complikati Posted December 8, 2010 Posted December 8, 2010 Hello, I was told to run some programs and post the logs for those. My computer was having issues with multiple error boxes popping up with saying that (some foreign website) could not be opened, and whenever I would x out of it, it would open up a new browser. Here are the logs. Malware bytes log Malwarebytes' Anti-Malware 1.50 Malwarebytes Database version: 5271 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/8/2010 11:32:51 AM mbam-log-2010-12-08 (11-32-51).txt Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|) Objects scanned: 226351 Time elapsed: 1 hour(s), 5 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) OTL OTL Extras logfile created on: 12/8/2010 3:37:47 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Katie\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 894.00 Mb Total Physical Memory | 270.00 Mb Available Physical Memory | 30.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free Paging file location(s): C:\pagefile.sys 1500 2500 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 69.30 Gb Total Space | 42.63 Gb Free Space | 61.51% Space Free | Partition Type: NTFS Drive D: | 69.99 Gb Total Space | 69.56 Gb Free Space | 99.39% Space Free | Partition Type: NTFS Computer Name: EMACHINE-61B2A0 | User Name: Katie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = � "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe" = C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:*:Enabled:BackupSvc.exe -- (NewTech InfoSystems, Inc.) "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe" = C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:*:Enabled:SchedulerSvc.exe -- () "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" = C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:*:Enabled:AgentSvc.exe -- (NewTech Infosystems, Inc.) "C:\WINDOWS\system32\lxdmcoms.exe" = C:\WINDOWS\system32\lxdmcoms.exe:*:Enabled:5000 Series Server -- ( ) "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- File not found "C:\Program Files\Lexmark 5000 Series\frun.exe" = C:\Program Files\Lexmark 5000 Series\frun.exe:*:Enabled:Printing Application -- () "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found "C:\Program Files\Blubster\Blubster.exe" = C:\Program Files\Blubster\Blubster.exe:*:Enabled:Blubster -- File not found "C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- File not found "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found "C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe" = C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe:*:Enabled:CoDMP -- File not found "C:\Program Files\Lexmark 5000 Series\lxdmmon.exe" = C:\Program Files\Lexmark 5000 Series\lxdmmon.exe:*:Enabled:Printer Device Monitor -- () "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmpswx.exe:*:Enabled:Printer Status Window Interface -- () "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmtime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.) "C:\Program Files\Lexmark 5000 Series\LXDMFax.exe" = C:\Program Files\Lexmark 5000 Series\LXDMFax.exe:*:Enabled:Fax Solutions Software -- () "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmjswx.exe:*:Enabled:Job Status Window Interface -- () "C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation) "C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation) "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator -- File not found "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found "C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07D4A7C5-C55C-45B5-9E86-D8068D25EF40}" = Fast Track USB "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{141F2872-D2F9-4A89-95D3-E222D1CBCC56}" = Vz In Home Agent "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 17 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}" = Ulead Photo Express 5 SE "{31C2F32D-C5DD-4583-8181-B48591CA231C}" = RapidPlayer v5.0 ActiveX Control "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C5F1B30-B10B-4579-86DD-D00F662E1033}" = Nero 8 "{3E981E45-833E-44C4-AB75-3668AA77F8EC}" = Adobe Flash Media Live Encoder 3 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{48CBDC47-435F-4C41-B0A4-7C397C649FBE}" = FlashWindow Library for Instant Access "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{569E6C05-AFFA-4C58-BFB6-B289203572CD}" = VIPdesk Scan Utility "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam "{643DDB7A-E108-40B2-BE77-5FFD50F83CA5}" = ArcSoft VideoImpression 2 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E7BE43A-2789-4901-A644-7B9FD82E352C}" = VitalSource Bookshelf "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2 "{B1C0D829-FE30-059E-E93F-CDC7A48235C0}" = FlipShare "{BA3582A0-2DE0-4DB8-8B74-CD34AC193F9B}_is1" = Computer Requirements 1.0 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic "{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only) "8461-7759-5462-8226" = Vuze "ActiveTouchMeetingClient" = WebEx "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem "CCleaner" = CCleaner "CleanMyPC - Registry Cleaner_is1" = CleanMyPC - Registry Cleaner "ENTERPRISE" = Microsoft Office Enterprise 2007 "Google Desktop" = Google Desktop "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie8" = Windows Internet Explorer 8 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "Lexmark 5000 Series" = Lexmark 5000 Series "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Verizon Help and Support" = Verizon Help and Support Tool "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Media Player" = Move Media Player "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/4/2010 1:40:03 AM | Computer Name = EMACHINE-61B2A0 | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 12/4/2010 2:04:01 AM | Computer Name = EMACHINE-61B2A0 | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x00023825. Error - 12/4/2010 3:31:47 PM | Computer Name = EMACHINE-61B2A0 | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x00023825. Error - 12/4/2010 8:30:08 PM | Computer