (wuauserv [Auto | Running]) -- C:\WINDOWS\System32\wuauserv.dll (Microsoft Corporation)
SRV - (WudfSvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\WUDFSvc.dll (Microsoft Corporation)
SRV - (WZCSVC [Auto | Running]) -- C:\WINDOWS\System32\wzcsvc.dll (Microsoft Corporation)
SRV - (xmlprov [On_Demand | Stopped]) -- C:\WINDOWS\System32\xmlprov.dll (Microsoft Corporation)
SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (iPodDrv [Auto | Running]) -- C:\WINDOWS\System32\drivers\iPodDrv.sys (Windows ® Codename Longhorn DDK provider)
DRV - (irsir [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\irsir.sys (Microsoft Corporation)
DRV - (MBAMSwissArmy [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvata [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (OADevice [System | Running]) -- C:\WINDOWS\System32\drivers\OADriver.sys (Tall Emu)
DRV - (OAmon [System | Running]) -- C:\WINDOWS\System32\drivers\OAmon.sys (Tall Emu)
DRV - (OAnet [System | Running]) -- C:\WINDOWS\System32\drivers\OAnet.sys (Tall Emu Pty Ltd)
DRV - (PCASp50 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RimVSerPort [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (ROOTMODEM [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (RT73 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rt73.sys (Ralink Technology, Corp.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys ()
DRV - (StreamSurge [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ss.sys (WikiTek Inc.)
DRV - (swmsflt [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\swmsflt.sys ()
DRV - (swmx00 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\swmx00.sys (Sierra Wireless Inc.)
DRV - (SWNC5E00 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SWNC5E00.sys (Sierra Wireless Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (GTNDIS5 [On_Demand | Running]) -- C:\Program Files\Belkin\F5D9050\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://att.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Dogpile"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20090119W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3290
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.14907
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - prefs.js..keyword.URL: "http://www.mywebsear...kwd&searchfor="

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/08 21:58:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Components: C:\Program Files\Flock\components [2009/07/08 12:32:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Plugins: C:\Program Files\Flock\plugins [2009/07/20 17:29:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/05 20:36:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/05 20:36:38 | 00,000,000 | ---D | M]

