[Resolved] .exe files not running.
#16
Posted 25 November 2009 - 01:09 AM
Register to Remove
#17
Posted 25 November 2009 - 12:16 PM
Sorry for the delay.
Please refrain from downloading and/or running any programs unless I specifically direct you to do so.
I need you to look for a log.
Please:
- Right click on START on the left end of your Windows toolbar (lower left corner of your screen)
- Click on Explore
- Click on Local Disk (C:) in the left-hand window pane
- Look for ComboFix.txt in the right-hand window pane and right click on it
- Put your cursor (arrow) on Open With
- Move your cursor to the new menu that opens and click on Choose Program...
- Click on Notepad
When file opens, Copy/Paste text here
Try to run ComboFix in Safe Mode.
To Enter Safemode
- Go to Start> Shut off your Computer> Restart
- As the computer starts to boot-up, Tap the F8 KEY repeatedly,
- this will bring up a menu.
- Use the Up and Down Arrow Keys to scroll up to Safemode
- Then press the Enter Key on your Keyboard
- go into your usual account
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Check the boxes beside LOP Check and Purity Check.
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%SYSTEMDRIVE%\viamraid.sys /s /md5
%SYSTEMDRIVE%\nvata.sys /s /md5
%SYSTEMDRIVE%\nvgts.sys /s /md5
%SYSTEMDRIVE%\iastorv.sys /s /md5
%SYSTEMDRIVE%\ViPrt.sys /s /md5
CREATERESTOREPOINT - Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[list] - When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.
1. The log that was produced after running ComboFix in safe mode.
2. The log that was produced after running OTL.
3. An update on how your computer is running.
Proud Graduate of the WTT Classroom
#18
Posted 25 November 2009 - 01:52 PM
#19
Posted 25 November 2009 - 02:07 PM
Lets continue:
Try to run ComboFix in Safe Mode.
To Enter Safemode
- Go to Start> Shut off your Computer> Restart
- As the computer starts to boot-up, Tap the F8 KEY repeatedly,
- this will bring up a menu.
- Use the Up and Down Arrow Keys to scroll up to Safemode
- Then press the Enter Key on your Keyboard
- go into your usual account
NEXT
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Check the boxes beside LOP Check and Purity Check.
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%SYSTEMDRIVE%\viamraid.sys /s /md5
%SYSTEMDRIVE%\nvata.sys /s /md5
%SYSTEMDRIVE%\nvgts.sys /s /md5
%SYSTEMDRIVE%\iastorv.sys /s /md5
%SYSTEMDRIVE%\ViPrt.sys /s /md5
CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
Please make sure you include the following items in your next post:
1. The log that was produced after running ComboFix in safe mode.
2. The logs that were produced after running OTL.
3. An update on how your computer is running.
Proud Graduate of the WTT Classroom
#20
Posted 27 November 2009 - 05:43 PM
I wasn't sure if you wanted me to run OTL in normal or safe mode, so I ran it in normal mode. It only gave me one log, not two. There was no extras.txt. Let me know what I am doing wrong here and what i need to do differently. Here is OTL.txt:
OTL logfile created on: 11/27/2009 6:18:00 PM - Run 2
OTL by OldTimer - Version 3.1.11.0 Folder = C:\Users\HP_Administrator\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
957.82 Mb Total Physical Memory | 333.36 Mb Available Physical Memory | 34.80% Memory free
2.31 Gb Paging File | 1.54 Gb Available in Paging File | 66.54% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.03 Gb Total Space | 118.20 Gb Free Space | 52.76% Space Free | Partition Type: NTFS
Drive D: | 8.84 Gb Total Space | 0.55 Gb Free Space | 6.27% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-4DACD0EA75
Current User Name: HP_Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\ComboFix.com\CF30971.cfxxe ()
PRC - C:\Users\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
========== Modules (SafeList) ==========
MOD - C:\Users\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (XAudioService) -- C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
========== Driver Services (SafeList) ==========
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvamacpi) -- C:\Windows\system32\DRIVERS\NVAMACPI.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (LMouKE) -- C:\Windows\System32\drivers\LMouKE.Sys (Logitech Inc.)