Name = EMACHINE-61B2A0 | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x00023825. Error - 12/4/2010 10:55:35 PM | Computer Name = EMACHINE-61B2A0 | Source = Application Error | ID = 1001 Description = Fault bucket 792100092. Error - 12/5/2010 2:20:14 AM | Computer Name = EMACHINE-61B2A0 | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x00023825. Error - 12/5/2010 12:40:54 PM | Computer Name = EMACHINE-61B2A0 | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x00023825. Error - 12/5/2010 12:42:42 PM | Computer Name = EMACHINE-61B2A0 | Source = Application Error | ID = 1001 Description = Fault bucket 792100092. Error - 12/7/2010 5:27:51 PM | Computer Name = EMACHINE-61B2A0 | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x00023825. Error - 12/7/2010 5:28:26 PM | Computer Name = EMACHINE-61B2A0 | Source = Application Error | ID = 1001 Description = Fault bucket 792100092. [ OSession Events ] Error - 11/19/2010 12:53:05 AM | Computer Name = EMACHINE-61B2A0 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5062 seconds with 240 seconds of active time. This session ended with a crash. [ System Events ] Error - 12/8/2010 4:17:48 PM | Computer Name = EMACHINE-61B2A0 | Source = Service Control Manager | ID = 7034 Description = The NTI Backup Now 5 Scheduler Service service terminated unexpectedly. It has done this 1 time(s). Error - 12/8/2010 4:17:48 PM | Computer Name = EMACHINE-61B2A0 | Source = Service Control Manager | ID = 7034 Description = The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s). Error - 12/8/2010 4:17:49 PM | Computer Name = EMACHINE-61B2A0 | Source = Service Control Manager | ID = 7034 Description = The Trend Micro Central Control Component service terminated unexpectedly. It has done this 1 time(s). Error - 12/8/2010 4:17:49 PM | Computer Name = EMACHINE-61B2A0 | Source = Service Control Manager | ID = 7034 Description = The Trend Micro Proxy Service service terminated unexpectedly. It has done this 1 time(s). Error - 12/8/2010 4:17:50 PM | Computer Name = EMACHINE-61B2A0 | Source = Service Control Manager | ID = 7034 Description = The Trend Micro Personal Firewall service terminated unexpectedly. It has done this 1 time(s). Error - 12/8/2010 4:18:20 PM | Computer Name = EMACHINE-61B2A0 | Source = Service Control Manager | ID = 7034 Description = The Trend Micro Unauthorized Change Prevention Service service terminated unexpectedly. It has done this 1 time(s). Error - 12/8/2010 4:26:21 PM | Computer Name = EMACHINE-61B2A0 | Source = Service Control Manager | ID = 7023 Description = The Network Security service terminated with the following error: %%126 Error - 12/8/2010 4:26:21 PM | Computer Name = EMACHINE-61B2A0 | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the lxdmCATSCustConnectService service to connect. Error - 12/8/2010 4:26:21 PM | Computer Name = EMACHINE-61B2A0 | Source = Service Control Manager | ID = 7000 Description = The lxdmCATSCustConnectService service failed to start due to the following error: %%1053 Error - 12/8/2010 4:27:46 PM | Computer Name = EMACHINE-61B2A0 | Source = Service Control Manager | ID = 7022 Description = The Automatic Updates service hung on starting. OTL logfile created on: 12/8/2010 3:37:47 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Katie\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 894.00 Mb Total Physical Memory | 270.00 Mb Available Physical Memory | 30.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free Paging file location(s): C:\pagefile.sys 1500 2500 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 69.30 Gb Total Space | 42.63 Gb Free Space | 61.51% Space Free | Partition Type: NTFS Drive D: | 69.99 Gb Total Space | 69.56 Gb Free Space | 99.39% Space Free | Partition Type: NTFS Computer Name: EMACHINE-61B2A0 | User Name: Katie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Katie\Desktop\OTL.scr (OldTimer Tools) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe () PRC - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe () PRC - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe () PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe () PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe () PRC - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent) PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe () PRC - C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe (CleanMyPC Software) PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems) PRC - C:\WINDOWS\system32\lxdmcoms.exe ( ) PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\WINDOWS\vVX1000.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Katie\Desktop\OTL.scr (OldTimer Tools) MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Alcatel-Lucent) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (6to4) -- C:\WINDOWS\System32\6to4v32.dll File not found SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe () SRV - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe () SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe () SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe () SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe () SRV - (GoogleDesktopManager-022208-143751) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (NTIBackupSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (NTISchedulerSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems) SRV - (lxdm_device) -- C:\WINDOWS\System32\lxdmcoms.exe ( ) SRV - (lxdmCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdmserv.exe () SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (SymIMMP) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys File not found DRV - (SymIM) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys File not found DRV - (NTIDrvr) -- C:\Acer\Empowering Technology\eRecovery\NTIDrvr.sys File not found DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found DRV - (MAUSBML) Service for M-Audio Micro (WDM) -- C:\WINDOWS\System32\DRIVERS\mausbmr.sys File not found DRV - (DCamUSBVeo532) -- C:\WINDOWS\System32\Drivers\ubVeo532.sys