[2009/05/16 13:28:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\mozilla\Extensions
[2009/04/03 10:27:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2009/05/16 13:28:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/05 14:50:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\mozilla\Firefox\Profiles\n4xju13y.default\extensions
[2009/04/02 19:39:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\mozilla\Firefox\Profiles\n4xju13y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/07 22:29:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\mozilla\Firefox\Profiles\n4xju13y.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/06/21 18:54:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\mozilla\Firefox\Profiles\n4xju13y.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/06/21 19:10:04 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\John Hancock\Application Data\Mozilla\FireFox\Profiles\n4xju13y.default\searchplugins\ask.xml
[2009/07/30 00:34:00 | 00,002,014 | ---- | M] () -- C:\Documents and Settings\John Hancock\Application Data\Mozilla\FireFox\Profiles\n4xju13y.default\searchplugins\dogpile.xml
[2009/07/24 23:39:08 | 00,009,941 | ---- | M] () -- C:\Documents and Settings\John Hancock\Application Data\Mozilla\FireFox\Profiles\n4xju13y.default\searchplugins\mywebsearch.xml
[2009/08/05 20:38:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/05 20:36:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/11 03:28:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/07/08 21:58:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/05 20:38:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\browserhighlighter@ebay.com
[2007/09/15 12:10:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\divx@partners.mozilla.com
[2009/08/05 20:36:22 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/05 20:36:22 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 14:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/07/08 21:58:11 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 11:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/02/24 12:34:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/05 20:36:28 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/07/20 17:28:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/20 17:28:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/20 17:29:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/20 17:29:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/20 17:29:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/20 17:29:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/20 17:29:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/05/01 14:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/04/23 17:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 17:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 17:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 17:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 17:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 17:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 17:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (698 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe (MP2P Technologies.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Ahead\Ahead\data\Xtras\mssysmgr.exe ()
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/02 18:41:36 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/21 06:20:07 | 00,027,992 | R--- | M] (magicJack L.P.) - G:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 06:20:07 | 00,016,158 | R--- | M] () - G:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 06:20:07 | 00,000,308 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 06:20:07 | 00,706,144 | R--- | M] (magicJack L.P.) - G:\autorunu.exe -- [ CDFS ]
O32 - AutoRun File - [2008/06/10 15:12:12 | 00,000,270 | ---- | M] () - J:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[24 C:\Documents and Settings\John Hancock\Desktop\*.tmp files]
[2009/08/05 23:50:21 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Hancock\Desktop\OTL.exe
[2009/08/05 20:23:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Desktop\Trevor and Gina
[2009/08/05 20:17:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Desktop\New Folder
[2009/08/05 18:41:16 | 00,057,958 | ---- | C] () -- C:\Documents and Settings\John Hancock\Desktop\Trevor and Gina.png
[2009/08/05 18:39:10 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/08/05 14:13:14 | 19,900,192 | ---- | C] ( ) -- C:\Documents and Settings\John Hancock\Desktop\AdbeRdr710_en_US.exe
[2009/08/05 01:44:18 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/03 15:02:20 | 00,007,876 | ---- | C] () -- C:\Documents and Settings\John Hancock\Desktop\clip_image002.jpg
[2009/08/02 15:38:38 | 00,022,744 | ---- | C] () -- C:\Documents and Settings\John Hancock\Desktop\August '09 Rent Roll A.htm
[2009/08/02 15:05:33 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\John Hancock\Desktop\August '09 Rent Roll A.xls
[2009/08/02 14:11:05 | 00,208,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2009/07/31 23:22:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Application Data\vlc
[2009/07/31 22:34:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Application Data\gtk-2.0
[2009/07/30 12:13:05 | 00,000,000 | ---D | C] -- C:\Program Files\backups
[2009/07/26 17:06:08 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\John Hancock\Desktop\~$nfirmation Page.doc
[2009/07/26 16:45:22 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\John Hancock\Desktop\~$ni's DJ info from John Hancock.doc
[2009/07/25 11:07:19 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/07/24 23:19:32 | 02,607,380 | ---- | C] () -- C:\Documents and Settings\John Hancock\Desktop\Psychiatric Genetics - Applications in Clinical Practice (Malestrom).pdf
[2009/07/24 12:31:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Desktop\movies
[2009/07/23 18:13:59 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\John Hancock\Desktop\~$pe doc.doc
[2009/07/23 15:26:13 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\John Hancock\Desktop\~$ntacts RX.doc
[2009/07/23 15:22:54 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\John Hancock\Desktop\~$fo strip.doc
[2009/07/23 14:55:13 | 00,000,000 | -HSD | C] -- C:\found.000
[2009/07/20 12:12:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Local Settings\Application Data\Help
[2009/07/20 12:12:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Application Data\Help
[2009/07/18 21:07:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Desktop\Tubetilla