DRV - (L8042mou) -- C:\Windows\System32\drivers\L8042mou.Sys (Logitech Inc.)
DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (MCSTRM) -- C:\Windows\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (mdmxsdk) -- C:\Windows\System32\drivers\mdmxsdk.sys (Conexant)
DRV - (nvnetbus) -- C:\Windows\System32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;<local>;*.local
========== FireFox ==========
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/24 02:09:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/05 00:58:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/25 00:35:32 | 00,000,000 | ---D | M]
[2009/01/31 05:16:53 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Extensions
[2009/01/31 05:16:53 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2008/04/01 12:58:04 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8640yv7j.default\extensions
[2008/12/04 18:24:24 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i48hzns0.default\extensions
[2008/12/04 18:24:24 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i48hzns0.default\extensions\{044FA143-992A-435f-95A5-39E25470F8F0}
[2008/12/04 18:24:24 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i48hzns0.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2008/12/04 18:24:24 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i48hzns0.default\extensions\{1AF3FC34-0725-4485-A939-6B40EB7CA96A}
[2008/12/04 18:24:24 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i48hzns0.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2008/12/04 18:24:24 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i48hzns0.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2008/12/04 18:24:24 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i48hzns0.default\extensions\{4a428302-5267-4749-bb22-459b3236695f}
[2008/12/04 18:24:24 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i48hzns0.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2008/12/04 18:24:25 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i48hzns0.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2008/12/04 18:24:24 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i48hzns0.default\extensions\en-US@dictionaries.addons.mozilla.org
[2008/12/04 18:24:24 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i48hzns0.default\extensions\readeroo@monsur.com
[2009/11/16 14:19:56 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nbt2co4w.default\extensions
[2008/12/04 18:24:26 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nbt2co4w.default\extensions\{04CA07AB-7FC3-4110-A83F-EF1E6B75D5B0}
[2008/12/04 21:05:49 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nbt2co4w.default\extensions\{07b2a769-ed19-4483-87ce-c643914c9626}
[2009/10/24 12:19:37 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nbt2co4w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/12 18:31:04 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nbt2co4w.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2008/12/04 20:56:58 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nbt2co4w.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
[2009/11/12 18:29:52 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nbt2co4w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/01/03 14:33:31 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nbt2co4w.default\extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}
[2009/11/12 18:31:04 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nbt2co4w.default\extensions\en-US@dictionaries.addons.mozilla.org
[2008/12/08 19:35:44 | 00,000,000 | ---D | M] -- C:\Users\HP_Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nbt2co4w.default\extensions\glasser@sixxgate.com
[2009/11/17 11:02:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/06 00:30:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/11/27 18:11:30 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2008/08/06 15:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/07/07 16:20:42 | 00,061,440 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
[2009/07/07 16:20:42 | 00,065,536 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
[2005/08/09 13:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2007/05/16 07:22:00 | 00,151,300 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll File not found
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\Windows\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\HP_Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: 16 range(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...IOS/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1166889208718 (Reg Error: Key error.)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/12/09 10:19:51 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 30 Days ==========