File not found DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys () DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.) DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.) DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.) DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys () DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys () DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.) DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.) DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (urvpndrv) -- C:\WINDOWS\system32\drivers\covpndrv.sys (F5 Networks, Corp.) DRV - (f5ipfw) -- C:\WINDOWS\system32\drivers\urfltw2k.sys (F5 Networks) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (UBHelper) -- C:\WINDOWS\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (VX1000) -- C:\WINDOWS\system32\drivers\VX1000.sys (Microsoft Corporation) DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.) DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, Unterhaltung, Nachrichten, Sport, Jobs, Immobilien und mehr bei MSN AT IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = {searchTerms} - Google Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin File not found [2010/09/14 12:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\Mozilla\Extensions [2009/04/18 12:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\Mozilla\Extensions\mozswing@mozswing.org O1 HOSTS File: ([2009/10/29 09:48:24 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [bkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LaunchApp] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [ufSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe () O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent) O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation) O4 - HKCU..\Run: [Registry Cleaner Scheduler] C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe (CleanMyPC Software) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) F3 - HKCU WinNT: Load - (???�?) - File not found F3 - HKCU WinNT: Run - (???�?) - File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O15 - HKCU\..Trusted Domains: acddirect.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: callswithoutwalls.com ([training] https in Trusted sites) O15 - HKCU\..Trusted Domains: callswithoutwalls.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: virtualacd.biz ([www] http in Trusted sites) O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} https://content10.ilinc.com/download/AXCltInstall.dll (ILINCInstall102 Class) O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://dcode.support.microsoft.com/dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://a1fp1.alpineaccess.com/vdesk/terminal/urxvpn.cab#version=6030,2009,327,1607 (F5 Networks VPN Manager) O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} http://www.newhomebasedccr.com/test/PlaNetSysInfo.cab (PlaNet SysInfo Class) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia) O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://a1fp1.alpineaccess.com/vdesk/terminal/f5tunsrv.cab#version=6030,2009,327,1558 (F5 Networks Dynamic Application Tunnel Control) O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://a1fp1.alpineaccess.com/vdesk/terminal/InstallerControl.cab (F5 Networks Auto Update) O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/54.16/uploader2.cab (UploadListView Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278275794062 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278275711781 (MUWebControl Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} Seite nicht gefunden | Facebook (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.0.12 O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found O24 - Desktop WallPaper: C:\Documents and Settings\Katie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Katie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/08/18 15:37:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3c421c8e-f843-11de-ade9-001d72a65ae8}\Shell\AutoRun\command - "" = H:\Setup_FlipShare.exe -- File not found O33 - MountPoints2\{3c421c8e-f843-11de-ade9-001d72a65ae8}\Shell\Setup FlipShare\command - "" = H:\Setup_FlipShare.exe -- File not found O33 - MountPoints2\{53d7f459-ed09-11de-ade3-001d72a65ae8}\Shell - "" = AutoRun O33 - MountPoints2\{53d7f459-ed09-11de-ade3-001d72a65ae8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{53d7f459-ed09-11de-ade3-001d72a65ae8}\Shell\AutoRun\command - "" = E:\DPFMate.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - C:\WINDOWS\System32\6to4v32.dll File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point (69537929998893056) ========== Files/Folders - Created Within 30 Days ========== [2010/12/08 15:36:25 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Katie\Desktop\OTL.scr [2010/12/08 15:17:04 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Katie\Desktop\TFC.exe [2010/12/08 08:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe [2010/12/07 15:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\CleanMyPC [2010/12/07 14:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katie\Application Data\Registry Mechanic [2010/12/07 13:52:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Katie\Recent [2010/12/07 08:06:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS [2010/12/05 01:00:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Service [2010/12/04 12:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe [2010/12/04 01:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2010/12/04 01:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2010/12/04 00:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/12/04 00:28:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/12/04 00:12:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server [2009/06/18 22:11:35 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmhcp.dll [2009/06/18 22:11:34 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmserv.dll [2009/06/18 22:11:34 