[2009/07/18 21:06:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Local Settings\Application Data\TubeTilla
[2009/07/18 21:06:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\My Documents\TubeTilla
[2009/07/18 21:05:01 | 00,002,395 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TubeTillaFree.lnk
[2009/07/18 21:04:59 | 00,000,000 | ---D | C] -- C:\Program Files\TubeTilla
[2009/07/17 19:48:41 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\John Hancock\Desktop\~$800-TOP-BAND Song List + Partial Latin List.doc
[2009/07/17 18:34:39 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\John Hancock\Desktop\info strip.doc
[2009/07/17 15:00:39 | 00,011,963 | -HS- | C] () -- C:\Documents and Settings\John Hancock\Desktop\Folder.jpg
[2009/07/17 15:00:39 | 00,011,963 | -HS- | C] () -- C:\Documents and Settings\John Hancock\Desktop\AlbumArt_{DCFFFC8C-18FE-4719-88EF-97A852E50A69}_Large.jpg
[2009/07/17 15:00:39 | 00,002,751 | -HS- | C] () -- C:\Documents and Settings\John Hancock\Desktop\AlbumArt_{DCFFFC8C-18FE-4719-88EF-97A852E50A69}_Small.jpg
[2009/07/17 15:00:38 | 00,002,751 | -HS- | C] () -- C:\Documents and Settings\John Hancock\Desktop\AlbumArtSmall.jpg
[2009/07/17 14:14:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Application Data\BonkEnc
[2009/07/17 14:14:36 | 00,160,622 | ---- | C] () -- C:\WINDOWS\Free Audio Converter CS Uninstaller.exe
[2009/07/17 14:14:29 | 00,000,000 | ---D | C] -- C:\Program Files\Free Audio Converter CS
[2009/07/15 13:43:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Desktop\Musix 09
[2009/07/14 14:35:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Desktop\July PIX
[2009/07/14 11:45:14 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/07/14 11:45:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/07/14 11:44:45 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/07/14 11:44:01 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/07/14 11:39:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/07/14 00:50:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Local Settings\Application Data\Corel
[2009/07/13 12:58:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/07/11 12:16:41 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/07/11 12:16:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Application Data\skypePM
[2009/07/11 03:29:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Application Data\Skype
[2009/07/11 03:27:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/07/11 03:27:39 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/07/11 03:27:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/07/11 02:34:54 | 00,000,847 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/07/11 02:17:18 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/07/11 02:16:06 | 04,122,368 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\alcxwdm.sys
[2009/07/11 02:14:32 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2009/07/11 02:14:13 | 10,528,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTLCPL.exe
[2009/07/11 02:14:13 | 00,141,016 | ---- | C] () -- C:\WINDOWS\System32\alsndmgr.wav
[2009/07/11 02:14:04 | 18,804,736 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\alsndmgr.cpl
[2009/07/11 02:14:03 | 00,577,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
[2009/07/11 02:14:01 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/07/11 02:13:58 | 00,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe
[2009/07/11 02:13:57 | 00,217,088 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcrmv.exe
[2009/07/10 00:33:16 | 00,396,288 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2009/07/10 00:33:16 | 00,001,470 | ---- | C] () -- C:\Documents and Settings\John Hancock\Desktop\HijackThis.lnk
[2009/07/09 21:27:39 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/07/09 21:12:47 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/07/09 21:11:49 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009/07/08 22:04:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/07/08 21:58:45 | 00,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/08 21:58:45 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/07/08 21:58:44 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/08 21:58:43 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/08 21:58:43 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/08 21:57:55 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/07/08 21:56:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Application Data\Sun
[2009/07/08 14:11:54 | 00,000,000 | ---D | C] -- C:\968e6d2458200eb7e1f0f4ca390531
[2009/07/08 13:40:19 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/07/08 13:35:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/07/08 13:34:42 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/07/08 13:33:50 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2009/07/08 13:30:13 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/07/08 13:28:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/07/08 13:20:04 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2009/07/07 22:27:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Local Settings\Application Data\Yahoo
[2009/07/07 22:26:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Hancock\Application Data\Yahoo!
[2009/07/07 22:26:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/07/07 22:25:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/07/07 22:09:07 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSTEE.sys
[2009/07/07 22:08:47 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\NdisIP.sys
[2009/07/07 22:08:42 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2009/07/07 22:08:42 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\StreamIP.sys
[2009/07/07 22:08:40 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\SLIP.sys
[2009/07/07 22:08:34 | 00,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WSTCODEC.SYS
[2009/07/07 22:08:29 | 00,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\NABTSFEC.sys
[2009/07/07 22:08:25 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\CCDECODE.sys
[2009/07/07 22:08:06 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2009/07/07 22:08:05 | 00,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2009/07/07 22:08:03 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2009/07/07 22:08:00 | 00,078,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2009/07/07 22:08:00 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2009/07/07 22:07:58 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2009/07/07 22:07:58 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2009/05/01 09:43:30 | 00,026,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2007/06/04 19:14:03 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\F5D9050.dll
