Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93125 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved]  Malwarebytes not working Plus More

Started by topband , Mar 01 2009 08:59 PM

  • This topic is locked This topic is locked
152 replies to this topic

#106 topband

topband

    Authentic Member

  • Authentic Member
  • PipPip
  • 83 posts

Posted 28 October 2009 - 01:53 PM

one other item ...i saw that files were 'scheduled to be deleted upon reboot' in the SCAN RESULTS I SENT YOU ......the only way forward after the OTL ran with the commands you sent was a PROMPT that required a yes / no reboot ...i rebooted it and then immediately the NOTEBOOK FILE i sent to you appeared upon start up ... so it was rebooted one time and still did not connect online ....i rebooted agin after i saw this and still got the same negative results ... FYI jh

    Advertisements

Register to Remove

#107 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 28 October 2009 - 02:51 PM

Hi Topband,

Let's try a couple of things

  • Now go to Start > Run > type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns (note the space between “..g /f…” it needs to be there)
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.

What brand is the modem/router? If this is the same one you have been using with the other computer, try this

  • click start, click run
  • type cmd, and press enter,
  • In the command window, type, ping 192.168.1.254
  • hit enter
you should get a reply or a message. What did you get back?

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#108 topband

topband

    Authentic Member

  • Authentic Member
  • PipPip
  • 83 posts

Posted 28 October 2009 - 04:34 PM

A verbatim retype by me:



Pinging 192.168.1.254 with 32 bytes of data:

Reply from 192.168.1.254: bytes=32 time=1ms TTL=225
Reply from 192.168.1.254: bytes=32 time<1ms TTL=225
Reply from 192.168.1.254: bytes=32 time<1ms TTL=225
Reply from 192.168.1.254: bytes=32 time=1ms TTL=225

Ping statistics for 192.168.1.254:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate roundtrip times in milli-seconds:
Minimum + 0ms, Maximum = 1ms, Average = 0ms

C:\Documets and Settings\HP_Administrator>

#109 topband

topband

    Authentic Member

  • Authentic Member
  • PipPip
  • 83 posts

Posted 28 October 2009 - 04:41 PM

ok i redid that procedure exactly as stated and here is the reults retyped transfer ...also yes the modem is identical for both computers : Pinging 192.168.1.254 with 32 bytes of data: Reply from 192.168.1.254: bytes=32 time=2ms TTL=225 Reply from 192.168.1.254: bytes=32 time=1ms TTL=225 Reply from 192.168.1.254: bytes=32 time<1ms TTL=225 Reply from 192.168.1.254: bytes=32 time<1ms TTL=225 Ping statistics for 192.168.1.254: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate roundtrip times in milli-seconds: Minimum + 0ms, Maximum = 2ms, Average = 0ms C:\Documets and Settings\HP_Administrator>

#110 topband

topband

    Authentic Member

  • Authentic Member
  • PipPip
  • 83 posts

Posted 28 October 2009 - 04:42 PM

the brand of the modem is 2wire by ATT it is the latest within the last 6 months and its wired

#111 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 29 October 2009 - 12:36 PM

Hi Topband,

Let's try the simple first.

On the computer that you can connect with check these settings. Do not make any changes.

  • Go to Start > Control Panel, and choose Network Connections.
  • Right click on your default connection, usually Local Area Connection for cable and DSL and choose Properties.
  • Click on the Internet Protocol (TCP/IP) item.
  • Click Properties
  • See which boxes are checked under
    • Obtain an IP address automatically
    • Obtain DNS server addrss automatically
  • Click cancel on each window you have opened to close them.

On the machine that will not connect, follow the same steps as above. Make sure the same boxes are checked as the other machine. This time click OK to close the windows.

If you made any changes, you may be asked to reboot. If not reboot and try to connect.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#112 topband

topband

    Authentic Member

  • Authentic Member
  • PipPip
  • 83 posts

Posted 29 October 2009 - 01:01 PM

hi om the settings were both checked ...on both machines.... Obtain IP and Obtain DNS ...on both machines .... jh

#113 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 29 October 2009 - 01:47 PM

Hi Topband,

Ok, were there any other entries on either machine on the Internet Protocol (TCP/IP) item > Properties screen or are the settings identical?

