Jump to content

complikati

Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

About complikati

  • Birthday 8/7/1980

Tech Info

  • Experience
    some_experience
  • System: windows_xp_home

complikati's Achievements

Newbie

Newbie (1/14)

0

Reputation

  1. complikati
    Update: I think my computer is dead After I noticed the restarting process was happening over and over, a blue screen popped up with the error STOP: c000021a fatal system error f Oxc0000034. I researched this on my other computer and tried to find ways to reboot and whatnot, nothing worked. I went to power it up again and nothing, it won't even turn on...is this the end of my computer?? Katie
  2. complikati
    HELP! Computer went nuts!! I was getting on this morning to start the cleanup process, and before I did anything the computer just decided to shut down...I tried restarting it, and it acts like it's going to but just keeps starting the reboot process all over again and wont even load up to the logon screen. I dont know what happened, it's been working fine this whole time. The only thing that happened before it shut down was that my virus protection popped up with a possible virus or something and I clicked remove, then it all just went down. I'm not sure what to do!! Do you know what it might be?? I thought we were at the end of all this!! :mad: Thanks for your help!! Katie
  3. complikati
    Still running good Yes, everything is still running good so far...just let me know what I need to do next! Thanks again! Katie
  4. complikati
    I finally got it to work! I finally got it to download! For some reason it isn't letting me upload the file. I will paste what was in the log, it was just this: hlp.dat;C:\Documents and Settings\All Users\Documents\Server;Trojan.Hottrend.29;Deleted.;RadEditor_v3[1].js;C:\Documents and Settings\Katie\Local Settings\Temporary Internet Files\Content.IE5\LWEF6W1N;Probably SCRIPT.Virus;;A0001937.ocx;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP6;Adware.Coupons.34;;A0007033.dll;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP8;Probably DLOADER.Trojan;; I hope I got rid of them, I selected and then clicked cure, is there anything else I need to do? Thanks. Katie
  5. complikati
    What the heck? I took your advice and downloaded firefox...it did the same thing. I tried both links and one time it did download, but I cannot find it anywhere on my computer. My antivirus also detected 2 possible trojans when I downloaded it. I don't know why I am not able to successfully download it. I hope I haven't messed up my computer again. Do you think I should just leave it alone for now since it's been working again? Thanks for your help and advice... Katie
  6. complikati
    Still won't work Maybe I'm just not meant to download this program lol. I went to the website and clicked on that link and it just kept going to a page that said internet explorer cannot view this page or something like that. I'm not quite sure what to do. I don't want to take the chance of just leaving it the way it is (the computer is still working fine), if there is something wrong with it still. I will try those links again. Katie
  7. complikati
    Drweb I didn't see anything pop up when I clicked the link. I went to the drweb site and tried to dl it from there and I did see the bar pop up on that one, so I clicked "download file", and it just redirected me back to the homepage. For some reason I am not able to download it...any suggestions? Thanks! Katie
  8. complikati
    Drweb I tried the link for drweb but it wouldn't connect to it. Is there another link I could try? Also, I haven't had any problems since the last scans I did, is it possible the computer got cured after those last scans? I still want to be sure, so I would still like to download the drweb if there is an available link. Thank you SOOOO much, you have been a wonderful help!! Katie
  9. complikati
    More Logs for you! Ok, I did the scans, and ever since I restarted the computer (fingers crossed!) I haven't had anything pop up. But you never know with these wacky computers!! Here are the logs you requested. Thanks again for your help, you have been incredible! Katie TDS.txt CFix.txt
  10. complikati
    Reply to previous post with new logs Thanks for the info! I deleted Vuze, and I previously deleted Limewire and all those sites, but I still have the folders with the music in it, is it ok to keep that or should I get rid of those too? I've had them for quite awhile but if I need to I will get rid of them. I also got rid of the registry cleaner as you suggested. So I did these new scans that you posted in your reply. The logs are attached. I don't know if it was suppose to fix anything yet but I am still getting the same pop up error boxes (cannot find http://(foreign symbols) website) whenever I go into any web page. However, I am not getting the messages on startup that I used to, which was pretty much the same message as above. I have a screenshot of this error box in the first post that I posted. If you need it I can send it to you. But anyway, thanks for ALL your help so far! Katie log2.txt log2a.txt
  11. complikati