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmusb1.dll [2009/06/18 22:11:34 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdminpa.dll [2009/06/18 22:11:34 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmiesc.dll [2009/06/18 22:11:33 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmpmui.dll [2009/06/18 22:11:33 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmlmpm.dll [2009/06/18 22:11:33 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmprox.dll [2009/06/18 22:11:32 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmhbn3.dll [2009/06/18 22:11:31 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcomc.dll [2009/06/18 22:11:31 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcomm.dll [1 C:\Documents and Settings\Katie\*.tmp files -> C:\Documents and Settings\Katie\*.tmp -> ] [1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/12/08 15:36:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Katie\Desktop\OTL.scr [2010/12/08 15:34:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/12/08 15:30:25 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/12/08 15:30:25 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/12/08 15:26:28 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/12/08 15:26:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/12/08 15:26:03 | 937,938,944 | -HS- | M] () -- C:\hiberfil.sys [2010/12/08 15:17:04 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Katie\Desktop\TFC.exe [2010/12/08 10:20:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/12/07 15:24:13 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\Katie\Desktop\CleanMyPC - Registry Cleaner.lnk [2010/12/07 15:07:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/12/07 14:46:32 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job [2010/12/07 14:28:13 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010/12/07 12:51:18 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2010/12/07 08:53:38 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Katie\Desktop\Microsoft Office Word 2007.lnk [2010/12/07 08:12:14 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Katie\Desktop\HiJackThis.lnk [2010/12/06 14:25:06 | 000,019,782 | ---- | M] () -- C:\Documents and Settings\Katie\Desktop\Modern Accounting Systems.docx [2010/12/05 21:04:39 | 000,012,602 | ---- | M] () -- C:\Documents and Settings\Katie\Desktop\Week 5 Assignment.docx [2010/12/05 20:02:07 | 000,002,369 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VitalSource Bookshelf.lnk [2010/12/05 10:45:53 | 000,006,949 | ---- | M] () -- C:\Documents and Settings\All Users\lxdm [2010/12/04 23:28:18 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Katie\Local Settings\Application Data\housecall.guid.cache [2010/12/04 12:37:49 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk [2010/12/04 00:18:10 | 000,372,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/12/04 00:12:36 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe [2010/12/04 00:12:32 | 000,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winlogon.exe [2010/12/04 00:12:26 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [2010/12/03 16:58:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/12/03 09:48:07 | 000,086,526 | ---- | M] () -- C:\Documents and Settings\Katie\Desktop\Degree Progress Report.pdf [2010/12/03 09:46:41 | 000,014,203 | ---- | M] () -- C:\Documents and Settings\Katie\Desktop\Account Details.docx [2010/12/03 09:41:45 | 000,068,027 | ---- | M] () -- C:\Documents and Settings\Katie\Desktop\Class Schedule.pdf [2010/11/29 19:16:37 | 000,011,995 | ---- | M] () -- C:\Documents and Settings\Katie\My Documents\I have held my breath for too long.docx [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/11/12 16:23:18 | 000,059,796 | ---- | M] () -- C:\Documents and Settings\Katie\Desktop\pic.jpg [1 C:\Documents and Settings\Katie\*.tmp files -> C:\Documents and Settings\Katie\*.tmp -> ] [1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/12/07 15:24:13 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\Katie\Desktop\CleanMyPC - Registry Cleaner.lnk [2010/12/07 14:46:31 | 000,000,254 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job [2010/12/07 07:47:03 | 000,210,456 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/12/06 14:25:06 | 000,019,782 | ---- | C] () -- C:\Documents and Settings\Katie\Desktop\Modern Accounting Systems.docx [2010/12/05 21:04:39 | 000,012,602 | ---- | C] () -- C:\Documents and Settings\Katie\Desktop\Week 5 Assignment.docx [2010/12/04 23:25:56 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Katie\Local Settings\Application Data\housecall.guid.cache [2010/12/04 23:19:34 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Katie\Desktop\HiJackThis.lnk [2010/12/04 12:37:49 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk [2010/12/04 03:41:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/12/03 09:48:07 | 000,086,526 | ---- | C] () -- C:\Documents and Settings\Katie\Desktop\Degree Progress Report.pdf [2010/12/03 09:46:41 | 000,014,203 | ---- | C] () -- C:\Documents and Settings\Katie\Desktop\Account Details.docx [2010/12/03 09:41:45 | 000,068,027 | ---- | C] () -- C:\Documents and Settings\Katie\Desktop\Class Schedule.pdf [2010/11/29 19:16:37 | 000,011,995 | ---- | C] () -- C:\Documents and Settings\Katie\My Documents\I have held my breath for too long.docx [2010/11/12 16:24:23 | 000,059,796 | ---- | C] () -- C:\Documents and Settings\Katie\Desktop\pic.jpg [2010/07/04 10:23:30 | 000,189,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmcomm.sys [2010/07/04 10:23:30 | 000,059,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmactmon.sys [2010/07/04 10:23:30 | 000,051,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmevtmgr.sys [2010/01/30 12:57:39 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Katie\Application Data\Smiley.ico [2009/12/09 15:50:13 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\AscSQLite.dll [2009/11/03 20:20:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Katie\Local