[2009/11/27 18:16:31 | 00,000,000 | --SD | C] -- C:\ComboFix.com
[2009/11/27 18:15:48 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/11/27 14:58:12 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/11/27 14:58:12 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/11/27 14:58:12 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/11/27 14:58:12 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/11/27 14:58:03 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/27 14:38:37 | 00,532,992 | ---- | C] (OldTimer Tools) -- C:\Users\HP_Administrator\Desktop\OTL.exe
[2009/11/25 12:47:37 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/11/25 11:58:26 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/11/25 01:21:17 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/11/24 23:56:07 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2009/11/24 23:56:07 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/11/24 23:56:06 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2009/11/24 23:56:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2009/11/24 23:56:02 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/11/23 19:53:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/11/17 11:01:54 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/11/17 11:01:54 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/11/17 11:01:54 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/11/12 18:32:13 | 00,000,000 | ---D | C] -- C:\Users\HP_Administrator\AppData\Roaming\QuickScan
[2009/11/10 16:02:15 | 02,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/11/10 16:01:42 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/11/04 10:04:17 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/10/30 13:59:00 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009/10/30 08:21:00 | 00,000,000 | ---D | C] -- C:\Users\HP_Administrator\Desktop\Downloads
[2009/10/30 08:20:59 | 00,000,000 | ---D | C] -- C:\Users\HP_Administrator\AppData\Roaming\GetRightToGo
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2009/11/27 18:17:42 | 02,621,440 | -HS- | M] () -- C:\Users\HP_Administrator\NTUSER.DAT
[2009/11/27 18:04:23 | 00,120,096 | ---- | M] () -- C:\Users\HP_Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/27 18:04:06 | 00,002,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/27 18:04:06 | 00,002,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/27 18:04:00 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/27 18:03:57 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/27 18:03:52 | 10,050,84672 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/27 18:03:13 | 00,524,288 | -HS- | M] () -- C:\Users\HP_Administrator\NTUSER.DAT{96040ee2-c049-11de-8085-0018f39438e3}.TMContainer00000000000000000001.regtrans-ms
[2009/11/27 18:03:13 | 00,065,536 | -HS- | M] () -- C:\Users\HP_Administrator\NTUSER.DAT{96040ee2-c049-11de-8085-0018f39438e3}.TM.blf
[2009/11/27 15:01:02 | 00,414,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/27 14:38:43 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Users\HP_Administrator\Desktop\OTL.exe
[2009/11/27 14:33:55 | 03,577,870 | R--- | M] () -- C:\Users\HP_Administrator\Desktop\ComboFix.com.exe
[2009/11/24 23:56:29 | 00,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2009/11/24 23:52:14 | 30,909,992 | ---- | M] () -- C:\Users\HP_Administrator\Desktop\avira_antivir_personal_en.exe
[2009/11/24 23:21:29 | 00,001,162 | ---- | M] () -- C:\Users\HP_Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2009/11/24 23:06:56 | 00,291,840 | ---- | M] () -- C:\Users\HP_Administrator\Desktop\explorer.exe
[2009/11/23 21:20:58 | 00,047,616 | ---- | M] () -- C:\Users\HP_Administrator\Desktop\Win32kDiag.exe
[2009/11/19 06:41:27 | 00,016,896 | ---- | M] () -- C:\Users\HP_Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/16 14:16:54 | 00,001,673 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2009/11/15 21:17:04 | 00,725,208 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/15 21:17:04 | 00,618,842 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/15 21:17:04 | 00,110,906 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/14 10:35:09 | 00,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\Windows\PEV.exe
[2009/11/09 22:53:28 | 00,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/10/29 04:17:42 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2009/11/27 18:03:52 | 10,050,84672 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/27 14:58:12 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/11/27 14:58:12 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/11/27 14:58:12 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/11/24 23:56:29 | 00,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2009/11/24 23:47:56 | 30,909,992 | ---- | C] () -- C:\Users\HP_Administrator\Desktop\avira_antivir_personal_en.exe