    Hello, I was told to run some programs and post the logs for those. My computer was having issues with multiple error boxes popping up with saying that (some foreign website) could not be opened, and whenever I would x out of it, it would open up a new browser. Here are the logs. Malware bytes log Malwarebytes' Anti-Malware 1.50 Malwarebytes Database version: 5271 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/8/2010 11:32:51 AM mbam-log-2010-12-08 (11-32-51).txt Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|) Objects scanned: 226351 Time elapsed: 1 hour(s), 5 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) OTL OTL Extras logfile created on: 12/8/2010 3:37:47 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Katie\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 894.00 Mb Total Physical Memory | 270.00 Mb Available Physical Memory | 30.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free Paging file location(s): C:\pagefile.sys 1500 2500 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 69.30 Gb Total Space | 42.63 Gb Free Space | 61.51% Space Free | Partition Type: NTFS Drive D: | 69.99 Gb Total Space | 69.56 Gb Free Space | 99.39% Space Free | Partition Type: NTFS Computer Name: EMACHINE-61B2A0 | User Name: Katie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = � "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe" = C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:*:Enabled:BackupSvc.exe -- (NewTech InfoSystems, Inc.) "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe" = C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:*:Enabled:SchedulerSvc.exe -- () "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" = C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:*:Enabled:AgentSvc.exe -- (NewTech Infosystems, Inc.) "C:\WINDOWS\system32\lxdmcoms.exe" = C:\WINDOWS\system32\lxdmcoms.exe:*:Enabled:5000 Series Server -- ( ) "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- File not found "C:\Program Files\Lexmark 5000 Series\frun.exe" = C:\Program Files\Lexmark 5000 Series\frun.exe:*:Enabled:Printing Application -- () "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found "C:\Program Files\Blubster\Blubster.exe" = C:\Program Files\Blubster\Blubster.exe:*:Enabled:Blubster -- File not found "C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- File not found "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found "C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe" = C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe:*:Enabled:CoDMP -- File not found "C:\Program Files\Lexmark 5000 Series\lxdmmon.exe" = C:\Program Files\Lexmark 5000 Series\lxdmmon.exe:*:Enabled:Printer Device Monitor -- () "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmpswx.exe:*:Enabled:Printer Status Window Interface -- () "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmtime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.) "C:\Program Files\Lexmark 5000 Series\LXDMFax.exe" = C:\Program Files\Lexmark 5000 Series\LXDMFax.exe:*:Enabled:Fax Solutions Software -- () "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmjswx.exe:*:Enabled:Job Status Window Interface -- () "C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation) "C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation) "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator -- File not found "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found "C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07D4A7C5-C55C-45B5-9E86-D8068D25EF40}" = Fast Track USB "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{141F2872-D2F9-4A89-95D3-E222D1CBCC56}" = Vz In Home Agent "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 17 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}" = Ulead Photo Express 5 SE "{31C2F32D-C5DD-4583-8181-B48591CA231C}" = RapidPlayer v5.0 ActiveX Control "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C5F1B30-B10B-4579-86DD-D00F662E1033}" = Nero 8 "{3E981E45-833E-44C4-AB75-3668AA77F8EC}" = Adobe Flash Media Live Encoder 3 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{48CBDC47-435F-4C41-B0A4-7C397C649FBE}" = FlashWindow Library for Instant Access "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{569E6C05-AFFA-4C58-BFB6-B289203572CD}" = VIPdesk Scan Utility "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam "{643DDB7A-E108-40B2-BE77-5FFD50F83CA5}" = ArcSoft VideoImpression 2 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E7BE43A-2789-4901-A644-7B9FD82E352C}" = VitalSource Bookshelf "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2 "{B1C0D829-FE30-059E-E93F-CDC7A48235C0}" = FlipShare "{BA3582A0-2DE0-4DB8-8B74-CD34AC193F9B}_is1" = Computer Requirements 1.0 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic "{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only) "8461-7759-5462-8226" = Vuze "ActiveTouchMeetingClient" = WebEx "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem "CCleaner" = CCleaner "CleanMyPC - Registry Cleaner_is1" = CleanMyPC - Registry Cleaner "ENTERPRISE" = Microsoft Office Enterprise 2007 "Google Desktop" = Google Desktop "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie8" = Windows Internet Explorer 8 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "Lexmark 