Settings\Application Data\prvlcl.dat [2009/10/21 14:29:14 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Katie\Local Settings\Application Data\fusioncache.dat [2009/09/08 08:53:31 | 000,000,230 | ---- | C] () -- C:\WINDOWS\WSOPDELX.INI [2009/09/08 08:50:54 | 000,000,027 | ---- | C] () -- C:\WINDOWS\VPWIN.INI [2009/08/25 11:13:44 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini [2009/08/10 12:31:14 | 000,000,222 | ---- | C] () -- C:\WINDOWS\BLSnapshot.ini [2009/06/19 12:36:33 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\StrataSIP.ini [2009/06/18 22:16:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdmvs.dll [2009/06/18 22:15:59 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdmcoin.dll [2009/06/18 22:15:26 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdmdrs.dll [2009/06/18 22:15:26 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdmcaps.dll [2009/06/18 22:15:25 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdmcnv4.dll [2009/06/18 22:14:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDMPMON.DLL [2009/06/18 22:14:55 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDMFXPU.DLL [2009/06/18 22:14:35 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdmoem.dll [2009/06/18 22:11:49 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\lxdmrwrd.ini [2009/06/18 22:11:35 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdminst.dll [2009/06/18 22:11:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdmgrd.dll [2009/01/24 23:02:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009/01/13 13:17:08 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI [2009/01/13 13:11:03 | 000,000,186 | ---- | C] () -- C:\WINDOWS\Ulead32.ini [2008/12/13 13:15:36 | 000,000,783 | ---- | C] () -- C:\WINDOWS\NTIWVEDT.INI [2008/11/19 13:10:03 | 000,068,096 | ---- | C] () -- C:\Documents and Settings\Katie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/08/18 17:11:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008/08/18 15:56:24 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIOFM4.dll [2008/08/18 15:56:24 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN5.dll [2008/08/18 15:55:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2008/08/18 15:55:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2008/08/18 15:37:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/06/30 03:20:40 | 000,007,492 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008/04/14 07:00:00 | 001,809,944 | ---- | C] () -- C:\WINDOWS\System32\wuaueng.dll [2008/04/14 07:00:00 | 000,092,696 | ---- | C] () -- C:\WINDOWS\System32\cdm.dll [2008/04/14 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2008/02/24 23:29:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/02/24 23:29:00 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008/02/24 23:29:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/02/24 23:29:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008/02/24 23:29:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll [2007/07/30 22:18:44 | 000,031,768 | ---- | C] () -- C:\WINDOWS\System32\wucltui.dll.mui [2007/07/30 22:18:14 | 000,018,456 | ---- | C] () -- C:\WINDOWS\System32\wuaueng.dll.mui [2005/03/28 02:45:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\ALaunch.ini [2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2009/01/17 16:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2C251 [2009/06/18 22:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5000 Series [2008/11/17 22:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications [2008/11/16 21:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus [2010/01/18 00:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video [2009/01/24 22:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe [2010/02/23 08:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LxThumbs [2008/11/15 16:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo [2008/12/28 14:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Music Coach [2009/01/19 10:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2010/09/14 12:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure [2009/02/10 15:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard [2010/01/28 20:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla! [2010/12/08 15:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/02/23 08:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R [2009/11/08 20:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2009/10/12 15:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent [2008/11/15 15:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2009/06/18 22:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\5000 Series [2010/12/07 15:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\Azureus [2010/05/20 10:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\FrostWire [2008/11/19 21:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\ICAClient [2009/10/30 14:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\Inbit [2010/04/08 08:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\LEGO Company [2009/06/18 22:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\Lexmark Productivity Studio [2009/10/06 14:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\LimeWire [2009/03/02 13:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\Music Coach [2010/12/07 14:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\Registry Mechanic [2009/07/27 19:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\Snapfish [2009/06/22 10:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\TeamViewer [2009/11/03 18:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\TestingRecorder [2009/11/08 19:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\Ulead Systems [2009/07/29 17:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\VTExtra [2010/04/16 09:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katie\Application Data\webex [2010/12/07 14:46:32 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys < MD5 for: ATAPI.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/04/14 07:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: NETLOGON.DLL > [2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll [2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 < End of report > Quote