[2009/11/24 23:27:17 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe
[2009/11/24 23:27:17 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/11/24 23:21:29 | 00,001,162 | ---- | C] () -- C:\Users\HP_Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2009/11/24 23:16:17 | 03,577,870 | R--- | C] () -- C:\Users\HP_Administrator\Desktop\ComboFix.com.exe
[2009/11/24 16:14:22 | 00,291,840 | ---- | C] () -- C:\Users\HP_Administrator\Desktop\explorer.exe
[2009/11/23 21:52:59 | 00,047,616 | ---- | C] () -- C:\Users\HP_Administrator\Desktop\Win32kDiag.exe
[2009/11/16 14:16:54 | 00,001,673 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2009/10/27 22:21:47 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/27 22:19:08 | 00,000,680 | ---- | C] () -- C:\Users\HP_Administrator\AppData\Local\d3d9caps.dat
[2009/10/24 19:06:39 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/23 22:05:20 | 00,000,760 | ---- | C] () -- C:\Users\HP_Administrator\AppData\Roaming\setup_ldm.iss
[2008/12/04 22:54:32 | 00,016,896 | ---- | C] () -- C:\Users\HP_Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/18 16:32:54 | 00,000,022 | ---- | C] () -- C:\Windows\kodakpcd.ini
[2008/10/19 17:40:29 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/04/04 16:18:40 | 00,000,894 | ---- | C] () -- C:\Users\HP_Administrator\AppData\Roaming\wklnhst.dat
[2008/04/02 12:19:01 | 00,000,277 | ---- | C] () -- C:\Windows\maketorrent.ini
[2007/09/25 20:34:54 | 00,000,033 | ---- | C] () -- C:\Windows\LVMMail.INI
[2007/06/21 20:48:25 | 00,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2007/05/10 09:30:01 | 00,000,241 | ---- | C] () -- C:\Windows\QSync.INI
[2007/05/10 09:26:45 | 00,000,780 | ---- | C] () -- C:\Windows\_delis32.ini
[2007/04/21 00:12:52 | 00,360,448 | ---- | C] () -- C:\Windows\lame_enc.dll
[2007/04/17 06:02:39 | 00,000,391 | ---- | C] () -- C:\Windows\COVERE~1.INI
[2007/04/16 21:47:24 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/02/07 18:45:12 | 00,000,031 | ---- | C] () -- C:\Windows\MCDB.ini
[2007/02/05 22:19:40 | 00,000,029 | ---- | C] () -- C:\Windows\atid.ini
[2007/02/05 17:56:17 | 00,065,536 | ---- | C] () -- C:\Windows\System32\YCRWin32.dll
[2007/02/05 17:38:29 | 00,006,048 | ---- | C] () -- C:\Windows\System32\MCC16.dll
[2007/01/28 02:25:27 | 00,000,532 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2006/12/12 11:24:42 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/06 14:35:26 | 00,057,344 | ---- | C] () -- C:\Windows\System32\nicmgr.dll
[2006/08/16 13:47:38 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/07/31 22:09:54 | 00,000,061 | ---- | C] () -- C:\Windows\smscfg.ini
[2006/07/31 21:43:50 | 00,028,848 | ---- | C] () -- C:\Windows\System32\drivers\USBkey.sys
[2006/07/31 21:36:06 | 00,014,317 | ---- | C] () -- C:\Windows\System32\CHODDI.SYS
[2006/07/31 21:35:49 | 00,045,056 | ---- | C] () -- C:\Windows\System32\hpreg.dll
[2006/07/31 21:32:28 | 00,000,202 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2006/07/31 21:20:08 | 00,000,056 | ---- | C] () -- C:\Windows\wininit.ini
[2006/07/31 21:19:27 | 00,000,698 | ---- | C] () -- C:\Windows\NSSetDefaultBrowser.ini
[2006/07/31 21:09:56 | 01,703,936 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2006/07/31 21:09:56 | 01,019,904 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2006/07/31 21:09:56 | 00,466,944 | ---- | C] () -- C:\Windows\System32\nvshell.dll
[2006/07/31 21:09:55 | 01,474,560 | ---- | C] () -- C:\Windows\System32\nview.dll
[2006/07/31 21:09:55 | 00,573,440 | ---- | C] () -- C:\Windows\System32\nvhwvid.dll
[2006/07/31 21:08:29 | 00,000,753 | ---- | C] () -- C:\Windows\orun32.ini
[2006/07/31 20:47:06 | 00,323,584 | ---- | C] () -- C:\Windows\System32\pythoncom22.dll
[2006/07/31 20:47:06 | 00,094,208 | ---- | C] () -- C:\Windows\System32\pywintypes22.dll
[2006/07/31 20:46:46 | 00,016,896 | ---- | C] () -- C:\Windows\System32\bcbmm.dll
[2006/02/19 12:28:56 | 00,012,288 | ---- | C] () -- C:\Windows\Fonts\RandFont.dll
[2005/07/15 13:35:56 | 00,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005/07/15 13:35:56 | 00,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2005/07/15 13:35:24 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2004/09/16 22:24:26 | 03,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[2004/07/26 09:51:38 | 00,000,560 | ---- | C] () -- C:\Windows\System32\oeminfo.ini
[1999/01/27 12:39:06 | 00,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1997/06/13 06:56:08 | 00,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