5000 Series" = Lexmark 5000 Series "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Verizon Help and Support" = Verizon Help and Support Tool "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Media Player" = Move Media Player "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/4/2010 1:40:03 AM | Computer Name = EMACHINE-61B2A0 | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 12/4/2010 2:04:01 AM | Computer Name = EMACHINE-61B2A0 | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x00023825. Error - 12/4/2010 3:31:47 PM | Computer Name = EMACHINE-61B2A0 | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x00023825. Error - 12/4/2010 8:30:08 PM | Computer Name = EMACHINE-61B2A0 | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x00023825. Error - 12/4/2010 10:55:35 PM | Computer Name = EMACHINE-61B2A0 | Source = Application Error | ID = 1001 Description = Fault bucket 792100092. Error - 12/5/2010 2:20:14 AM | Computer Name = EMACHINE-61B2A0 | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x00023825. Error - 12/5/2010 12:40:54 PM | Computer Name = EMACHINE-61B2A0 | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x00023825. Error - 12/5/2010 12:42:42 PM | Computer Name = EMACHINE-61B2A0 | Source = Application Error | ID = 1001 Description = Fault bucket 792100092. Error - 12/7/2010 5:27:51 PM | Computer Name = EMACHINE-61B2A0 | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x00023825. Error - 12/7/2010 5:28:26 PM | Computer Name = EMACHINE-61B2A0 | Source = Application Error | ID = 1001 Description = Fault bucket 792100092. [ OSession Events ] Error - 11/19/2010 12:53:05 AM | Computer Name = EMACHINE-61B2A0 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5062 seconds with 240 seconds of active time. This session ended with a crash. [ System Events ] Error - 12/8/2010 4:17:48 PM | Computer Name = EMACHINE-61B2A0 | Source = Service Control Manager | ID = 7034 Description = The NTI Backup Now 5 Scheduler Service service terminated unexpectedly. It has done this 1 time(s). Error - 12/8/2010 4:17:48 PM | Computer Name = EMACHINE-61B2A0 | Source = Service Control Manager | ID = 7034 Description = The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s). Error - 12/8/2010 4:17:49 PM | Computer Name = EMACHINE-61B2A0 | Source = Service Control Manager | ID = 7034 Description = The Trend Micro Central Control Component service terminated unexpectedly. It has done this 1 time(s). Error - 12/8/2010 4:17:49 PM | Computer Name = EMACHINE-61B2A0 | Source = Service Control Manager | ID = 7034 Description = The Trend Micro Proxy Service service terminated unexpectedly. It has done this 1 time(s). Error - 12/8/2010 4:17:50 PM | Computer Name = EMACHINE-61B2A0 | Source = Service Control Manager | ID = 7034 Description = The Trend Micro Personal Firewall service terminated unexpectedly. It has done this 1 time(s). Error - 12/8/2010 4:18:20 PM | Computer Name = EMACHINE-61B2A0 | Source = Service Control Manager | ID = 7034 Description = The Trend Micro Unauthorized Change Prevention Service service terminated unexpectedly. It has done this 1 time(s). Error - 12/8/2010 4:26:21 PM | Computer Name = EMACHINE-61B2A0 | Source = Service Control Manager | ID = 7023 Description = The Network Security service terminated with the following error: %%126 Error - 12/8/2010 4:26:21 PM | Computer Name = EMACHINE-61B2A0 | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the lxdmCATSCustConnectService service to connect. Error - 12/8/2010 4:26:21 PM | Computer Name = EMACHINE-61B2A0 | Source = Service Control Manager | ID = 7000 Description = The lxdmCATSCustConnectService service failed to start due to the following error: %%1053 Error - 12/8/2010 4:27:46 PM | Computer Name = EMACHINE-61B2A0 | Source = Service Control Manager | ID = 7022 Description = The Automatic Updates service hung on starting. OTL logfile created on: 12/8/2010 3:37:47 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Katie\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 894.00 Mb Total Physical Memory | 270.00 Mb Available Physical Memory | 30.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free Paging file location(s): C:\pagefile.sys 1500 2500 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 69.30 Gb Total Space | 42.63 Gb Free Space | 61.51% Space Free | Partition Type: NTFS Drive D: | 69.99 Gb Total Space | 69.56 Gb Free Space | 99.39% Space Free | Partition Type: NTFS Computer Name: EMACHINE-61B2A0 | User Name: Katie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Katie\Desktop\OTL.scr (OldTimer Tools) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe () PRC - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe () PRC - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe () PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe () PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe () PRC - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent) PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe () PRC - C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe (CleanMyPC Software) PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems) PRC - C:\WINDOWS\system32\lxdmcoms.exe ( ) PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\WINDOWS\vVX1000.