[2007/03/14 16:56:34 | 00,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/03/06 16:00:13 | 00,000,204 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2007/03/06 15:40:23 | 00,000,908 | ---- | C] () -- C:\WINDOWS\lrun32.ini
[2007/03/06 15:39:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AutoRun.INI
[2007/03/06 15:34:27 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/10 06:49:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/10/10 06:49:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/10/10 06:49:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/10/10 06:49:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/10/10 06:49:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/10/10 06:49:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/10/10 06:49:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/04 05:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 05:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[24 C:\Documents and Settings\John Hancock\Desktop\*.tmp files]
[2009/08/05 23:50:40 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Hancock\Desktop\OTL.exe
[2009/08/05 20:29:30 | 00,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/05 20:27:34 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2009/08/05 18:41:18 | 00,057,958 | ---- | M] () -- C:\Documents and Settings\John Hancock\Desktop\Trevor and Gina.png
[2009/08/05 18:39:10 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2009/08/05 14:58:20 | 00,022,744 | ---- | M] () -- C:\Documents and Settings\John Hancock\Desktop\August '09 Rent Roll A.htm
[2009/08/05 14:28:47 | 19,900,192 | ---- | M] ( ) -- C:\Documents and Settings\John Hancock\Desktop\AdbeRdr710_en_US.exe
[2009/08/05 09:49:05 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/08/05 09:46:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/05 09:45:32 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/05 09:45:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/04 18:55:09 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/04 17:20:40 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\John Hancock\Desktop\August '09 Rent Roll A.xls
[2009/08/03 15:02:14 | 00,007,876 | ---- | M] () -- C:\Documents and Settings\John Hancock\Desktop\clip_image002.jpg
[2009/08/01 16:01:22 | 00,001,078 | ---- | M] () -- C:\Documents and Settings\John Hancock\Desktop\magicJack.lnk
[2009/08/01 13:56:54 | 00,039,291 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/07/31 18:58:24 | 00,143,360 | ---- | M] () -- C:\Documents and Settings\John Hancock\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/28 16:51:28 | 00,002,395 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TubeTillaFree.lnk
[2009/07/26 17:06:08 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\John Hancock\Desktop\~$nfirmation Page.doc
[2009/07/26 16:45:22 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\John Hancock\Desktop\~$ni's DJ info from John Hancock.doc
[2009/07/25 14:19:30 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/07/24 23:55:11 | 02,607,380 | ---- | M] () -- C:\Documents and Settings\John Hancock\Desktop\Psychiatric Genetics - Applications in Clinical Practice (Malestrom).pdf
[2009/07/23 18:13:59 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\John Hancock\Desktop\~$pe doc.doc
[2009/07/23 15:26:13 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\John Hancock\Desktop\~$ntacts RX.doc
[2009/07/23 15:22:54 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\John Hancock\Desktop\~$fo strip.doc
[2009/07/19 06:33:02 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/19 06:33:02 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/19 06:32:59 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/07/19 06:32:59 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/17 19:48:41 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\John Hancock\Desktop\~$800-TOP-BAND Song List + Partial Latin List.doc
[2009/07/17 18:34:40 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\John Hancock\Desktop\info strip.doc
[2009/07/17 15:00:39 | 00,011,963 | -HS- | M] () -- C:\Documents and Settings\John Hancock\Desktop\Folder.jpg
[2009/07/17 15:00:39 | 00,011,963 | -HS- | M] () -- C:\Documents and Settings\John Hancock\Desktop\AlbumArt_{DCFFFC8C-18FE-4719-88EF-97A852E50A69}_Large.jpg
[2009/07/17 15:00:39 | 00,002,751 | -HS- | M] () -- C:\Documents and Settings\John Hancock\Desktop\AlbumArt_{DCFFFC8C-18FE-4719-88EF-97A852E50A69}_Small.jpg
[2009/07/17 15:00:38 | 00,002,751 | -HS- | M] () -- C:\Documents and Settings\John Hancock\Desktop\AlbumArtSmall.jpg
[2009/07/17 14:14:37 | 00,160,622 | ---- | M] () -- C:\WINDOWS\Free Audio Converter CS Uninstaller.exe
[2009/07/15 11:34:24 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/15 10:35:00 | 00,244,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/14 11:48:37 | 00,063,568 | ---- | M] () -- C:\Documents and Settings\John Hancock\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/13 19:30:36 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/13 19:30:36 | 00,000,281 | -HS- | M] () -- C:\boot.ini
[2009/07/13 19:30:36 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/11 12:16:41 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/07/11 02:34:54 | 00,000,847 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/07/10 00:33:16 | 00,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2009/07/10 00:33:16 | 00,001,470 | ---- | M] () -- C:\Documents and Settings\John Hancock\Desktop\HijackThis.lnk
[2009/07/09 21:11:57 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/07/09 21:11:57 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/07/08 21:58:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/08 21:58:06 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/08 21:58:06 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/08 21:58:06 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/07/08 21:58:05 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/08 14:03:02 | 00,479,774 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/08 14:03:02 | 00,426,570 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/08 14:03:02 | 00,065,328 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/07 08:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== LOP Check ==========

