|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
January 8th, 2010, 09:32 AM
|
|||
|
|||
|
c.exe (vista home premium)...HELP PLEASE
hi,
since like a couple of days i keep getting a message that says 'c.exe has stopped working' every now and then and even wen my computer restarts it shows up at start up. sometimes i also get a message that internet explorer has stopped working and will need to close down. i have windows vista home premium sp2..please help as soon as possible. i read a few threads here abt c.exe that ask u download certain softwares...i was gonna do that and jus paste the log reports but then i rather be guided step by step instead of doing sthg else to my laptop 
|
|
#2
January 8th, 2010, 06:45 PM
|
||||
|
||||
|
Hello, maham
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems. Please take note of some guidelines for this fix:
|
icon on your desktop.|
#3
January 8th, 2010, 07:34 PM
|
|||
|
|||
|
OTL.txt report
OTL logfile created on: 1/8/2010 9:24:07 PM - Run 1
OTL by OldTimer - Version 3.1.21.2 Folder = C:\Users\Sidra\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18865) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free 6.00 Gb Paging File | 4.00 Gb Available in Paging File | 62.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 103.62 Gb Free Space | 69.53% Space Free | Partition Type: NTFS Drive D: | 137.33 Gb Total Space | 135.78 Gb Free Space | 98.87% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 3.78 Gb Total Space | 2.12 Gb Free Space | 56.23% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOME-PC Current User Name: Sidra Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/01/08 21:22:45 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Sidra\Desktop\OTL.exe PRC - [2010/01/03 18:49:03 | 00,173,568 | ---- | M] () -- C:\Users\Sidra\AppData\Local\Temp\c.exe PRC - [2010/01/03 18:48:53 | 00,184,832 | ---- | M] () -- C:\Windows\msa.exe PRC - [2009/12/03 19:02:39 | 00,285,296 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2009/11/21 09:42:38 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009/10/20 17:46:04 | 00,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe PRC - [2009/10/12 19:31:09 | 00,198,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\RecordingManager.exe PRC - [2009/10/12 19:31:09 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/10/11 02:08:04 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe PRC - [2009/10/09 13:11:12 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2009/10/09 13:11:12 | 00,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe PRC - [2009/09/13 18:52:50 | 01,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe PRC - [2009/08/03 20:05:02 | 00,238,888 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe PRC - [2009/07/18 06:12:12 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.ex e PRC - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe PRC - [2009/04/11 09:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/03/07 17:55:58 | 03,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2009/03/07 17:26:06 | 00,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe PRC - [2009/03/07 17:26:04 | 00,231,992 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2009/03/07 16:54:48 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe PRC - [2009/02/26 13:06:28 | 00,521,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe PRC - [2008/11/13 09:33:54 | 00,097,128 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe PRC - [2008/10/01 10:02:48 | 00,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2008/07/30 04:34:34 | 00,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008/07/30 04:34:34 | 00,522,792 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe PRC - [2008/07/19 06:52:16 | 00,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2008/07/10 04:09:26 | 00,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2008/07/02 09:09:28 | 00,217,088 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe PRC - [2008/06/24 07:16:24 | 02,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2008/06/18 09:10:24 | 00,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe PRC - [2008/06/09 21:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2008/06/09 21:16:32 | 02,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe PRC - [2008/04/17 06:49:59 | 06,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008/03/09 16:59:03 | 00,655,360 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe PRC - [2008/02/02 01:29:32 | 00,061,440 | ---- | M] () -- C:\Program Files\ASUS\ATK Media\DMedia.exe PRC - [2008/01/24 02:34:42 | 07,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2008/01/23 21:51:28 | 00,151,552 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe PRC - [2008/01/21 05:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2008/01/21 05:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe PRC - [2008/01/12 09:40:10 | 00,098,304 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe PRC - [2007/12/06 13:12:57 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe PRC - [2007/12/06 13:12:43 | 01,029,416 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2007/11/30 22:20:44 | 00,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007/11/05 06:48:06 | 00,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe PRC - [2007/10/03 08:53:00 | 00,094,208 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe PRC - [2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2007/08/15 22:20:16 | 00,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2007/08/08 11:08:40 | 00,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007/07/17 22:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe PRC - [2007/07/17 22:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe PRC - [2007/07/06 03:53:44 | 01,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2005/07/07 02:43:42 | 00,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (SafeList) ========== MOD - [2010/01/08 21:22:45 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Sidra\Desktop\OTL.exe MOD - [2009/04/11 09:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb7 2f96088b0de0\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2009/10/20 17:46:04 | 00,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-093009-130223) SRV - [2009/10/12 19:02:26 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/10/11 02:08:04 | 00,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC) SRV - [2009/09/25 04:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2009/03/07 17:26:04 | 00,231,992 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2008/07/30 04:34:34 | 00,522,792 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2008/06/09 21:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2008/03/09 16:59:03 | 00,655,360 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility) SRV - [2008/01/21 05:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/10/03 08:53:00 | 00,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2007/08/08 11:08:40 | 00,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2006/11/02 15:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart) SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com.../fix_homepage/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com.../fix_homepage/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com.../fix_homepage/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...ASUS&bmod=ASUS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe () O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe () O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe () O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe () O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Yahoo Messenger] File not found O4 - HKCU..\Run: [googletalk] C:\Users\Sidra\AppData\Roaming\Google\Google Talk\googletalk.exe (Google) O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [LosAlamos] C:\Windows\System32\sshnas.DLL () O4 - HKCU..\Run: [PUT2VIDQLG] C:\Users\Sidra\AppData\Local\Temp\c.exe () O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableStatusMessages = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6 097707281E79.dll (Google Inc.) O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing
|
|
#4
January 8th, 2010, 07:35 PM
|
|||
|
|||
|
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01...PUplden-us.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.62.98.11 212.62.98.25 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/19 00:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{321d001a-bbf0-11de-904e-0023545d4c09}\Shell - "" = AutoRun O33 - MountPoints2\{321d001a-bbf0-11de-904e-0023545d4c09}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 05:34:27 | 00,000,000 | ---D | M] NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found OTL cannot create restorepoints on Vista OSs! ========== Files/Folders - Created Within 14 Days ========== [2010/01/08 21:22:42 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Sidra\Desktop\OTL.exe [2010/01/08 03:03:03 | 00,000,000 | -HSD | C] -- C:\Config.Msi [2010/01/05 00:46:46 | 00,000,000 | ---D | C] -- C:\Users\Sidra\AppData\Local\Iminent [2010/01/05 00:25:36 | 00,000,000 | ---D | C] -- C:\Program Files\Iminent [2010/01/03 19:34:04 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works [2010/01/03 19:33:19 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio [2010/01/03 19:33:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2010/01/03 19:32:37 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2010/01/03 19:29:35 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8 [2010/01/03 19:28:04 | 00,000,000 | RH-D | C] -- C:\MSOCache [2008/06/03 09:41:51 | 00,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 14 Days ========== [2010/01/08 21:26:02 | 03,145,728 | -HS- | M] () -- C:\Users\Sidra\ntuser.dat [2010/01/08 21:22:45 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Sidra\Desktop\OTL.exe [2010/01/08 21:21:23 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/01/08 21:21:23 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/01/08 