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Katie\Desktop\OTL.scr (OldTimer Tools) MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Alcatel-Lucent) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (6to4) -- C:\WINDOWS\System32\6to4v32.dll File not found SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe () SRV - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe () SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe () SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe () SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe () SRV - (GoogleDesktopManager-022208-143751) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (NTIBackupSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (NTISchedulerSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems) SRV - (lxdm_device) -- C:\WINDOWS\System32\lxdmcoms.exe ( ) SRV - (lxdmCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdmserv.exe () SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (SymIMMP) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys File not found DRV - (SymIM) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys File not found DRV - (NTIDrvr) -- C:\Acer\Empowering Technology\eRecovery\NTIDrvr.sys File not found DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found DRV - (MAUSBML) Service for M-Audio Micro (WDM) -- C:\WINDOWS\System32\DRIVERS\mausbmr.sys File not found DRV - (DCamUSBVeo532) -- C:\WINDOWS\System32\Drivers\ubVeo532.sys File not found DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys () DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.) DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.) DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.) DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys () DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys () DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.) DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.) DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (urvpndrv) -- C:\WINDOWS\system32\drivers\covpndrv.sys (F5 Networks, Corp.) DRV - (f5ipfw) -- C:\WINDOWS\system32\drivers\urfltw2k.sys (F5 Networks) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (UBHelper) -- C:\WINDOWS\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (VX1000) -- C:\WINDOWS\system32\drivers\VX1000.sys (Microsoft Corporation) DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.) DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, Unterhaltung, Nachrichten, Sport, Jobs, Immobilien und mehr bei MSN AT IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = {searchTerms} - Google Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin File not found [2010/09/14 12:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\Mozilla\Extensions [2009/04/18 12:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\Mozilla\Extensions\mozswing@mozswing.org O1 HOSTS File: ([2009/10/29 09:48:24 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [bkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LaunchApp] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [ufSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe () O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent) O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation) O4 - HKCU..\Run: [Registry Cleaner Scheduler] C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe (CleanMyPC Software) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) F3 - HKCU WinNT: Load - (???�?) - File not found F3 - HKCU WinNT: Run - (???�?) - File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O15 - HKCU\..Trusted Domains: acddirect.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: callswithoutwalls.com ([training] https in Trusted sites) O15 - HKCU\..Trusted Domains: callswithoutwalls.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: virtualacd.biz ([www] http in Trusted sites) O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} https://content10.ilinc.com/download/AXCltInstall.dll (ILINCInstall102 Class) O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://dcode.support.microsoft.com/dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://a1fp1.alpineaccess.com/vdesk/terminal/urxvpn.cab#version=6030,2009,327,1607 (F5 Networks VPN Manager) O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} http://www.newhomebasedccr.com/test/PlaNetSysInfo.cab (PlaNet SysInfo Class) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia) O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://a1fp1.alpineaccess.com/vdesk/terminal/f5tunsrv.cab#version=6030,2009,327,1558 (F5 Networks Dynamic Application Tunnel Control) O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://a1fp1.alpineaccess.com/vdesk/terminal/InstallerControl.cab (F5 Networks Auto Update) O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/54.16/uploader2.cab (UploadListView Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278275794062 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278275711781 (MUWebControl Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} Seite nicht gefunden | Facebook (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.0.12 O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found O24 - Desktop WallPaper: C:\Documents and Settings\Katie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Katie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/08/18 15:37:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3c421c8e-f843-11de-ade9-001d72a65ae8}\Shell\AutoRun\command - "" = H:\Setup_FlipShare.exe -- File not found O33 - MountPoints2\{3c421c8e-f843-11de-ade9-001d72a65ae8}\Shell\Setup FlipShare\command - "" = H:\Setup_FlipShare.exe -- File not found O33 - MountPoints2\{53d7f459-ed09-11de-ade3-001d72a65ae8}\Shell - "" = AutoRun O33 - MountPoints2\{53d7f459-ed09-11de-ade3-001d72a65ae8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{53d7f459-ed09-11de-ade3-001d72a65ae8}\Shell\AutoRun\command - "" = E:\DPFMate.