Try this
  • Go to Start > Control Panel, and choose Network Connections.
  • Right click on your default connection, usually Local Area Connection for cable and DSL and choose Repair.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#114 topband

topband

    Authentic Member

  • Authentic Member
  • PipPip
  • 83 posts

Posted 29 October 2009 - 08:37 PM

Hi OM i was out a while .... i double checked both machines simultaneously and the chex questioned are identical .... In Network Connections there are THREE Connections designated 'Broadband Connection' which is greyed and is disconnected it says: Broadband Connection Disconnected, Firewalled WAN Miniport (PPPOE) and LAN or High Speed Internet (there are 2 connections listed) 1394 Connection Connected Firewalled 1394 Net Adapter when the LAN or High Speed Internet ....1394 Connection ...1394 Net Adapter is right clicked and repair is clicked ... the prompt comes up : "Windowws could not finish repairing the problem because the following actions cannot be completed: TCP/IP is not enabled for this connection. Cannot proceed. and Local Area Connection Connected, Firewalled NVIDIA nForce Networking Controller right clicked and repair is clicked ... the prompt comes up : "Windows finished repairng your connection. You can try connecting again. If the problem persists contact the person who manages your network" For assistance, contact the person who manages your network. thats what i have on that procedure ... thnx

#115 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 31 October 2009 - 11:16 PM

Hi Topband,

What is the connection name on the good computer?

On the computer that won't connect try this

  • Click Start > Run > type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig
  • Hit Enter.

When it's finished, you should see a report.

What is listed for

Connection-specific DNS Suffix
IP Address
Subnet Mask
Default Gateway

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

    Advertisements

Register to Remove

#116 topband

topband

    Authentic Member

  • Authentic Member
  • PipPip
  • 83 posts

Posted 01 November 2009 - 08:13 AM

i'm not sure of the connection name ? what might that be .... it is connected to the same 2wire.net ethernet modem .... let me know where to find it and i'll send it right away here is results from the procedure you requested: Windows IP configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : gateway.2wire.net IP Address:..........................192.168.1.67 Subnet Mask .......................255.255.255.0 Default Gateway.................192.168.1.254

#117 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 01 November 2009 - 10:37 PM

Hi Topband,

I looked but can't seem to find when we first lost connection with this machine.

It does look like your computer is seeing the router so we'll try another command.

  • Click Start > Run > type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: netsh winsock reset
  • Hit Enter.

Ater it has finished, reboot your computer.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#118 topband

topband

    Authentic Member

  • Authentic Member
  • PipPip
  • 83 posts

Posted 01 November 2009 - 10:46 PM

hey OM thnx for the work up i did the procedure and restarted and still get cannot connect .... FYI thank you i am online now to troubleshoot other procedures and i'll monitor the gmail thanks TOP BAND

#119 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 02 November 2009 - 05:33 PM

Hi TopBand,

Go to Control Panel > Internet Options

On the Connections tab make sure that Never Dial a Connection is checked.

Next click the Lan Settings button and make sure Automatically Detect Settings is checked.

We'll have another look. Make sure you change the settings as requested.
  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • Uncheck the boxes beside LOP Check and Purity Check.
  • In the Services section, change the setting to ALL
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open two notepad windows. OTL.Txt.

Please copy (Edit->Select All, Edit->Copy) the contents of this file into your next reply.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#120 topband

topband

    Authentic Member

  • Authentic Member
  • PipPip
  • 83 posts

Posted 02 November 2009 - 09:14 PM

Hi OM

I had only ONE notepad doc show ...i double chkd the procedure and ran it again here is the results ...same as :

thnx

jh






OTL logfile created on: 11/2/2009 6:59:02 PM - Run 2
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 556.75 Mb Available Physical Memory | 58.09% Memory free
2.85 Gb Paging File | 2.60 Gb Available in Paging File | 91.13% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.23 Gb Total Space | 164.25 Gb Free Space | 56.79% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 0.39 Gb Free Space | 4.39% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOPBAND
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)