21:13:19 | 00,000,282 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job [2010/01/08 20:32:01 | 00,000,240 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010/01/08 19:25:37 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AA37BB9B-F6A1-4137-A1BE-9D365DA083DE}.job [2010/01/08 07:29:02 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/01/08 07:29:02 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/01/08 07:29:02 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/01/08 07:21:30 | 00,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe [2010/01/08 07:21:28 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll [2010/01/08 07:21:25 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/01/08 07:21:22 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/01/08 07:20:37 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010/01/08 07:20:35 | 00,524,288 | -HS- | M] () -- C:\Users\Sidra\ntuser.dat{5ade25d8-bf5f-11de-8109-0023545d4c09}.TMContainer00000000000000000001.regt rans-ms [2010/01/08 07:20:35 | 00,065,536 | -HS- | M] () -- C:\Users\Sidra\ntuser.dat{5ade25d8-bf5f-11de-8109-0023545d4c09}.TM.blf [2010/01/08 07:20:34 | 06,291,456 | -H-- | M] () -- C:\Users\Sidra\AppData\Local\IconCache.db [2010/01/07 18:31:25 | 00,024,576 | ---- | M] () -- C:\Users\Sidra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/01/07 03:03:47 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini [2010/01/06 02:38:56 | 00,438,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/01/05 03:01:26 | 00,000,044 | ---- | M] () -- C:\Windows\System32\$FFPROFINI$prefs.js [2010/01/04 22:06:12 | 00,129,456 | ---- | M] () -- C:\Users\Sidra\AppData\Local\GDIPFONTCACHEV1.DAT [2010/01/03 19:23:13 | 00,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2010/01/03 18:48:53 | 00,184,832 | ---- | M] () -- C:\Windows\msa.exe [2010/01/03 18:48:30 | 00,242,176 | ---- | M] () -- C:\Windows\System32\sshnas.dll [2009/12/31 14:01:50 | 06,576,621 | ---- | M] () -- C:\Users\Sidra\Desktop\Dr.Ghassan Practical.rar [2009/12/28 15:20:54 | 31,077,5168 | ---- | M] () -- C:\Windows\MEMORY.DMP [2009/12/28 04:31:12 | 04,263,519 | ---- | M] () -- C:\Users\Sidra\Desktop\1964_Oxford_Union.ra ========== Files Created - No Company Name ========== [2010/01/07 14:06:54 | 21,880,219 | ---- | C] () -- C:\Users\Sidra\Desktop\Color Atlas of Physiology, 6th edition.pdf [2010/01/05 03:01:26 | 00,000,044 | ---- | C] () -- C:\Windows\System32\$FFPROFINI$prefs.js [2010/01/03 18:49:04 | 00,000,282 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job [2010/01/03 18:48:57 | 00,184,832 | ---- | C] () -- C:\Windows\msa.exe [2010/01/03 18:48:54 | 00,000,240 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010/01/03 18:48:28 | 00,242,176 | ---- | C] () -- C:\Windows\System32\sshnas.dll [2009/12/31 14:01:49 | 06,576,621 | ---- | C] () -- C:\Users\Sidra\Desktop\Dr.Ghassan Practical.rar [2009/12/28 15:41:00 | 04,263,519 | ---- | C] () -- C:\Users\Sidra\Desktop\1964_Oxford_Union.ra [2009/12/24 19:01:47 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/10/29 14:36:19 | 00,000,680 | ---- | C] () -- C:\Users\Sidra\AppData\Local\d3d9caps.dat [2009/10/21 04:15:30 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/10/11 03:00:06 | 00,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2009/10/11 01:04:55 | 00,024,576 | ---- | C] () -- C:\Users\Sidra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/07 15:24:25 | 00,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll [2008/10/10 17:57:26 | 00,003,584 | ---- | C] () -- C:\Windows\System32\wceprv.dll [2008/07/30 04:33:22 | 00,057,344 | ---- | C] () -- C:\Windows\System32\BtwNamespaceExt2.dll [2008/04/15 20:22:51 | 00,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2008/03/09 17:01:07 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007/10/01 09:59:45 | 01,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007/05/09 10:16:39 | 00,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2006/11/02 15:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 10:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/03/09 04:57:59 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005/04/03 07:30:00 | 00,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll [2001/11/15 00:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [1998/05/06 12:10:00 | 00,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll ========== LOP Check ========== [2010/01/08 07:20:37 | 00,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009/10/26 16:59:04 | 00,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{935DB795-8C8A-4FC9-A58B-C567B6118D54}.job [2010/01/08 19:25:37 | 00,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AA37BB9B-F6A1-4137-A1BE-9D365DA083DE}.job [2010/01/08 20:32:01 | 00,000,240 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010/01/08 21:13:19 | 00,000,282 | -H-- | M] () -- C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/01/21 05:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008/01/21 05:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\mac