Starbuck Posted December 9, 2010 Posted December 9, 2010 Hi complikati, Recommendation. Nobody really needs a registry cleaner on their system. I doubt you could find one staff member here that would recommend one. They can cause more problems than you can imagine. I recommend you remove: CleanMyPC - Registry Cleaner There has been a lot of P2P traffic on this system: P2P Warning Please note that as long as you're using any form of Peer-to-Peer networking ( Limewire, Bit Torrent, Vuze etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur. Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme. Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use. When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections. You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation. If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you. Step 1 Double click on OTL.exe to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :Otl FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr @mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin File not found O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [LaunchApp] File not found F3 - HKCU WinNT: Load - (?????) - File not found F3 - HKCU WinNT: Run - (?????) - File not found O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.) O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found O33 - MountPoints2\{3c421c8e-f843-11de-ade9-001d72a65ae8}\Shell\AutoRun\command - "" = H:\Setup_FlipShare.exe -- File not found O33 - MountPoints2\{3c421c8e-f843-11de-ade9-001d72a65ae8}\Shell\Setup FlipShare\command - "" = H:\Setup_FlipShare.exe -- File not found O33 - MountPoints2\{53d7f459-ed09-11de-ade3-001d72a65ae8}\Shell - "" = AutoRun O33 - MountPoints2\{53d7f459-ed09-11de-ade3-001d72a65ae8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{53d7f459-ed09-11de-ade3-001d72a65ae8}\Shell\AutoRun\command - "" = E:\DPFMate.exe -- File not found @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 :Files ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 2 Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif This is an example, you may rename ComboFix to anything you want. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix. For more information read: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Then: Double click on Combo-Fix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If running Vista, you may not see this screen Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v708/starbuck50/cf1.png Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. In your next reply, please submit: Otl fix report Combofix.txt Thanks. Quote Member of:UNITE
complikati Posted December 9, 2010 Author Posted December 9, 2010 Reply to previous post with new logs Thanks for the info! I deleted Vuze, and I previously deleted Limewire and all those sites, but I still have the folders with the music in it, is it ok to keep that or should I get rid of those too? I've had them for quite awhile but if I need to I will get rid of them. I also got rid of the registry cleaner as you suggested. So I did these new scans that you posted in your reply. The logs are attached. I don't know if it was suppose to fix anything yet but I am still getting the same pop up error boxes (cannot find http://(foreign symbols) website) whenever I go into any web page. However, I am not getting the messages on startup that I used to, which was pretty much the same message as above. I have a screenshot of this error box in the first post that I posted. If you need it I can send it to you. But anyway, thanks for ALL your help so far! Katielog2.txtlog2a.txt Quote
Starbuck Posted December 10, 2010 Posted December 10, 2010 Hi complikati, I deleted Vuze http://fc07.deviantart.com/images3/i/2004/146/9/1/Two_thumbs_up.gif but I still have the folders with the music in it, is it ok to keep that or should I get rid of those too? Keep them for the time being. A later scan that we'll run will check all of the folders, so as long as the files aren't infected you'll be ok. I don't know if it was suppose to fix anything yet but I am still getting the same pop up error boxes Some infections have been removed, Combofix gave a warning that we must check out. Warning: possible TDL3 rootkit infection ! Also, this is not good: c:\windows\system32\winlogon.exe . . . is infected!! c:\windows\explorer.exe . . . is infected!! Let's see if we can do this the easy way. Step 1 Download TDSSKiller and save it to your Desktop. Extract its contents to your desktop. Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan. http://img.photobucket.com/albums/v708/starbuck50/new/tdss1.png If an infected file is detected, the default action will be Cure, click on Continue. http://img.photobucket.com/albums/v708/starbuck50/new/tdss2.png If a suspicious file is detected, the default action will be Skip, click on Continue. http://img.photobucket.com/albums/v708/starbuck50/new/tdss3.png It may ask you to reboot the computer to complete the process. Click on Reboot Now. http://img.photobucket.com/albums/v708/starbuck50/new/tdss4.png If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here. If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file in your next reply. Step 2 After running TDSSKiller, please run another Combofix scan. If CF says do you want to install any update .... let it. In your next reply, please submit: TDSSKiller report New Combofix.txt Thanks. Quote Member of:UNITE
complikati Posted December 10, 2010 Author Posted December 10, 2010 More Logs for you! Ok, I did the scans, and ever since I restarted the computer (fingers crossed!) I haven't had anything pop up. But you never know with these wacky computers!! Here are the logs you requested. Thanks again for your help, you have been incredible! KatieTDS.txtCFix.txt Quote