[2009/08/05 01:44:28 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/04/17 00:16:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/03/14 16:31:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2007/09/07 13:23:20 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/05/27 10:47:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2009/06/01 16:03:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2009/07/31 23:22:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\John Hancock\Application Data
[2007/06/04 15:34:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\Ahead
[2009/07/17 18:52:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\BonkEnc
[2009/04/04 11:51:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\Corel
[2009/04/03 10:27:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\Flock
[2009/07/31 22:40:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\gtk-2.0
[2009/04/29 15:16:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\InfraRecorder
[2007/09/25 13:42:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\Lightscape
[2009/08/01 16:01:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\mjusbsp
[2009/04/29 17:44:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\OnlineArmor
[2009/05/17 02:25:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\OpenCandy
[2009/05/17 02:25:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\Participatory Culture Foundation
[2009/05/19 00:38:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\PCF-VLC
[2009/05/23 12:13:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\Sierra Wireless
[2009/07/07 22:08:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\Snapfish
[2007/06/24 16:19:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\U3
[2009/08/06 00:00:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John Hancock\Application Data\uTorrent
[2009/08/04 18:55:09 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/05 09:49:05 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/08/05 09:46:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >

#88 topband

Authentic Member

Authentic Member
83 posts

Posted 06 August 2009 - 02:42 AM

OM here is the EXTRAS Text ...( a bunch 50 to 75 of hidden word files i must have made ...showed up in partial gray on my desktop ...no harm i put them in a folder

thnx

topband

OTL Extras logfile created on: 8/5/2009 11:57:08 PM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\John Hancock\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 198.60 Mb Available Physical Memory | 44.48% Memory free
1.27 Gb Paging File | 0.77 Gb Available in Paging File | 60.31% Paging File free
Paging file location(s): C:\pagefile.sys 920 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.75 Gb Total Space | 0.75 Gb Free Space | 0.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 17.59 Mb Total Space | 17.29 Mb Free Space | 98.25% Space Free | Partition Type: FAT

Computer Name: CHARITO
Current User Name: John Hancock
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\Piolet\Piolet.exe" = C:\Program Files\Piolet\Piolet.exe:*:Enabled:Piolet -- (MP2P Technologies.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe" = C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe:*:Enabled:SwiApiMux -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\John Hancock\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\John Hancock\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{5469D537-9B44-4c78-BF2D-5F9807564F74}" = HP PSC & OfficeJet 4.7
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9922FE96-6803-498D-A6AD-4EB5A3B956A5}" = Belkin Wireless G Plus MIMO USB Network Adapter
"{9C3C151F-75E5-4375-AD85-76645A1A001F}" = TubeTillaFree
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0B295C3-FD3C-11D4-A811-0090279106C3}" = WordPerfect Office 2002
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{F1362843-0E0E-4F74-8662-724CF101ADCE}" = Skype web features
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator 9.0" = Adobe Illustrator 9.0
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"Ask Toolbar_is1" = Ask Toolbar
"avast!" = avast! Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Free Audio Converter CS" = Free Audio Converter CS
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Press Interactive Training" = Microsoft Interactive Training
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Nero PhotoShow Express" = Nero PhotoShow Express
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMIX!UninstallKey" = NeroMIX
"NVIDIA Drivers" = NVIDIA Drivers
"OnlineArmor_is1" = Online Armor 3.5
"Page Gorilla_is1" = Page Gorilla 1.0.0
"Piolet" = Piolet 1.9.9
"Piolet Toolbar" = Piolet Toolbar
"TeleKast" = TeleKast 1.0.0.14
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = AT&T Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/16/2009 8:37:40 PM | Computer Name = CHARITO | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module neaudio.ax, version 1.0.4.20, fault address 0x0000daae.

Error - 7/16/2009 8:37:48 PM | Computer Name = CHARITO | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module neaudio.ax, version 1.0.4.20, fault address 0x0000daae.

Error - 7/16/2009 8:37:53 PM | Computer Name = CHARITO | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module neaudio.ax, version 1.0.4.20, fault address 0x0000daae.

Error - 7/16/2009 8:38:01 PM | Computer Name = CHARITO | Source = Application Error | ID = 1001
Description = Fault bucket 341833750.

Error - 7/17/2009 5:00:02 AM | Computer Name = CHARITO | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/17/2009 6:02:01 PM | Computer Name = CHARITO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 7/17/2009 6:02:16 PM | Computer Name = CHARITO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 7/17/2009 10:09:07 PM | Computer Name = CHARITO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 7/17/2009 10:09:12 PM | Computer Name = CHARITO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 7/17/2009 10:09:22 PM | Computer Name = CHARITO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

[ Application Events ]
Error - 7/16/2009 8:37:40 PM | Computer Name = CHARITO | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module neaudio.ax, version 1.0.4.20, fault address 0x0000daae.