========== Win32 Services (All) ==========

SRV - (Alerter [Disabled | Stopped]) -- C:\WINDOWS\System32\alrsvc.dll (Microsoft Corporation)
SRV - (ALG [On_Demand | Running]) -- C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
SRV - (AppMgmt [On_Demand | Stopped]) -- C:\WINDOWS\System32\appmgmts.dll (Microsoft Corporation)
SRV - (ARSVC [Auto | Running]) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (AudioSrv [Auto | Running]) -- C:\WINDOWS\System32\audiosrv.dll (Microsoft Corporation)
SRV - (BITS [Auto | Running]) -- C:\WINDOWS\System32\qmgr.dll (Microsoft Corporation)
SRV - (Browser [Auto | Running]) -- C:\WINDOWS\System32\browser.dll (Microsoft Corporation)
SRV - (CiSvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\cisvc.exe (Microsoft Corporation)
SRV - (ClipSrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\clipsrv.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (COMSysApp [On_Demand | Running]) -- C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation)
SRV - (CryptSvc [Auto | Running]) -- C:\WINDOWS\System32\cryptsvc.dll (Microsoft Corporation)
SRV - (DcomLaunch [Auto | Running]) -- C:\WINDOWS\System32\rpcss.dll (Microsoft Corporation)
SRV - (Dhcp [Auto | Running]) -- C:\WINDOWS\System32\dhcpcsvc.dll (Microsoft Corporation)
SRV - (dmadmin [On_Demand | Stopped]) -- C:\WINDOWS\System32\dmadmin.exe (Microsoft Corp., Veritas Software)
SRV - (dmserver [Auto | Running]) -- C:\WINDOWS\System32\dmserver.dll (Microsoft Corp.)
SRV - (Dnscache [Auto | Running]) -- C:\WINDOWS\System32\dnsrslvr.dll (Microsoft Corporation)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (EPrint III Service [Disabled | Stopped]) -- C:\Program Files\LEAD Technologies, Inc\LEADTOOLS ePrint 3.0\Bin\LPSVS03N.EXE ()
SRV - (ERSvc [Auto | Running]) -- C:\WINDOWS\System32\ersvc.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\WINDOWS\System32\services.exe (Microsoft Corporation)
SRV - (EventSystem [On_Demand | Running]) -- C:\WINDOWS\System32\es.dll (Microsoft Corporation)
SRV - (FastUserSwitchingCompatibility [On_Demand | Running]) -- C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)
SRV - (Fax [On_Demand | Stopped]) -- C:\WINDOWS\System32\fxssvc.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager [Disabled | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (HidServ [Auto | Running]) -- C:\WINDOWS\System32\hidserv.dll (Microsoft Corporation)
SRV - (HTTPFilter [On_Demand | Stopped]) -- C:\WINDOWS\System32\w3ssl.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ImapiService [On_Demand | Stopped]) -- C:\WINDOWS\System32\imapi.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (lanmanserver [Auto | Running]) -- C:\WINDOWS\System32\srvsvc.dll (Microsoft Corporation)
SRV - (lanmanworkstation [Auto | Running]) -- C:\WINDOWS\System32\wkssvc.dll (Microsoft Corporation)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LmHosts [Auto | Running]) -- C:\WINDOWS\System32\lmhsvc.dll (Microsoft Corporation)
SRV - (Maxtor Sync Service [Auto | Running]) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (Messenger [Disabled | Stopped]) -- C:\WINDOWS\System32\msgsvc.dll (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (mnmsrvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\mnmsrvc.exe (Microsoft Corporation)
SRV - (MSIServer [On_Demand | Stopped]) -- C:\WINDOWS\System32\msiexec.exe (Microsoft Corporation)
SRV - (MSSQL$RETSDATA [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (NetDDE [Disabled | Stopped]) -- C:\WINDOWS\System32\netdde.exe (Microsoft Corporation)
SRV - (NetDDEdsdm [Disabled | Stopped]) -- C:\WINDOWS\System32\netdde.exe (Microsoft Corporation)
SRV - (Netlogon [On_Demand | Stopped]) -- C:\WINDOWS\System32\lsass.exe (Microsoft Corporation)
SRV - (Netman [On_Demand | Running]) -- C:\WINDOWS\System32\netman.dll (Microsoft Corporation)
SRV - (Nla [On_Demand | Running]) -- C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
SRV - (NtLmSsp [On_Demand | Stopped]) -- C:\WINDOWS\System32\lsass.exe (Microsoft Corporation)
SRV - (NtmsSvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\ntmssvc.dll (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (PlugPlay [Auto | Running]) -- C:\WINDOWS\System32\services.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Disabled | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (PolicyAgent [Auto | Running]) -- C:\WINDOWS\System32\lsass.exe (Microsoft Corporation)
SRV - (ProtectedStorage [Auto | Running]) -- C:\WINDOWS\System32\lsass.exe (Microsoft Corporation)
SRV - (RasAuto [Disabled | Stopped]) -- C:\WINDOWS\System32\rasauto.dll (Microsoft Corporation)
SRV - (RasMan [On_Demand | Running]) -- C:\WINDOWS\System32\rasmans.dll (Microsoft Corporation)
SRV - (RDSessMgr [On_Demand | Stopped]) -- C:\WINDOWS\System32\sessmgr.exe (Microsoft Corporation)
SRV - (RemoteAccess [Disabled | Stopped]) -- C:\WINDOWS\System32\mprdim.dll (Microsoft Corporation)
SRV - (RemoteRegistry [Auto | Running]) -- C:\WINDOWS\System32\regsvc.dll (Microsoft Corporation)
SRV - (Roxio UPnP Renderer 10 [Disabled | Stopped]) -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 10 [Disabled | Stopped]) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (RoxLiveShare10 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxMediaDB10 [Disabled | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (RoxWatch10 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (RpcLocator [On_Demand | Stopped]) -- C:\WINDOWS\System32\locator.exe (Microsoft Corporation)
