clucky Posted July 22, 2010 Posted July 22, 2010 I had a screen pop saying that my machine was infected and do i want to run the anti virus. I have tried to close it down, but it just keeps poping up. It also prevents me from runing malwarebytes or superantispyware. I also tried a control + Alt + Delete to try to shut it down but it also blocks that. It also blocks access to the internet. I tried system restore, but it made no difference. I have ran the pc in safe mode with networking and this allows me to update and run the anti malware systems mentioned above. Initially it looks like it sorts the problem, but when you go back to normal mode, the same problem occurs. I have tried runing both applications a couple of times in a row (in safe mode) to see if this helps, but to no avail. Any idea how to get the pc back to normal. Quote
seedy21 Posted July 22, 2010 Posted July 22, 2010 run the anti-virus in safe mode again but you need turn the system restore points off and then back on then run another scan. This is where it is all hiding good luck Seedy102 Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
clucky Posted July 22, 2010 Author Posted July 22, 2010 how do you turn the system restore points on and off? Quote
clucky Posted July 22, 2010 Author Posted July 22, 2010 Just found were to turn system restore on and off. will run the malwarebytes and see what happens Quote
clucky Posted July 23, 2010 Author Posted July 23, 2010 run the anti-virus in safe mode again but you need turn the system restore points off and then back on then run another scan. This is where it is all hiding good luck Seedy102 Hi Seedy102, I ran malwarebytes and superantispyware in safe mode with system restore off. They picked up some malware, but when I return to normal mode, I am still blocked from windows explorer (even though I can access this in safe mode). Any other suggestions? Quote
seedy21 Posted July 23, 2010 Posted July 23, 2010 hmm what anti-virus software are you running ???? does it have a real-time scanner am out of ideas but starbuck is great with malware :P Seedy21 Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
RandyL Posted July 23, 2010 Posted July 23, 2010 As seedy21 said the malware team can probably sort this for you. There are are many possibilities but they can methodically sort it since the usual first steps seem to have failed. Malware. You either love it or hate it. It all depends on your attitude and patience. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
clucky Posted July 23, 2010 Author Posted July 23, 2010 hmm what anti-virus software are you running ???? does it have a real-time scanner am out of ideas but starbuck is great with malware :P Seedy21 I dont think I have anything with real time scanning. I just run malwarebyte and superantispyware every now and again. I think it used to have avg free on it. Quote
ExTS Admin Starbuck Posted July 23, 2010 ExTS Admin Posted July 23, 2010 Hi clucky, Sorry for the late response. Just one point i'd like to make: If you think you have malware Never turn off your restore points. Even a bad restore point is better than no restore point. If you don't use system restore.... the bad restore points won't make any difference to you. We always clean them at the end of the cleaning process anyway. Malware. You either love it or hate it. It all depends on your attitude and patience. Without it, i'm out of a job ... so keep it coming http://fc06.deviantart.com/fs4/i/2004/250/7/1/ROFL_by_b4sti.gif Ok, let's get to the bottom of this: Step 1 Please download exeHelper to your desktop. If your AV program throws up a warning about the program, ignore the warning. Some AV's flag this program because of how it works... that's all. Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. Post the contents of exehelperlog.txt ( Will be created in the directory where you ran exeHelper.com and should open at the end of the scan) Note : If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together ( they will both be in the one file ). Step 2 Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png Now copy the lines in bold below. netsvcs msconfig %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. In your next reply, please submit: exehelperlog.txt and both reports from OTL If the reports are too big to post, add them as attachments. Thanks. Quote Member of:UNITE
clucky Posted July 24, 2010 Author Posted July 24, 2010 exeHelper by Raktor Build 20100414 Run at 07:40:59 on 07/24/10 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- I will run OIL now Quote
clucky Posted July 24, 2010 Author Posted July 24, 2010 OTL logfile created on: 24/07/2010 07:53:46 - Run 1 OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Administrator.JENNIFER.000\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free Paging file location(s): C:\pagefile.sys 372 744 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 71.46 Gb Total Space | 45.89 Gb Free Space | 64.22% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JENNIFER Current User Name: Administrator Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Administrator.JENNIFER.000\Desktop\OTL.scr (OldTimer Tools) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Administrator.JENNIFER.000\Desktop\OTL.scr (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (KService) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.) SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe () SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (dlcf_device) -- C:\WINDOWS\System32\dlcfcoms.exe ( ) ========== Driver Services (SafeList) ========== DRV - (ZDPSp50) -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys File not found DRV - (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\System32\DRIVERS\zd1211Bu.sys File not found DRV - (WN4501HLFZZ(Technology Corporation)) 802.11g Wireless USB Adapter(Technology Corporation) -- C:\WINDOWS\System32\DRIVERS\O4501U.sys File not found DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found DRV - (SABProcEnum) -- C:\Program Files\Internet Explorer\SABProcEnum.sys File not found DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.) DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.) DRV - (se59obex) -- C:\WINDOWS\system32\drivers\se59obex.sys (MCCI) DRV - (se59mgmt) Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\se59mgmt.sys (MCCI) DRV - (se59mdm) -- C:\WINDOWS\system32\drivers\se59mdm.sys (MCCI) DRV - (se59mdfl) -- C:\WINDOWS\system32\drivers\se59mdfl.sys (MCCI) DRV - (se59bus) Sony Ericsson Device 089 driver (WDM) -- C:\WINDOWS\system32\drivers\se59bus.sys (MCCI) DRV - (se59nd5) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS) -- C:\WINDOWS\system32\drivers\se59nd5.sys (MCCI) DRV - (se59unic) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM) -- C:\WINDOWS\system32\drivers\se59unic.sys (MCCI) DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider) DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions) DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions) DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions) DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions) DRV - (ATHFMWDL) -- C:\WINDOWS\system32\drivers\Athfmwdl.sys (Windows ® 2000 DDK provider) DRV - (A5AGU) -- C:\WINDOWS\system32\drivers\A5AGU.sys (D-Link Corporation) DRV - (Jukebox3) -- C:\WINDOWS\system32\drivers\ctpdusb.sys (Creative Technology Ltd.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (Camdrv30) -- C:\WINDOWS\system32\drivers\camdrv30.sys (Microsoft Corporation) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Laptops, PCs, Desktop Computers, Monitors, Printers & PC Accessories | Dell UK IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Laptops, PCs, Desktop Computers, Monitors, Printers & PC Accessories | Dell UK IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [DLCFCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.DLL () O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe () O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.) O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [{30689C70-3B29-5DD6-2DB0-B2931B8E5205}] C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\Qaohf\uliri.exe (Uszil Uxzngel Krqunp) O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jennifer Hayden\Start Menu\Programs\IMVU\Run IMVU.lnk File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab (MessengerStatsClient Class) O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control) O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab (MessengerStatsClient Class) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab (ZoneIntro Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Java Plug-in Technology (Java Plug-in 1.4.2_03) O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 Unable to start service SrService! ========== Files/Folders - Created Within 30 Days ========== [2010/07/24 07:44:30 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.JENNIFER.000\Desktop\OTL.scr [2010/07/22 20:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\SUPERAntiSpyware.com [2010/07/20 19:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\Ekxyo [2010/07/20 05:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\Qaohf [2010/07/19 21:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\Malwarebytes [2010/07/19 21:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\Macromedia [2010/07/19 21:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\Adobe [2010/07/19 21:21:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\Microsoft [2010/07/19 21:21:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Application Data [2010/07/19 21:21:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Favorites [2010/07/19 21:21:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Cookies [2010/07/19 21:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\You've Got Pictures Screensaver [2010/07/19 21:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\Sun [2010/07/19 21:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\Identities [2010/07/19 21:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Local Settings\Application Data\Google [2010/07/19 21:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Desktop [2010/07/19 21:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\Corel [2010/07/19 21:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Local Settings\Application Data\ApplicationHistory [2010/07/19 21:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\AOL [2010/07/19 21:21:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\SendTo [2010/07/19 21:21:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Recent [2010/07/19 21:21:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Start Menu [2010/07/19 21:21:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\My Documents\My Pictures [2010/07/19 21:21:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\My Documents\My Music [2010/07/19 21:21:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\My Documents [2010/07/19 21:21:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Templates [2010/07/19 21:21:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\PrintHood [2010/07/19 21:21:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\NetHood [2010/07/19 21:21:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Local Settings [2010/07/19 21:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Local Settings\Application Data\Microsoft [2010/07/19 21:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030} [2010/07/19 20:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\atbbpfdcu [2010/07/19 20:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2010/07/19 20:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/07/17 15:48:08 | 000,000,000 | ---D | C] -- C:\Config.Msi [2010/07/17 07:13:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/07/14 06:39:02 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2006/03/22 11:35:20 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfserv.dll [2006/03/22 11:35:20 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfusb1.dll [2006/03/22 11:35:20 | 000,770,048 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfhbn3.dll [2006/03/22 11:35:20 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomc.dll [2006/03/22 11:35:20 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpmui.dll [2006/03/22 11:35:20 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcflmpm.dll [2006/03/22 11:35:20 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomm.dll [2006/03/22 11:35:20 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfprox.dll [2006/03/22 11:35:20 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpplc.dll [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/07/24 07:50:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.JENNIFER.000\Desktop\OTL.scr [2010/07/24 07:50:18 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Administrator.JENNIFER.000\NTUSER.DAT [2010/07/24 07:42:18 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\Administrator.JENNIFER.000\Desktop\exeHelper.url [2010/07/24 07:36:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/07/23 20:26:55 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator.JENNIFER.000\ntuser.ini [2010/07/23 20:26:53 | 003,712,656 | -H-- | M] () -- C:\Documents and Settings\Administrator.JENNIFER.000\Local Settings\Application Data\IconCache.db [2010/07/23 05:49:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/07/22 20:49:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/07/22 19:37:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/07/19 21:34:55 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/19 20:25:33 | 000,000,173 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI [2010/07/07 13:38:22 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/06/27 08:54:39 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job [2010/06/27 03:38:48 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Driver Robot.lnk [2010/06/24 20:04:25 | 000,507,308 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/06/24 20:04:25 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/06/24 20:04:25 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/07/24 07:42:18 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Administrator.JENNIFER.000\Desktop\exeHelper.url [2010/07/19 21:24:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/07/19 21:21:54 | 000,001,881 | ---- | C] () -- C:\Documents and Settings\Administrator.JENNIFER.000\Desktop\Spyware Protection from AOL.lnk [2010/07/19 21:21:54 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro X.lnk [2010/07/19 21:21:54 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk [2010/07/19 21:21:54 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010/07/19 21:21:54 | 000,000,612 | ---- | C] () -- C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL 9.0.lnk [2010/07/19 21:21:54 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2010/07/19 21:21:51 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator.JENNIFER.000\ntuser.ini [2010/07/19 21:21:50 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\Administrator.JENNIFER.000\NTUSER.DAT [2010/07/19 21:21:50 | 000,278,528 | -H-- | C] () -- C:\Documents and Settings\Administrator.JENNIFER.000\ntuser.dat.LOG [2010/07/19 20:25:33 | 000,000,173 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2008/02/11 10:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll [2008/02/11 10:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll [2008/02/08 14:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll [2008/01/14 18:24:37 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2007/07/27 15:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll [2007/07/27 15:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll [2007/04/05 14:06:09 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI [2007/04/05 13:55:58 | 000,000,151 | ---- | C] () -- C:\WINDOWS\Ulead32.ini [2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2006/10/16 21:30:21 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll [2006/03/28 20:14:41 | 000,006,372 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2006/03/28 20:14:41 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\BB605B101D.sys [2006/03/22 12:07:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/03/22 12:02:48 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006/03/22 11:55:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/03/22 11:35:20 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcfutil.dll [2006/03/22 11:35:20 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsb.dll [2006/03/22 11:35:20 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcfins.dll [2006/03/22 11:35:20 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcfjswr.dll [2006/03/22 11:35:20 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsr.dll [2006/03/22 11:35:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcfcub.dll [2006/03/22 11:35:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcfcu.dll [2006/03/22 11:35:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcfcfg.dll [2006/03/22 11:35:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcfvs.dll [2006/03/22 11:35:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcfcur.dll [2006/03/22 11:35:00 | 000,000,475 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/12/05 20:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll [2005/12/05 13:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll [2005/11/10 09:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005/08/31 13:11:14 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\dlcfplc.ini [2005/07/12 15:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL [2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/08/10 13:51:35 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2004/08/10 13:51:35 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2004/08/10 13:51:35 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2004/08/10 13:51:35 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2004/08/10 13:51:35 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2004/03/23 17:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2010/07/22 20:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\Ekxyo [2010/07/20 05:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\Qaohf [2009/12/02 15:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk [2008/08/26 20:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4 [2009/01/18 18:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo [2006/10/08 14:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin [2010/07/23 05:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki [2009/01/03 16:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier [2006/12/23 18:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst [2006/10/07 23:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games [2006/12/24 15:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2007/04/05 13:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2008/12/31 20:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2010/05/13 20:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/08/23 15:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010/06/27 08:54:39 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys [2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2009/01/07 16:23:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2009/01/07 16:23:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS [2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys [2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2009/01/07 16:23:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2009/01/07 16:23:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll [2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: IASTOR.SYS > [2005/04/25 14:28:14 | 000,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\dell\MEDIAEXE\RepFiles\iastor.sys < MD5 for: NETLOGON.DLL > [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll [2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll [2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010/05/04 18:20:32 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll [2010/05/04 18:20:33 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll [4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B99FE60 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:375A40C3 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D10517E < End of report > Quote
clucky Posted July 24, 2010 Author Posted July 24, 2010 OTL Extras logfile created on: 24/07/2010 07:53:46 - Run 1 OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Administrator.JENNIFER.000\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free Paging file location(s): C:\pagefile.sys 372 744 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 71.46 Gb Total Space | 45.89 Gb Free Space | 64.22% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JENNIFER Current User Name: Administrator Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found "C:\Documents and Settings\Jennifer Hayden\My Documents\CAM PiKS =D x\LimeWire\LimeWire.exe" = C:\Documents and Settings\Jennifer Hayden\My Documents\CAM PiKS =D x\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA "{162D2FB8-60A3-4871-B6A1-5C744CD34FF5}" = 725plc32 "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X "{1A36CF15-DF66-4756-9482-A9ABF3DDACE6}_is1" = Driver Robot "{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource "{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module "{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections "{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{9C8732C3-32DE-4569-9E90-30040D76DABC}" = Navman NavDesk 2008 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio "{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update "{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1 "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}" = CinepPlayer 30 Update "{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU "{D944236D-7992-41D6-8257-930B5832F1CC}" = Creative Zen Micro "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E7F56612-69F7-4F85-AD0B-B04B1C5BC3BD}" = Creative ZEN V Series (R2) "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3 "AudibleManager" = AudibleManager "AutoCAD 2008 - English" = AutoCAD 2008 - English "CCleaner" = CCleaner "Creative Jukebox Driver" = Creative Jukebox Driver "Creative Removable Disk Manager" = Creative Removable Disk Manager "Creative Software AutoUpdate" = Creative Software AutoUpdate "Dell Color Printer 725" = Dell Color Printer 725 "EsetOnlineScanner" = ESET Online Scanner "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MP3 Player Recovery Tool_is1" = MP3 Player Recovery Tool "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PROSet" = Intel® PRO Network Connections Drivers "RealPlayer 6.0" = RealPlayer Basic "SysInfo" = Creative System Information "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Companion" = Yahoo! Toolbar "YInstHelper" = Yahoo! Install Manager "ZENcast Organizer" = ZENcast Organizer ========== Last 10 Event Log Errors ========== Quote
clucky Posted July 24, 2010 Author Posted July 24, 2010 Please click one of the Quick Reply icons in the posts above to activate Quick Reply. Quote
clucky Posted July 24, 2010 Author Posted July 24, 2010 I have tried to post the second part of the Extras log file, but when I use quick reply, Internet explorer comes up as unable to display page? Quote
clucky Posted July 24, 2010 Author Posted July 24, 2010 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 19/07/2010 15:13:28 | Computer Name = JENNIFER | Source = Application Hang | ID = 1002 Description = Hanging application SUPERAntiSpyware.exe, version 4.26.0.1004, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 19/07/2010 15:13:35 | Computer Name = JENNIFER | Source = Application Hang | ID = 1002 Description = Hanging application SUPERAntiSpyware.exe, version 4.26.0.1004, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Quote
clucky Posted July 24, 2010 Author Posted July 24, 2010 Error - 19/07/2010 15:13:42 | Computer Name = JENNIFER | Source = Application Hang | ID = 1002 Description = Hanging application SUPERAntiSpyware.exe, version 4.26.0.1004, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 19/07/2010 15:13:47 | Computer Name = JENNIFER | Source = Application Hang | ID = 1002 Description = Hanging application SUPERAntiSpyware.exe, version 4.26.0.1004, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Quote