Error - 7/16/2009 8:37:48 PM | Computer Name = CHARITO | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module neaudio.ax, version 1.0.4.20, fault address 0x0000daae.

Error - 7/16/2009 8:37:53 PM | Computer Name = CHARITO | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module neaudio.ax, version 1.0.4.20, fault address 0x0000daae.

Error - 7/16/2009 8:38:01 PM | Computer Name = CHARITO | Source = Application Error | ID = 1001
Description = Fault bucket 341833750.

Error - 7/17/2009 5:00:02 AM | Computer Name = CHARITO | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/17/2009 6:02:01 PM | Computer Name = CHARITO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 7/17/2009 6:02:16 PM | Computer Name = CHARITO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 7/17/2009 10:09:07 PM | Computer Name = CHARITO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 7/17/2009 10:09:12 PM | Computer Name = CHARITO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 7/17/2009 10:09:22 PM | Computer Name = CHARITO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 8/5/2009 4:44:51 AM | Computer Name = CHARITO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/5/2009 4:44:51 AM | Computer Name = CHARITO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/5/2009 4:44:51 AM | Computer Name = CHARITO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/5/2009 4:44:52 AM | Computer Name = CHARITO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/5/2009 4:44:52 AM | Computer Name = CHARITO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/5/2009 4:44:52 AM | Computer Name = CHARITO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/5/2009 4:44:52 AM | Computer Name = CHARITO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/5/2009 4:44:52 AM | Computer Name = CHARITO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/5/2009 4:44:52 AM | Computer Name = CHARITO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/5/2009 4:44:52 AM | Computer Name = CHARITO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

< End of report >

#89 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 08 August 2009 - 10:54 AM

Hi Topband,

...( a bunch 50 to 75 of hidden word files i must have made ...showed up in partial gray on my desktop ...no harm i put them in a folder

When did this happen?

I don't see anything that would account for the internet issues. Let's give it a quick clean.

Next, Double click on OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]

Then click the Run Fix button at the top

Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Reboot your computer

Please post the OTL log

You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

Click the Update tab
Click Check for Updates
If an update is found, it will download and install the latest version.
The program will close to update and reopen.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please post back with the MBAM log and a new OTL log, there will only be an OTL.txt this time.

Thanks

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#90 topband

Authentic Member

Authentic Member
83 posts

Posted 09 August 2009 - 04:41 AM

hi OM ..ok i ran the first procedure and it asked me to reboot which i did ...then when it came on again there were those grayed out hidden files all ove the desktop...mainly they look like microsoft word files and printer spools ... the browsers are still slow and freeze sometimes ...here is the first log you requested ...the speed and process of this computer is really excrutiating ...thnaks oM

All processes killed
Error: Unable to interpret <OTL> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.> in the current context!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: John Hancock
File delete failed. C:\Documents and Settings\John Hancock\Local Settings\Temp\~DF1119.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\John Hancock\Local Settings\Temp\~DF111F.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 2144457092 bytes
->Temporary Internet Files folder emptied: 98922816 bytes
->Java cache emptied: 14425252 bytes
->FireFox cache emptied: 29821010 bytes
->Google Chrome cache emptied: 57943014 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 1847892 bytes

User: NetworkService
->Temp folder emptied: 183896 bytes
->Temporary Internet Files folder emptied: 192841332 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\NV1724144.TMP folder deleted successfully.
%systemroot% .tmp files removed: 2243194 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 45182754 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = -1627.92 mb

OTL by OldTimer - Version 3.0.10.4 log created on 08092009_022019

Files\Folders moved on Reboot...
C:\Documents and Settings\John Hancock\Local Settings\Temp\~DF1119.tmp moved successfully.
C:\Documents and Settings\John Hancock\Local Settings\Temp\~DF111F.tmp moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_a8.dat moved successfully.

Registry entries deleted on Reboot...

AND THE SECOND MALWAREBYTES LOG

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2

8/9/2009 2:52:21 AM
mbam-log-2009-08-09 (02-52-21).txt

Scan type: Quick Scan
Objects scanned: 85453
Time elapsed: 7 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Body Background

skin color theme