Starbuck Posted December 11, 2010 Posted December 11, 2010 Hi complikati, Detected object count: 1 \HardDisk0 - will be cured after reboot Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure Deinitialize success That's what we wanted to see. http://fc07.deviantart.com/images3/i/2004/146/9/1/Two_thumbs_up.gif Just the winlogon file to sort out. Let's see if this program to sort out the problem for us. If it doesn't, do you have access to Win XP installation disc? ( just in case we need one) Download Drweb-cureit to the desktop: Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan. This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, select Complete scan. Click the green arrow http://i154.photobucket.com/albums/s258/evilfantasy69/drweb.jpg at the right, and the scan will start. Click Yes to all if it asks if you want to cure/move the file. When the scan has finished, in the menu, click File and choose Save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot. Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report. NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner. Please be aware this scan can take quite a long time to run, so don't sit and wait for it. :) Thanks Quote Member of:UNITE
complikati Posted December 12, 2010 Author Posted December 12, 2010 Drweb I tried the link for drweb but it wouldn't connect to it. Is there another link I could try? Also, I haven't had any problems since the last scans I did, is it possible the computer got cured after those last scans? I still want to be sure, so I would still like to download the drweb if there is an available link. Thank you SOOOO much, you have been a wonderful help!! Katie Quote
RandyL Posted December 12, 2010 Posted December 12, 2010 Hi. The link is a direct download link. I'm wondering if maybe you didn't notice the notification bar asking if you want to allow the download. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
complikati Posted December 12, 2010 Author Posted December 12, 2010 Drweb I didn't see anything pop up when I clicked the link. I went to the drweb site and tried to dl it from there and I did see the bar pop up on that one, so I clicked "download file", and it just redirected me back to the homepage. For some reason I am not able to download it...any suggestions? Thanks! Katie Quote
Starbuck Posted December 14, 2010 Posted December 14, 2010 Hi Katie, Try this link: Download Dr.WEB CureIt! 6.00.5 [14.12.2010] Free - Anti-virus and anti-spyware scanner based on the Dr.WEB engine - Softpedia Quote Member of:UNITE
complikati Posted December 14, 2010 Author Posted December 14, 2010 Still won't work Maybe I'm just not meant to download this program lol. I went to the website and clicked on that link and it just kept going to a page that said internet explorer cannot view this page or something like that. I'm not quite sure what to do. I don't want to take the chance of just leaving it the way it is (the computer is still working fine), if there is something wrong with it still. I will try those links again. Katie Quote
Starbuck Posted December 15, 2010 Posted December 15, 2010 Hi Katie, I went to the website and clicked on that link and it just kept going to a page that said internet explorer cannot view this page or something like that. Try a different browser, my favourite is: Firefox It will give you an option when it's run for the first time , to copy over your Internet Explorer settings ..... ignore this and don't let it copy over anything. Quote Member of:UNITE
complikati Posted December 15, 2010 Author Posted December 15, 2010 What the heck? I took your advice and downloaded firefox...it did the same thing. I tried both links and one time it did download, but I cannot find it anywhere on my computer. My antivirus also detected 2 possible trojans when I downloaded it. I don't know why I am not able to successfully download it. I hope I haven't messed up my computer again. Do you think I should just leave it alone for now since it's been working again? Thanks for your help and advice... Katie Quote
Starbuck Posted December 16, 2010 Posted December 16, 2010 Hi Katie, one time it did download, but I cannot find it anywhere on my computer. 2 things here: 1. When Dr Web CureIt downloads, it doesn't use that name, it uses a random name. ( this is to fool any malware) I just tried this link: Download starting... - Softpedia and it downloads a file called 'launch.exe'. So if you are looking for a file called Dr Web, you probably won't find it. 2. Make sure that all downloads are saved to the 'Desktop' .... they're easier to find then. If using Firefox .... Start Firefox, then click on Tools >> Options >> General Tab. Make sure that Save files to..... is set for Desktop If it's not, use the browse button at the side to select Desktop then click Ok. My antivirus also detected 2 possible trojans when I downloaded it. Some AV's may detect trojans within Dr Web CureIt. It's perfectly safe ... it's because of how it works that it may get flagged. Either ignore the warnings or turn off your AV whilst trying to download it. Do you think I should just leave it alone for now since it's been working again? I'd really like to make sure that we have everything. You can't be too careful. If you still have problems downloading the file ..... do you have another system that you could download it to and then transfer the file to your system by way of a usb stick or cd? The Dr Web is always the latest version, so it doesn't need updating. Quote Member of:UNITE
complikati Posted December 19, 2010 Author Posted December 19, 2010 I finally got it to work! I finally got it to download! For some reason it isn't letting me upload the file. I will paste what was in the log, it was just this: hlp.dat;C:\Documents and Settings\All Users\Documents\Server;Trojan.Hottrend.29;Deleted.;RadEditor_v3[1].js;C:\Documents and Settings\Katie\Local Settings\Temporary Internet Files\Content.IE5\LWEF6W1N;Probably SCRIPT.Virus;;A0001937.ocx;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP6;Adware.Coupons.34;;A0007033.dll;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP8;Probably DLOADER.Trojan;; I hope I got rid of them, I selected and then clicked cure, is there anything else I need to do? Thanks. Katie Quote