========== LOP Check ==========
[2009/03/01 16:30:12 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration RunOnce Task.job
[2006/11/02 08:09:53 | 00,000,484 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< >
< %SYSTEMDRIVE%\*.exe >
[2005/10/31 10:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2006/11/02 04:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2006/11/02 04:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[2005/06/17 08:33:40 | 00,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\$WINDOWS.~Q\DATA\WINDOWS\system32\drivers\iaStor.sys
[2005/06/17 08:33:40 | 00,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys
[2005/06/17 08:33:40 | 00,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\Windows\System32\drivers\iaStor.sys
[2005/06/17 08:33:40 | 00,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_91b96e38\iaStor.sys
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2008/12/05 01:44:27 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/12/05 01:44:27 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/12/05 01:44:26 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >
< %SYSTEMDRIVE%\viamraid.sys /s /md5 >
< %SYSTEMDRIVE%\nvata.sys /s /md5 >
< %SYSTEMDRIVE%\nvgts.sys /s /md5 >
< %SYSTEMDRIVE%\iastorv.sys /s /md5 >
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
[2008/01/19 02:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
< %SYSTEMDRIVE%\ViPrt.sys /s /md5 >
========== Files - Unicode (All) ==========
[2008/12/04 18:24:37 | 00,000,000 | ---D | M](C:\Users\HP_Administrator\AppData\Roaming\???????sAppData) -- C:\Users\HP_Administrator\AppData\Roaming\敎潲䍄敔灭慬整sAppData
[2008/12/04 18:24:37 | 00,000,000 | ---D | M](C:\Users\HP_Administrator\AppData\Roaming\???????sAppData) -- C:\Users\HP_Administrator\AppData\Roaming\敎潲䍄敔灭慬整sAppData
(C:\Users\HP_Administrator\AppData\Roaming\???????sAppData) -- C:\Users\HP_Administrator\AppData\Roaming\敎潲䍄敔灭慬整sAppData
< End of report >
#21
Posted 28 November 2009 - 12:59 AM
I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:
- Open Malwarebytes' Anti-Malware
- Select the Update tab
- Click Check for Updates
- After the update have been completed, Select the Scanner tab.
- Select Perform full scan, then click on Scan
- Leave the default options as it is and click on Start Scan
- When done, you will be prompted. Click OK, then click on Show Results
- Checked (ticked) all items and click on Remove Selected
- After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Kaspersky Online Scanner
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.
Note:
It is recommended to disable on board Anti-Virus program and Anti-Spyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident Anti-Virus protection along with whatever Anti-Spyware app you use.
Please do a scan with Kaspersky Online Scanner or from Here.
- Click on the Accept button and install any components it needs.
- The program will install and then begin downloading the latest definition files.
- After the files have been downloaded on the left side of the page in the Scan section select My Computer.
- This will start the program and scan your system.
- The scan will take a while, so be patient and let it run. (At times it may appear to stall)
- Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
- Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
- Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
- Once the scan is complete, click on View scan report To obtain the report:
- Click on: Save Report As
- Next, in the Save as prompt, Save in area, select: Desktop
- In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt]
- Then, click: Save
- Please post the Kaspersky Online Scanner Report in your reply.
1. The log that was produced after running MalwareBytes' Anti-Malware
2. The log that was produced after running the Kaspersky Online Scan.
3. An update on the status of your computer.
Proud Graduate of the WTT Classroom
#22
Posted 28 November 2009 - 03:27 PM
#23
Posted 28 November 2009 - 03:45 PM
Also, after I restarted after the MalwareBytes scan, a new icon appeared in the bottom right-hand corner of the taskbar. When hovered over, it says, "Blocked startup programs." This was never there before, and I hadn't touched anything. Not sure what that is about, but I thought you should know.
According to the information that I found on the MalwareBytes' Anti-Malware Support Forum this is a known bug that is scheduled to be fixed in the next version.
To fix this issue please do the following:
Back-Up Registry
First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:
regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.