hine.inf_51b95d75\AGP440.sys [2008/01/21 05:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\mac hine.inf_f750e484\AGP440.sys [2008/01/21 05:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35 _6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/21 05:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35 _6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006/11/02 12:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\mac hine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009/04/11 09:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009/04/11 09:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\msh dc.inf_b12d8e84\atapi.sys [2009/04/11 09:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6 .0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/21 05:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\msh dc.inf_cc18792d\atapi.sys [2008/01/21 05:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6 .0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 12:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\msh dc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 12:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 12:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d29293 2a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2008/09/12 08:32:55 | 00,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Windows\System32\drivers\iaStor.sys [2008/09/12 08:32:55 | 00,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Windows\System32\DriverStore\FileRepository\iaa hci.inf_3c4af4a0\iaStor.sys < MD5 for: IASTORV.SYS > [2008/01/21 05:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008/01/21 05:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\ias torv.inf_c9df7691\iaStorV.sys [2008/01/21 05:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35 _6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 12:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\ias torv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/04/11 09:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009/04/11 09:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3 304f351bb3a3\netlogon.dll [2008/01/21 05:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7 b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006/11/02 12:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvr aid.inf_733654ff\nvstor.sys [2008/01/21 05:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008/01/21 05:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvr aid.inf_31c3d71d\nvstor.sys [2008/01/21 05:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_ 6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/21 05:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.1 8000_none_380de25bd91b6f12\scecli.dll [2009/04/11 09:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009/04/11 09:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.1 8005_none_39f95b67d63d3a5e\scecli.dll < %systemroot%\*. /mp /s > < End of report >
|
|
#5
January 8th, 2010, 07:36 PM
|
|||
|
|||
|
Extras.Txt report
OTL Extras logfile created on: 1/8/2010 9:24:07 PM - Run 1
OTL by OldTimer - Version 3.1.21.2 Folder = C:\Users\Sidra\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18865) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free 6.00 Gb Paging File | 4.00 Gb Available in Paging File | 62.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 103.62 Gb Free Space | 69.53% Space Free | Partition Type: NTFS Drive D: | 137.33 Gb Total Space | 135.78 Gb Free Space | 98.87% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 3.78 Gb Total Space | 2.12 Gb Free Space | 56.23% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOME-PC Current User Name: Sidra Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{141989B2-9BB4-40FD-9CBA-A13A5025AC1F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{511B8CBB-D3E9-461B-974B-235DF03D5721}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{620C08CF-D24C-40B6-8C63-8CD11C68F4F2}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{1B98DB6E-63F1-41B0-80BA-3E05991D64C8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{1FCE8C1D-9F1F-4D28-84B4-9BE7B0998E4B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{43922D53-D8B1-4684-803A-8258446A8A3B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{72910CB3-4C2E-437F-A00C-A47EC5A0B4A6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{7CE82230-D380-4763-84B4-50328B9128BD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{8837552A-7F78-41C6-AF6F-9BD200737D52}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C32E4C81-8047-48D3-9B00-1D5A4BFEDA2E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software "{088D5DC3-A607-DF3D-6406-7CA7F597F25F}" = Catalyst Control Center Localization Norwegian "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{0A1129C7-E4F7-4EDC-DD38-DC8B467F5DAD}" = CCC Help Italian "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{11435553-1388-0583-98C3-AD3C49E9A038}" = Catalyst Control Center Graphics Full Existing "{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media "{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager "{1C94CB71-A432-873C-E0AC-121EDBD817CE}" = CCC Help German "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{230142CE-A81E-CC3C-35CC-5CC8A49CCB1E}" = Catalyst Control Center Localization Japanese "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17 "{29B9C0F8-380D-133D-6551-142BB77F94C8}" = ccc-core-static "{2C85768B-0BDA-8FB8-3CC8-B36C3CD86151}" = Catalyst Control Center Localization Thai "{3117A9EF-16BE-3404-CBC8-9AC1BB009335}" = CCC Help French "{31C74C17-B0AC-0F77-E772-9F7FA9891E36}" = CCC Help Turkish "{37D7562E-389B-6675-13E2-6D4F6994DD9A}" = Catalyst Control Center Localization Dutch "{389E3080-0B6D-BA11-3369-490623D5FD49}" = CCC Help Portuguese "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker "{3EE772A4-97F3-806B-924F-6D77EE00C1AE}" = CCC Help Hungarian "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{431633E7-E6A4-3205-3B80-3F9BC437F797}" = Skins "{46647CBB-A2D5-AA8E-F951-1712A74668C4}" = Catalyst Control Center Localization Turkish "{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials "{52F3D26F-AE33-2F25-1374-DDB65CEB12F3}" = CCC Help Czech "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{54FB7140-FD80-2389-3332-9D85FC74915D}" = Catalyst Control Center Localization Swedish "{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{593D6CC5-D02A-BF6C-6463-278368587E02}" = Catalyst Control Center Localization Greek "{5C1748A8-912B-DF0B-5C35-A9C3A2D546A7}" = Catalyst Control Center Localization Czech "{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2 "{5EB5EEA7-6432-5827-0080-899DA70A97BA}" = ATI Catalyst Install Manager "{5F5D5DE9-D467-43D4-0D43-68B4598FF5CB}" = Catalyst Control Center Localization Russian "{60204E20-6172-2517-9B6F-6A87416956A1}" = CCC Help Dutch "{62CF8923-31DC-4285-A23C-17CE5AA6A679}" = Express Gate "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6AE16305-FD12-FFF0-85FA-722360417549}" = Catalyst Control Center Localization Korean "{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding "{7234908A-5F80-B67A-8DE8-98B75FA43810}" = CCC Help Chinese Traditional "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{730801C2-7C9B-2260-614D-A44767CA5DBC}" = CCC Help Thai "{73B9CDF5-9B29-3DD5-0028-C68CD2490F1E}" = CCC Help Korean "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security "{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey "{7DEEE76B-ED3D-657E-5475-D67ADA440E47}" = CCC Help Norwegian "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2 "{8439EDA7-A85C-E830-2E23-197A1BFD24F5}" = Catalyst Control Center Localization Italian "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
|
|
#6
January 8th, 2010, 07:37 PM
|
|||
|
|||
|
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9980C99E-6954-614B-EA1C-333473FC2900}" = ccc-utility "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A55D681-02D1-6E48-F717-3ACFF6DBB27C}" = CCC Help Russian "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme "{9B74C58F-A6AE-F383-4AC1-F432FDF35884}" = CCC Help Chinese Standard "{9F88C8F3-5953-B3D7-7F91-A7CE3A6F5119}" = Catalyst Control Center Localization Finnish "{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A4E83A4C-B057-E197-F156-2FBEFA0761FE}" = Catalyst Control Center Localization French "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A9C95D56-88AA-0CF9-FFE4-E0A45C04A6DC}" = Catalyst Control Center Localization Portuguese "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4 "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AEA1F5BA-BC7A-05F2-2832-58B4BCEAABEB}" = Catalyst Control Center Localization Danish "{B10DEBAF-64A4-0FB5-9518-97A21DC2A321}" = CCC Help Greek "{B5D0714F-56A4-52A2-4C62-6B4E8853F25A}" = Catalyst Control Center Localization Spanish "{B9B7F425-0B72-E926-06FF-136154B31077}" = CCC Help Japanese "{BA09B3B4-7D61-B444-52AE-4C3C3CADADDA}" = CCC Help Spanish "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C5AEAA52-29F8-DF1E-B472-C2ABDC6EA349}" = Catalyst Control Center Localization Chinese Traditional "{CC77812E-22CB-754E-15C4-1E7BB9B2E89A}" = Catalyst Control Center Graphics Previews Vista "{CC81D746-51BB-4F97-52EB-BF64E14B1904}" = CCC Help Swedish "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEE0CD9D-7759-7D58-F33D-D1968D29B8A2}" = Catalyst Control Center Localization Hungarian "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service "{D45D831B-1431-0A69-841B-828F958E95BB}" = CCC Help Danish "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{D9F9D5C6-B889-C333-033B-863C85BB0D6F}" = CCC Help Finnish "{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader "{DA918D70-293B-6776-CD3C-7965EC7D8680}" = Catalyst Control Center Graphics Previews Common "{DD07CD74-B4BF-1347-D10C-5A32485D8451}" = CCC Help English "{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3DE4A3B-DB2A-9107-BCDD-1C6A64CFB4F5}" = Catalyst Control Center Localization German "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{EAEDD68A-1037-35C3-707A-1A5316856EF8}" = Catalyst