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - C:\WINDOWS\System32\6to4v32.dll File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point (69537929998893056) ========== Files/Folders - Created Within 30 Days ========== [2010/12/08 15:36:25 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Katie\Desktop\OTL.scr [2010/12/08 15:17:04 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Katie\Desktop\TFC.exe [2010/12/08 08:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe [2010/12/07 15:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\CleanMyPC [2010/12/07 14:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katie\Application Data\Registry Mechanic [2010/12/07 13:52:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Katie\Recent [2010/12/07 08:06:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS [2010/12/05 01:00:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Service [2010/12/04 12:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe [2010/12/04 01:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2010/12/04 01:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2010/12/04 00:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/12/04 00:28:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/12/04 00:12:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server [2009/06/18 22:11:35 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmhcp.dll [2009/06/18 22:11:34 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmserv.dll [2009/06/18 22:11:34 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmusb1.dll [2009/06/18 22:11:34 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdminpa.dll [2009/06/18 22:11:34 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmiesc.dll [2009/06/18 22:11:33 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmpmui.dll [2009/06/18 22:11:33 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmlmpm.dll [2009/06/18 22:11:33 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmprox.dll [2009/06/18 22:11:32 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmhbn3.dll [2009/06/18 22:11:31 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcomc.dll [2009/06/18 22:11:31 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcomm.dll [1 C:\Documents and Settings\Katie\*.tmp files -> C:\Documents and Settings\Katie\*.tmp -> ] [1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/12/08 15:36:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Katie\Desktop\OTL.scr [2010/12/08 15:34:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/12/08 15:30:25 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/12/08 15:30:25 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/12/08 15:26:28 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/12/08 15:26:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/12/08 15:26:03 | 937,938,944 | -HS- | M] () -- C:\hiberfil.sys [2010/12/08 15:17:04 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Katie\Desktop\TFC.exe [2010/12/08 10:20:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/12/07 15:24:13 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\Katie\Desktop\CleanMyPC - Registry Cleaner.lnk [2010/12/07 15:07:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/12/07 14:46:32 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job [2010/12/07 14:28:13 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010/12/07 12:51:18 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2010/12/07 08:53:38 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Katie\Desktop\Microsoft Office Word 2007.lnk [2010/12/07 08:12:14 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Katie\Desktop\HiJackThis.lnk [2010/12/06 14:25:06 | 000,019,782 | ---- | M] () -- C:\Documents and Settings\Katie\Desktop\Modern Accounting Systems.docx [2010/12/05 21:04:39 | 000,012,602 | ---- | M] () -- C:\Documents and Settings\Katie\Desktop\Week 5 Assignment.docx [2010/12/05 20:02:07 | 000,002,369 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VitalSource Bookshelf.lnk [2010/12/05 10:45:53 | 000,006,949 | ---- | M] () -- C:\Documents and Settings\All Users\lxdm [2010/12/04 23:28:18 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Katie\Local Settings\Application Data\housecall.guid.cache [2010/12/04 12:37:49 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk [2010/12/04 00:18:10 | 000,372,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/12/04 00:12:36 