SRV - (RpcSs [Auto | Running]) -- C:\WINDOWS\System32\rpcss.dll (Microsoft Corporation)
SRV - (RSVP [On_Demand | Stopped]) -- C:\WINDOWS\System32\rsvp.exe (Microsoft Corporation)
SRV - (SamSs [Auto | Running]) -- C:\WINDOWS\System32\lsass.exe (Microsoft Corporation)
SRV - (SCardSvr [On_Demand | Stopped]) -- C:\WINDOWS\System32\SCardSvr.exe (Microsoft Corporation)
SRV - (Schedule [Auto | Running]) -- C:\WINDOWS\System32\schedsvc.dll (Microsoft Corporation)
SRV - (seclogon [Auto | Running]) -- C:\WINDOWS\System32\seclogon.dll (Microsoft Corporation)
SRV - (SENS [Auto | Running]) -- C:\WINDOWS\System32\sens.dll (Microsoft Corporation)
SRV - (SessionLauncher [Disabled | Stopped]) -- File not found
SRV - (SharedAccess [Auto | Running]) -- C:\WINDOWS\System32\ipnathlp.dll (Microsoft Corporation)
SRV - (ShellHWDetection [Auto | Running]) -- C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)
SRV - (Spooler [Auto | Running]) -- C:\WINDOWS\System32\spoolsv.exe (Microsoft Corporation)
SRV - (SQLAgent$RETSDATA [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (srservice [Auto | Running]) -- C:\WINDOWS\System32\srsvc.dll (Microsoft Corporation)
SRV - (SSDPSRV [Auto | Running]) -- C:\WINDOWS\System32\ssdpsrv.dll (Microsoft Corporation)
SRV - (stisvc [Auto | Running]) -- C:\WINDOWS\System32\wiaservc.dll (Microsoft Corporation)
SRV - (SwPrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation)
SRV - (SysmonLog [On_Demand | Stopped]) -- C:\WINDOWS\System32\smlogsvc.exe (Microsoft Corporation)
SRV - (TapiSrv [On_Demand | Running]) -- C:\WINDOWS\System32\tapisrv.dll (Microsoft Corporation)
SRV - (TermService [On_Demand | Running]) -- C:\WINDOWS\System32\termsrv.dll (Microsoft Corporation)
SRV - (Themes [Auto | Running]) -- C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)
SRV - (ThreatFire [Disabled | Stopped]) -- File not found
SRV - (TlntSvr [On_Demand | Stopped]) -- C:\WINDOWS\System32\tlntsvr.exe (Microsoft Corporation)
SRV - (TrkWks [Auto | Running]) -- C:\WINDOWS\System32\trkwks.dll (Microsoft Corporation)
SRV - (upnphost [On_Demand | Stopped]) -- C:\WINDOWS\System32\upnphost.dll (Microsoft Corporation)
SRV - (UPS [On_Demand | Stopped]) -- C:\WINDOWS\System32\ups.exe (Microsoft Corporation)
SRV - (VSS [On_Demand | Stopped]) -- C:\WINDOWS\System32\vssvc.exe (Microsoft Corporation)
SRV - (W32Time [Auto | Running]) -- C:\WINDOWS\System32\w32time.dll (Microsoft Corporation)
SRV - (WebClient [Auto | Running]) -- C:\WINDOWS\System32\webclnt.dll (Microsoft Corporation)
SRV - (winmgmt [Auto | Running]) -- C:\WINDOWS\System32\wbem\WMIsvc.dll (Microsoft Corporation)
SRV - (WmdmPmSN [On_Demand | Stopped]) -- C:\WINDOWS\System32\MsPMSNSv.dll (Microsoft Corporation)
SRV - (Wmi [On_Demand | Stopped]) -- C:\WINDOWS\System32\advapi32.dll (Microsoft Corporation)
SRV - (WmiApSrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\wbem\wmiapsrv.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (wscsvc [Auto | Running]) -- C:\WINDOWS\System32\wscsvc.dll (Microsoft Corporation)
SRV - (wuauserv [Auto | Running]) -- C:\WINDOWS\System32\wuauserv.dll (Microsoft Corporation)
SRV - (WudfSvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\WUDFSvc.dll (Microsoft Corporation)
SRV - (WZCSVC [Auto | Running]) -- C:\WINDOWS\System32\wzcsvc.dll (Microsoft Corporation)
SRV - (xmlprov [On_Demand | Stopped]) -- C:\WINDOWS\System32\xmlprov.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (61883 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\61883.sys (Microsoft Corporation)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (ASAPIW2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ASAPIW2k.sys (Pinnacle Systems GmbH)
DRV - (ASPI32 [System | Running]) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (Avc [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (EUSBMSD [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\EUSBMSD.SYS (SCM Microsystems Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hcwPP2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\hcwPP2.sys (Hauppauge Computer Works, Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (HSX_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (HSXHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (IrBus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\IrBus.sys (Microsoft Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MSDV [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (MXOPSWD [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mxopswd.sys (Maxtor Corp.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (PCLEPCI [System | Running]) -- C:\WINDOWS\System32\drivers\pclepci.sys (Pinnacle Systems GmbH)
DRV - (Ps2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (RxFilter [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RxFilter.sys (Sonic Solutions)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\System32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (winachsx [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "www.topbandevents.com"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5

FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Components: C:\Program Files\Flock\components
FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Plugins: C:\Program Files\Flock\plugins [2009/10/05 17:33:33 | 00,000,000 | ---D | M]

[2009/01/11 14:36:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions
[2009/01/11 14:36:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2009/01/09 19:22:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/01/11 14:27:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\jv7pb2x6.default\extensions
[2009/01/09 19:23:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\jv7pb2x6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/01/11 14:46:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/09/03 15:28:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/07/06 14:35:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2007/08/31 01:08:39 | 00,135,680 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2008/12/05 22:52:44 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/10/19 14:44:08 | 00,410,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/08/15 14:30:54 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2007/09/05 15:03:36 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/05/10 21:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/08/10 15:57:23 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/08/10 15:57:47 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/08/10 15:57:15 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/09/04 17:45:22 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2007/03/09 15:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 24 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/18 12:38:06 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/06 17:24:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\MSNInstaller
[2009/11/02 18:00:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/10/28 11:55:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\virus fix now
[2009/10/28 10:55:42 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/28 00:18:04 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2009/10/21 10:13:25 | 00,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2009/10/21 10:13:25 | 00,306,688 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2009/10/06 20:08:18 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/06 20:01:49 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/10/05 19:14:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Previous Months

========== Files - Modified Within 30 Days ==========

[2009/11/02 18:50:05 | 00,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{17F015C8-57FA-45D9-B2E3-851F92A5E8AA}.job
[2009/11/02 18:35:05 | 00,000,282 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2009/11/02 14:50:10 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/11/02 13:12:02 | 00,054,784 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/02 13:10:26 | 00,002,381 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ULTRA 2.lnk
[2009/11/02 13:05:56 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2009/11/02 09:29:13 | 00,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2769080022-1748412195-781348209-1007.job
[2009/11/02 09:18:20 | 00,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/02 09:18:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/02 09:18:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/02 09:18:06 | 10,051,13344 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/01 20:46:54 | 00,499,494 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/01 20:46:54 | 00,420,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 20:46:54 | 00,070,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 06:05:52 | 00,000,548 | ---- | M] () -- C:\WINDOWS\tasks\Rescue Reminder for 2HAPX1GZ.job
[2009/11/01 03:09:00 | 00,000,282 | ---- | M] () -- C:\WINDOWS\tasks\Backup.job
[2009/10/31 09:03:40 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/28 00:14:48 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2009/10/28 00:02:18 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/10 09:54:14 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/06 19:52:51 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/06 19:52:23 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/06 09:16:38 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2009/10/05 17:41:33 | 00,000,031 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI

========== Files - No Company Name ==========
[2009/10/06 19:41:49 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/02/16 00:57:55 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/11/06 20:05:46 | 00,038,459 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\dBase.ADR
[2008/11/06 20:04:28 | 00,038,489 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Comma Separated Values (DOS).ADR
[2008/11/06 20:03:39 | 00,038,480 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Tab Separated Values (Windows).ADR
[2008/11/06 19:52:45 | 00,038,466 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft Excel.ADR
[2008/11/06 08:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 08:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 08:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 08:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/30 23:25:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2008/09/07 09:17:52 | 00,000,170 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2008/07/21 15:14:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TEXTART.INI
[2007/10/28 14:40:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/10/19 00:01:26 | 00,008,432 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\rx_audio.Cache
[2007/10/19 00:01:26 | 00,000,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\rx_image.Cache
[2007/09/27 14:35:56 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/08/21 11:22:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/08/19 12:17:34 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/08/19 12:17:34 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2007/07/30 09:57:56 | 00,031,212 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Comma Separated Values (Windows).ADR
[2007/06/12 08:09:54 | 00,749,568 | ---- | C] () -- C:\WINDOWS\System32\swfgen.dll
[2007/06/11 13:32:16 | 00,000,031 | ---- | C] () -- C:\WINDOWS\bluevoda.ini
[2007/05/13 19:43:57 | 00,471,552 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/05/13 19:43:57 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/03/24 11:52:52 | 00,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2007/03/21 14:43:53 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2007/03/14 13:42:09 | 00,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/03/09 12:36:49 | 00,002,502 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/08 20:28:12 | 00,201,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\GDIPFONTCACHEV1.DAT
[2007/03/06 18:08:55 | 00,000,199 | ---- | C] () -- C:\WINDOWS\swacnfg.ini
[2007/03/05 12:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/03/05 12:18:44 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/03 18:23:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OlaUtl32.INI
[2007/03/03 18:22:59 | 00,001,625 | ---- | C] () -- C:\WINDOWS\OLAGNT32.INI
[2007/03/02 11:50:22 | 00,002,510 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\.googlewebacchosts
[2007/03/01 23:34:14 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/01 20:38:07 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini
[2007/03/01 20:38:06 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PFP100JCM.{PB
[2007/03/01 20:38:05 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PFP100JPR.{PB
[2007/03/01 20:38:04 | 00,054,784 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/01 20:38:04 | 00,048,376 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/03/01 20:38:04 | 00,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/08/18 13:05:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/18 12:46:03 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/08/18 12:41:33 | 00,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/08/18 12:41:26 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/08/18 12:38:20 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/18 12:27:41 | 00,000,252 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/08/18 12:27:06 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/18 12:22:28 | 00,001,200 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/08/18 12:21:33 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/18 12:19:27 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/08/18 12:18:11 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/18 12:18:11 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/18 12:18:11 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/18 12:18:11 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/18 12:18:11 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/18 12:18:11 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/18 12:18:11 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/18 12:17:01 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/08/18 11:56:18 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/08/18 11:56:18 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/08/18 11:56:02 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/08/30 20:02:00 | 00,000,709 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/30 12:52:36 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/30 12:52:20 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/08/05 20:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 22:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/09 20:00:00 | 00,001,920 | ---- | C] () -- C:\WINDOWS\System32\i6fhtwwt.dll
[2004/07/26 06:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/03/18 07:44:29 | 01,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2002/02/27 08:41:28 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 08:41:26 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 08:41:26 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2000/10/01 22:23:36 | 00,471,040 | ---- | C] () -- C:\WINDOWS\System32\QTExporter.dll
[1998/12/08 10:09:44 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1998/12/08 10:09:44 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[1998/12/08 10:09:44 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\lffpx90n.dll
[1996/04/01 09:00:00 | 00,000,200 | ---- | C] () -- C:\WINDOWS\System32\CAPTURE2.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\Snapshot_002.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\Inka King TOP BAND Mix.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\centre_logo.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\(Unknown) - Still 001.jpg:Roxio EMC Stream
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80337C03
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C595FF3
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
< End of report >

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·