Control Center Core Implementation "{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0F8875B-F4F4-6BBC-5D86-CFAD9D6B7F12}" = Catalyst Control Center Localization Polish "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F53B03FE-A48A-9051-F350-554E415730F5}" = Catalyst Control Center Localization Chinese Standard "{F6141E53-ABEC-97AF-99E7-C12588A20812}" = Catalyst Control Center Graphics Full New "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F8935FC0-DE7D-41C3-FC9C-7867B29D2E10}" = Catalyst Control Center Graphics Light "{FFA6416E-798F-773E-B7A9-0F79BA40ECB8}" = CCC Help Polish "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver "ENTERPRISE" = Microsoft Office Enterprise 2007 "GOM Player" = GOM Player "Google Desktop" = Google Desktop "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Essentials" = Microsoft Security Essentials "Picasa 3" = Picasa 3 "RealPlayer 12.0" = RealPlayer "SynTPDeinstKey" = Synaptics Pointing Device Driver "USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam "USB Mass Storage Filter Driver" = Multimedia Card Reader "VLC media player" = VideoLAN VLC media player 0.8.6f "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall] "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 1/1/2010 3:07:12 PM | Computer Name = Home-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 8.0.6001.18865 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1f7c Start Time: 01ca883cb59ff9c0 Termination Time: 20 Error - 1/1/2010 8:44:07 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10 Description = Error - 1/2/2010 2:20:32 AM | Computer Name = Home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 1/2/2010 6:23:29 AM | Computer Name = Home-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18865, time stamp 0x4b077416, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79, exception code 0xc0000005, fault offset 0x001579a2, process id 0x750, application start time 0x01ca8b9262c73930. Error - 1/2/2010 6:53:25 AM | Computer Name = Home-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 8.0.6001.18865 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 16c8 Start Time: 01ca8b9242ada210 Termination Time: 0 Error - 1/2/2010 7:34:04 PM | Computer Name = Home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 1/3/2010 8:48:18 AM | Computer Name = Home-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18865, time stamp 0x4b077416, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79, exception code 0xc0000005, fault offset 0x001579a2, process id 0x1d4c, application start time 0x01ca8b99d0a780c0. Error - 1/3/2010 8:50:06 AM | Computer Name = Home-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18865, time stamp 0x4b077416, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79, exception code 0xc0000005, fault offset 0x001579a2, process id 0x1bdc, application start time 0x01ca8b99d0ac4380. Error - 1/3/2010 12:15:10 PM | Computer Name = Home-PC | Source = VSS | ID = 8194 Description = Error - 1/3/2010 12:15:16 PM | Computer Name = Home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = [ System Events ] Error - 10/27/2009 11:46:02 AM | Computer Name = Home-PC | Source = iaStor | ID = 262153 Description = The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error - 10/27/2009 1:16:09 PM | Computer Name = Home-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 10/27/2009 8:05:08 PM | Computer Name = Home-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 10/27/2009 9:44:52 PM | Computer Name = Home-PC | Source = iaStor | ID = 262153 Description = The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error - 10/28/2009 2:05:51 AM | Computer Name = Home-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 10/28/2009 2:37:06 AM | Computer Name = Home-PC | Source = iaStor | ID = 262153 Description = The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error - 10/28/2009 3:29:49 AM | Computer Name = Home-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 192.163.1.191 for the Network Card with network address 00215DC5BF12 has been denied by the DHCP server 10.10.10.2 (The DHCP Server sent a DHCPNACK message). Error - 10/28/2009 4:01:01 AM | Computer Name = Home-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 10:52:50 AM on 10/28/2009 was unexpected. Error - 10/28/2009 4:01:49 AM | Computer Name = Home-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 10/29/2009 2:21:27 AM | Computer Name = Home-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report >
|
|
#7
January 8th, 2010, 08:02 PM
|
||||
|
||||
|
Hi,
Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2 MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
|
|
#8
January 8th, 2010, 08:58 PM
|
|||
|
|||
|
mbam log report
Malwarebytes' Anti-Malware 1.44