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe [2010/12/04 00:12:32 | 000,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winlogon.exe [2010/12/04 00:12:26 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [2010/12/03 16:58:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/12/03 09:48:07 | 000,086,526 | ---- | M] () -- C:\Documents and Settings\Katie\Desktop\Degree Progress Report.pdf [2010/12/03 09:46:41 | 000,014,203 | ---- | M] () -- C:\Documents and Settings\Katie\Desktop\Account Details.docx [2010/12/03 09:41:45 | 000,068,027 | ---- | M] () -- C:\Documents and Settings\Katie\Desktop\Class Schedule.pdf [2010/11/29 19:16:37 | 000,011,995 | ---- | M] () -- C:\Documents and Settings\Katie\My Documents\I have held my breath for too long.docx [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/11/12 16:23:18 | 000,059,796 | ---- | M] () -- C:\Documents and Settings\Katie\Desktop\pic.jpg [1 C:\Documents and Settings\Katie\*.tmp files -> C:\Documents and Settings\Katie\*.tmp -> ] [1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/12/07 15:24:13 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\Katie\Desktop\CleanMyPC - Registry Cleaner.lnk [2010/12/07 14:46:31 | 000,000,254 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job [2010/12/07 07:47:03 | 000,210,456 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/12/06 14:25:06 | 000,019,782 | ---- | C] () -- C:\Documents and Settings\Katie\Desktop\Modern Accounting Systems.docx [2010/12/05 21:04:39 | 000,012,602 | ---- | C] () -- C:\Documents and Settings\Katie\Desktop\Week 5 Assignment.docx [2010/12/04 23:25:56 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Katie\Local Settings\Application Data\housecall.guid.cache [2010/12/04 23:19:34 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Katie\Desktop\HiJackThis.lnk [2010/12/04 12:37:49 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk [2010/12/04 03:41:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/12/03 09:48:07 | 000,086,526 | ---- | C] () -- C:\Documents and Settings\Katie\Desktop\Degree Progress Report.pdf [2010/12/03 09:46:41 | 000,014,203 | ---- | C] () -- C:\Documents and Settings\Katie\Desktop\Account Details.docx [2010/12/03 09:41:45 | 000,068,027 | ---- | C] () -- C:\Documents and Settings\Katie\Desktop\Class Schedule.pdf [2010/11/29 19:16:37 | 000,011,995 | ---- | C] () -- C:\Documents and Settings\Katie\My Documents\I have held my breath for too long.docx [2010/11/12 16:24:23 | 000,059,796 | ---- | C] () -- C:\Documents and Settings\Katie\Desktop\pic.jpg [2010/07/04 10:23:30 | 000,189,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmcomm.sys [2010/07/04 10:23:30 | 000,059,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmactmon.sys [2010/07/04 10:23:30 | 000,051,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmevtmgr.sys [2010/01/30 12:57:39 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Katie\Application Data\Smiley.ico [2009/12/09 15:50:13 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\AscSQLite.dll [2009/11/03 20:20:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Katie\Local Settings\Application Data\prvlcl.dat [2009/10/21 14:29:14 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Katie\Local Settings\Application Data\fusioncache.dat [2009/09/08 08:53:31 | 000,000,230 | ---- | C] () -- C:\WINDOWS\WSOPDELX.INI [2009/09/08 08:50:54 | 000,000,027 | ---- | C] () -- C:\WINDOWS\VPWIN.INI [2009/08/25 11:13:44 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini [2009/08/10 12:31:14 | 000,000,222 | ---- | C] () -- C:\WINDOWS\BLSnapshot.ini [2009/06/19 12:36:33 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\StrataSIP.ini [2009/06/18 22:16:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdmvs.dll [2009/06/18 22:15:59 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdmcoin.dll [2009/06/18 22:15:26 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdmdrs.dll [2009/06/18 22:15:26 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdmcaps.dll [2009/06/18 22:15:25 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdmcnv4.dll [2009/06/18 22:14:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDMPMON.DLL [2009/06/18 22:14:55 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDMFXPU.DLL [2009/06/18 22:14:35 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdmoem.dll [2009/06/18 22:11:49 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\lxdmrwrd.ini [2009/06/18 22:11:35 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdminst.dll [2009/06/18 22:11:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdmgrd.dll [2009/01/24 23:02:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009/01/13 13:17:08 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI [2009/01/13 13:11:03 | 000,000,186 | ---- | C] () -- C:\WINDOWS\Ulead32.ini [2008/12/13 13:15:36 | 000,000,783 | ---- | C] () -- C:\WINDOWS\NTIWVEDT.INI [2008/11/19 13:10:03 | 000,068,096 | ---- | C] () -- C:\Documents and Settings\Katie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/08/18 17:11:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008/08/18 15:56:24 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIOFM4.dll [2008/08/18 15:56:24 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN5.dll [2008/08/18 15:55:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2008/08/18 15:55:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2008/08/18 15:37:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/06/30 03:20:40 | 000,007,492 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008/04/14 07:00:00 | 001,809,944 | ---- | C] () -- C:\WINDOWS\System32\wuaueng.dll [2008/04/14 07:00:00 | 000,092,696 | ---- | C] () -- C:\WINDOWS\System32\cdm.dll [2008/04/14 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2008/02/24 23:29:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/02/24 23:29:00 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008/02/24 23:29:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/02/24 23:29:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008/02/24 23:29:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll [2007/07/30 22:18:44 | 000,031,768 | ---- | C] () -- C:\WINDOWS\System32\wucltui.dll.mui [2007/07/30 22:18:14 | 000,018,456 | ---- | C] () -- C:\WINDOWS\System32\wuaueng.dll.mui [2005/03/28 02:45:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\ALaunch.ini [2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2009/01/17 16:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2C251 [2009/06/18 22:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5000 Series [2008/11/17 22:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications [2008/11/16 21:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus [2010/01/18 00:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video [2009/01/24 22:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe [2010/02/23 08:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LxThumbs [2008/11/15 16:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo [2008/12/28 14:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Music Coach [2009/01/19 10:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2010/09/14 12:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure [2009/02/10 15:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard [2010/01/28 20:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla! [2010/12/08 15:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/02/23 08:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R [2009/11/08 20:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2009/10/12 15:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent [2008/11/15 15:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2009/06/18 22:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\5000 Series [2010/12/07 15:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\Azureus [2010/05/20 10:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\FrostWire [2008/11/19 21:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\ICAClient [2009/10/30 14:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\Inbit [2010/04/08 08:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\LEGO Company [2009/06/18 22:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\Lexmark Productivity Studio [2009/10/06 14:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\LimeWire [2009/03/02 13:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\Music Coach [2010/12/07 14:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\Registry Mechanic [2009/07/27 19:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\Snapfish [2009/06/22 10:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\TeamViewer [2009/11/03 18:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\TestingRecorder [2009/11/08 19:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\Ulead Systems [2009/07/29 17:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\VTExtra [2010/04/16 09:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\webex [2010/12/07 14:46:32 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys < MD5 for: ATAPI.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/04/14 07:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: NETLOGON.DLL > [2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll [2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 < End of report >
  12. complikati
    I have searched high and low and don't know what to do. Two days ago I was online and all of a sudden these error boxes kept popping up saying that http:// (some weird foreign-looking website), could not be found. When I ex'ed out of it, a new browser window would open. It's been happening ever since. Now it's multiple pages at a time. I have done all the security scans, malware, etc, and it showed there were a few things, and said it got rid of them, but it still keeps happening. I have no idea what it is, I've never seen this before. Yesterday it would redirect to ask.com with that weird web address in the search page, now it just goes straight to my home page when the windows open up. I did the hijacker thing and I will post the log. Any ideas?? Thanks. I can also include a screenshot of the error message. When I x out of it, that's when my google homepage pops up. Also, it turns the blue bar and everything else that was blue into white. Like it reverts back to the basic setup look or something idk. Thanks for your help. Katie Screenshot2.doc
×
×
  • Create New...