Starbuck Posted December 20, 2010 Posted December 20, 2010 Hi Katie, I finally got it to download! Nice one. http://fc07.deviantart.com/images3/i/2004/146/9/1/Two_thumbs_up.gif Seems Eset cleaned up a few leftovers. The rest of what was found are in your restore points .... which isn't too bad as we always clear these when we have finished. Is everything still running ok? if so, we'll start to finish off the cleaning process. Quote Member of:UNITE
complikati Posted December 21, 2010 Author Posted December 21, 2010 Still running good Yes, everything is still running good so far...just let me know what I need to do next! Thanks again! Katie Quote
Starbuck Posted December 21, 2010 Posted December 21, 2010 Hi Katie, Step 1 Please double-click OTL.exe to run it. You should see a CleanUp! button, press that button, http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png This will remove any programs we have asked you to download along with their associated folders.. plus itself. Note: MBAM will not be removed Step 2 Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is: Go to Start > Programs > Accessories > System Tools and click "System Restore". Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Then go to Start > Run and type: Cleanmgr Click "OK". Select the drive for cleaning then click OK (usually 'C' drive) Click the "More Options" Tab. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one. To find out how you may have been infected....read this topic: So how did i get infected? Not all of the following information will be applicable to you, but it's still best to read it all. Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Use an AntiVirus Software Avira AntiVir ....installation guide Here Avast free Bitdefender Free MS Security Essentials ... see note* ...installation guide Here Note*: Upon installation MS Security Essentials will check that your OS is a legal copy. Only install one AntiVirus program [*]Update your AntiVirus Software regularly [*]Use a 3rd party Firewall Online Armor Free ZoneAlarm ...Important note below Outpost Firewall Free Sunbelt Personal Firewall NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option. Only install one software Firewall Some 3rd party Firewalls will turn off the windows firewall when they are installed. It's always best to check that the Windows Firewall is turned off: How to turn off Windows Firewall: Start ... Control Panel ...click on 'Classic View'. now select Windows Firewall. When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok [*]Scan regularly with a 'Stand Alone' Anti-Malware scanner: Installing another scanner that you can run once or twice a week is always beneficial. Something like: Malwarebytes Anti-Malware SUPERAntiSypware Remember to update these programs each time before running. You can install more than one of these if you only run them as stand alone programs. [*] Use an alternative browser: Some excellent alternatives to MS Internet Explorer are: Firefox For added security, add the NoScript extension to this browser: Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks also consider adding: WOT - Safe Browsing Tool Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web. Btw: you don't have to make a contribution. Opera They offer better security, more stability, and better speed. [*]Keep a backup of your registry Keeping a regular backup of your registry will help when something goes wrong. Use a program like: Erunt A full tutorial on how to set up and use Erunt can be found here: Erunt tutorial [*]Keep your system clean of temp files etc, using a 'Cleaner': Cleaners are programs that will help to clean out your: Windows temp files Current user temp files Cookies Temporary Internet flies Browser history Recycle bin Etc....... In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc. Programs like: CCleaner TFC by OldTimer ATF Cleaner [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. [*]Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using and installing SpywareBlaster [*]Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Glad I was able to help. Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif Quote Member of:UNITE
complikati Posted December 23, 2010 Author Posted December 23, 2010 HELP! Computer went nuts!! I was getting on this morning to start the cleanup process, and before I did anything the computer just decided to shut down...I tried restarting it, and it acts like it's going to but just keeps starting the reboot process all over again and wont even load up to the logon screen. I dont know what happened, it's been working fine this whole time. The only thing that happened before it shut down was that my virus protection popped up with a possible virus or something and I clicked remove, then it all just went down. I'm not sure what to do!! Do you know what it might be?? I thought we were at the end of all this!! :mad: Thanks for your help!! Katie Quote
complikati Posted December 23, 2010 Author Posted December 23, 2010 Update: I think my computer is dead After I noticed the restarting process was happening over and over, a blue screen popped up with the error STOP: c000021a fatal system error f Oxc0000034. I researched this on my other computer and tried to find ways to reboot and whatnot, nothing worked. I went to power it up again and nothing, it won't even turn on...is this the end of my computer?? Katie Quote
Starbuck Posted December 25, 2010 Posted December 25, 2010 Hi Katie, When you ran Combofix it installed the recovery console..... do you get an option to access it when the system reboots? Also, do you get the option to boot into Safe mode if you tap the f8 key during the boot up procedure? Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.