Database version: 3520 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18865 1/8/2010 10:49:22 PM mbam-log-2010-01-08 (22-49-22).txt Scan type: Quick Scan Objects scanned: 103404 Time elapsed: 4 minute(s), 26 second(s) Memory Processes Infected: 2 Memory Modules Infected: 1 Registry Keys Infected: 4 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: C:\Windows\msa.exe (Trojan.Agent) -> Unloaded process successfully. C:\Users\Sidra\AppData\Local\Temp\c.exe (Trojan.Dropper) -> Unloaded process successfully. Memory Modules Infected: C:\Windows\System32\sshnas.dll (Trojan.Downloader) -> Delete on reboot. Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\PUT2VIDQLG (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\B1RQJ7YJ0U (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\losalamos (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\put2vidqlg (Trojan.Dropper) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Windows\System32\sshnas.dll (Trojan.Downloader) -> Delete on reboot. C:\Users\Sidra\AppData\Local\Temp\a.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Sidra\Local Settings\Temporary Internet Files\udRemove.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Sidra\AppData\Local\Temp\b.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Sidra\AppData\Local\Temp\c.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
|
|
#10
January 9th, 2010, 03:07 PM
|
|||
|
|||
|
OTL.Txt report
OTL logfile created on: 1/9/2010 5:01:12 PM - Run 2
OTL by OldTimer - Version 3.1.21.2 Folder = C:\Users\Sidra\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18865) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 104.09 Gb Free Space | 69.84% Space Free | Partition Type: NTFS Drive D: | 137.33 Gb Total Space | 135.78 Gb Free Space | 98.87% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 3.78 Gb Total Space | 0.79 Gb Free Space | 20.98% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOME-PC Current User Name: Sidra Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/01/08 21:22:45 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Sidra\Desktop\OTL.exe PRC - [2009/12/03 19:02:39 | 00,285,296 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2009/11/21 09:42:38 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009/10/20 17:46:04 | 00,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe PRC - [2009/10/12 19:31:09 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/10/11 02:08:04 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe PRC - [2009/10/09 13:11:12 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2009/10/09 13:11:12 | 00,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe PRC - [2009/09/13 18:52:50 | 01,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe PRC - [2009/08/03 20:05:02 | 00,238,888 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe PRC - [2009/07/18 06:12:12 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.ex e PRC - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe PRC - [2009/04/11 09:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/03/08 14:34:00 | 00,115,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ielowutil.exe PRC - [2009/03/07 17:55:58 | 03,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2009/03/07 17:26:06 | 00,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe PRC - [2009/03/07 17:26:04 | 00,231,992 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2009/03/07 16:54:48 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe PRC - [2009/02/26 13:06:28 | 00,521,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe PRC - [2008/11/13 09:33:54 | 00,097,128 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008/10/01 10:02:48 | 00,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2008/07/30 04:34:34 | 00,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008/07/30 04:34:34 | 00,522,792 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe PRC - [2008/07/19 06:52:16 | 00,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2008/07/10 04:09:26 | 00,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2008/07/02 09:09:28 | 00,217,088 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe PRC - [2008/06/24 07:16:24 | 02,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2008/06/18 09:10:24 | 00,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe PRC - [2008/06/09 21:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2008/06/09 21:16:32 | 02,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe PRC - [2008/04/17 06:49:59 | 06,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008/03/09 16:59:03 | 00,655,360 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe PRC - [2008/02/02 01:29:32 | 00,061,440 | ---- | M] () -- C:\Program Files\ASUS\ATK Media\DMedia.exe PRC - [2008/01/24 02:34:42 | 07,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2008/01/23 21:51:28 | 00,151,552 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe PRC - [2008/01/21 05:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2008/01/21 05:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe PRC - [2008/01/12 09:40:10 | 00,098,304 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe PRC - [2007/12/06 13:12:57 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe PRC - [2007/12/06 13:12:43 | 01,029,416 