Open Notepad
Click Start > Run type notepad into the run box click OK
Click Format and make certain that Word Wrap is NOT checked.
Copy the text inside of the code box, Press Ctrl+C (or right click on the highlighted section and choose 'copy')
Now paste the copied text into the open notepad. Press CTRL+V (or right click and choose 'paste')
Note: There must be NO
blank lines in front of the pasted text, but ensure that there is a
blank line at the end of the text, otherwise the registry merge will
not work.
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes Anti-Malware (reboot)"=-
Now go to File > and click Save As,
From the drop down menu at the top of the box choose Desktop as the location to save this file.
Go down to the File Name box and type in fixme.reg as the file name, then choose All Files as the save as file type.
Then click the save button.
Once you have clicked the save button, close Notepad.
You should now see a file on your desktop that looks like this:
Locate the fixme.reg
icon on your desktop and double click it, an information box will pop
up asking if you want to merge the information in the file into the
registry, click YES.
Once the file has run, the information will have merged with your registry so you can delete fixme.reg from your desktop as you won't be needing it anymore.
Proud Graduate of the WTT Classroom
#24
Posted 28 November 2009 - 04:08 PM
#25
Posted 28 November 2009 - 04:18 PM
Proud Graduate of the WTT Classroom
Register to Remove
#26
Posted 28 November 2009 - 04:20 PM
#27
Posted 28 November 2009 - 04:51 PM
Proud Graduate of the WTT Classroom
#28
Posted 28 November 2009 - 05:42 PM
#29
Posted 28 November 2009 - 06:58 PM
#30
Posted 28 November 2009 - 09:16 PM
Also, after I restarted after the MalwareBytes scan, a new icon appeared in the bottom right-hand corner of the taskbar. When hovered over, it says, "Blocked startup programs." This was never there before, and I hadn't touched anything. Not sure what that is about, but I thought you should know.
According to the information that I found on the MalwareBytes' Anti-Malware Support Forum this is a known bug that is scheduled to be fixed in the next version.
To fix this issue please do the following:
Back-Up Registry
First, we need to backup your registry:
On your keyboard press the Windows key + R
This should display the Run box.
Paste in the following line:
regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.
Open Notepad
Click Start > Run type notepad into the run box click OK
Click Format and make certain that Word Wrap is NOT checked.
Copy the text inside of the code box, Press Ctrl+C (or right click on the highlighted section and choose 'copy')
Now paste the copied text into the open notepad. Press CTRL+V (or right click and choose 'paste')
Note: There must be NO
blank lines in front of the pasted text, but ensure that there is a
blank line at the end of the text, otherwise the registry merge will
not work.
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes Anti-Malware (reboot)"=-
Now go to File > and click Save As,
From the drop down menu at the top of the box choose Desktop as the location to save this file.
Go down to the File Name box and type in fixme.reg as the file name, then choose All Files as the save as file type.
Then click the save button.
Once you have clicked the save button, close Notepad.
You should now see a file on your desktop that looks like this:
Locate the fixme.reg
icon on your desktop and double click it, an information box will pop
up asking if you want to merge the information in the file into the
registry, click YES.
Once the file has run, the information will have merged with your registry so you can delete fixme.reg from your desktop as you won't be needing it anymore.
Re-Scanning with DDS
Please re-run DDS by sUBs.
Make sure to pay attention to the directions below:
- Disable any script blocking protection (How to Disable your Security Programs)
- Double click DDS icon to run the tool (may take up to 3 minutes to run)
- When done, DDS.txt will open.
- After a few moments, attach.txt will open in a second window.
- Save both reports to your desktop.
- Post the contents of the DDS.txt report in your next reply
- Attach the Attach.txt report to your post by doing the following:
- Under the reply panel is the Attachments Panel
- Browse for the attachment file you want to upload, then click the green Upload button
- Once it has uploaded, click the Manage Current Attachments drop down box
- Click on to insert the attachment into your post
1. The log from the BitDefender Scan.
2. The logs that were produced after running DDS. (DDS.txt & Attach.txt)
3. Are you experiencing any outstanding issues with your PC?
Proud Graduate of the WTT Classroom
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users