clucky Posted July 24, 2010 Author Posted July 24, 2010 Error - 19/07/2010 15:13:42 | Computer Name = JENNIFER | Source = Application Hang | ID = 1002 Description = Hanging application SUPERAntiSpyware.exe, version 4.26.0.1004, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 19/07/2010 15:13:47 | Computer Name = JENNIFER | Source = Application Hang | ID = 1002 Description = Hanging application SUPERAntiSpyware.exe, version 4.26.0.1004, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Quote
RandyL Posted July 24, 2010 Posted July 24, 2010 clucky I'm not sure what is going on here as to why quick reply isn't working for you. Can you add the Extras log file by clicking the blue button on the left that says "Add New Post"? Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
clucky Posted July 24, 2010 Author Posted July 24, 2010 I did not work with the add new post either Quote
ExTS Admin Starbuck Posted July 24, 2010 ExTS Admin Posted July 24, 2010 Hi clucky, It's ok i have enough information. Give me time to go through the reports and i'll get back to you ASAP. Quote Member of:UNITE
clucky Posted July 24, 2010 Author Posted July 24, 2010 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 19/07/2010 15:13:28 | Computer Name = JENNIFER | Source = Application Hang | ID = 1002 Description = Hanging application SUPERAntiSpyware.exe, version 4.26.0.1004, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 19/07/2010 15:13:35 | Computer Name = JENNIFER | Source = Application Hang | ID = 1002 Description = Hanging application SUPERAntiSpyware.exe, version 4.26.0.1004, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 19/07/2010 15:13:42 | Computer Name = JENNIFER | Source = Application Hang | ID = 1002 Description = Hanging application SUPERAntiSpyware.exe, version 4.26.0.1004, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 19/07/2010 15:13:47 | Computer Name = JENNIFER | Source = Application Hang | ID = 1002 Description = Hanging application SUPERAntiSpyware.exe, version 4.26.0.1004, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 19/07/2010 16:34:51 | Computer Name = JENNIFER | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established Error - 19/07/2010 16:34:52 | Computer Name = JENNIFER | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 22/07/2010 15:42:46 | Computer Name = JENNIFER | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established Error - 22/07/2010 15:42:47 | Computer Name = JENNIFER | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 22/07/2010 20:13:55 | Computer Name = JENNIFER | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established Error - 22/07/2010 20:13:55 | Computer Name = JENNIFER | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. [ System Events ] Error - 23/07/2010 15:17:11 | Computer Name = JENNIFER | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064} Error - 23/07/2010 15:26:54 | Computer Name = JENNIFER | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 24/07/2010 02:36:58 | Computer Name = JENNIFER | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 24/07/2010 02:36:58 | Computer Name = JENNIFER | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 24/07/2010 02:38:20 | Computer Name = JENNIFER | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL Error - 24/07/2010 02:38:59 | Computer Name = JENNIFER | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 24/07/2010 02:44:23 | Computer Name = JENNIFER | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 24/07/2010 02:46:52 | Computer Name = JENNIFER | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064} Error - 24/07/2010 02:54:05 | Computer Name = JENNIFER | Source = SRService | ID = 104 Description = The System Restore initialization process failed. Error - 24/07/2010 02:54:05 | Computer Name = JENNIFER | Source = Service Control Manager | ID = 7023 Description = The System Restore Service service terminated with the following error: %%2 < End of report > Quote
ExTS Admin Starbuck Posted July 24, 2010 ExTS Admin Posted July 24, 2010 Hi clucky, Looks like you have a little work to do. ;) Step 1 Click on start... control panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following: J2SE Runtime Environment 5.0 Update 3 Java SE Runtime Environment 6 Java 6 Update 3 Java 2 Runtime Environment, SE v1.4.2_03 These are old versions which should have been removed when Java was updated. Do not remove: Java 6 Update 11 for the time being. Reboot your system when completed. Step 2 Double click on OTL.exe to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :Otl O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O4 - HKCU..\Run: [{30689C70-3B29-5DD6-2DB0-B2931B8E5205}] C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\Qaohf\uliri.exe (Uszil Uxzngel Krqunp) O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jennifer Hayden\Start Menu\Programs\IMVU\Run IMVU.lnk File not found [2010/07/20 19:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\Ekxyo [2010/07/20 05:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\Qaohf [2010/07/19 20:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\atbbpfdcu @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B99FE60 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:375A40C3 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D10517E :commands [emptytemp] [purity] [RESETHOSTS] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 3 You are missing one important program on that computer: An antivirus. This is somewhat suicidal in today's digital world. You need to install an antivirus program as soon as you can and run a complete scan of the computer: Avira AntiVir Avast free MS Security Essentials ... see note* Install one of these, update the definitions and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove. Note*: Upon installation MS Security Essentials will check that your OS is a legal copy. In your next reply, please submit: Otl fix report and let me know if the Anti Virus scan found/removed anything Thanks. Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.