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2007/11/30 22:20:44 | 00,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007/11/05 06:48:06 | 00,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe PRC - [2007/10/03 08:53:00 | 00,094,208 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe PRC - [2007/08/15 22:20:16 | 00,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2007/08/08 11:08:40 | 00,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007/07/17 22:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe PRC - [2007/07/17 22:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe PRC - [2007/07/06 03:53:44 | 01,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2005/07/07 02:43:42 | 00,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (SafeList) ========== MOD - [2010/01/08 21:22:45 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Sidra\Desktop\OTL.exe MOD - [2009/04/11 09:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb7 2f96088b0de0\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2009/10/20 17:46:04 | 00,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-093009-130223) SRV - [2009/10/12 19:02:26 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/10/11 02:08:04 | 00,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC) SRV - [2009/09/25 04:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2009/03/07 17:26:04 | 00,231,992 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008/07/30 04:34:34 | 00,522,792 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2008/06/09 21:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2008/03/09 16:59:03 | 00,655,360 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility) SRV - [2008/01/21 05:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/10/03 08:53:00 | 00,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2007/08/08 11:08:40 | 00,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2006/11/02 15:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart) SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com.../fix_homepage/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com.../fix_homepage/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com.../fix_homepage/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...ASUS&bmod=ASUS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe () O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe () O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe () O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe () O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Yahoo Messenger] File not found O4 - HKCU..\Run: [googletalk] C:\Users\Sidra\AppData\Roaming\Google\Google Talk\googletalk.exe (Google) O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableStatusMessages = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6 097707281E79.dll (Google Inc.) O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
|
|
#11
January 9th, 2010, 03:07 PM
|
|||
|
|||
|
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01...PUplden-us.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.62.98.11 212.62.98.25 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/19 00:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010/01/05 10:47:28 | 00,000,034 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{321d001a-bbf0-11de-904e-0023545d4c09}\Shell - "" = AutoRun O33 - MountPoints2\{321d001a-bbf0-11de-904e-0023545d4c09}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 05:34:27 | 00,000,000 | ---D | M] NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found OTL cannot create restorepoints on Vista OSs! ========== Files/Folders - Created Within 14 Days ========== [2010/01/09 03:01:20 | 00,000,000 | -HSD | C] -- C:\Config.Msi [2010/01/08 22:34:48 | 00,000,000 | ---D | C] -- C:\Users\Sidra\AppData\Roaming\Malwarebytes [2010/01/08 22:34:43 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/01/08 22:34:39 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/01/08 22:34:39 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/01/08 22:34:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/01/08 22:33:14 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sidra\Desktop\mbam-setup.exe [2010/01/08 21:22:42 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Sidra\Desktop\OTL.exe [2010/01/05 00:46:46 | 00,000,000 | ---D | C] -- C:\Users\Sidra\AppData\Local\Iminent [2010/01/05 00:25:36 | 00,000,000 | ---D | C] -- C:\Program Files\Iminent [2010/01/03 19:34:04 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works [2010/01/03 19:33:19 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio [2010/01/03 19:33:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2010/01/03 19:32:37 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2010/01/03 19:29:35 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8 [2010/01/03 19:28:04 | 00,000,000 | RH-D | C] -- C:\MSOCache [2008/06/03 09:41:51 | 00,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 14 Days ========== [2010/01/09 17:02:05 | 03,145,728 | -HS- | M] () -- C:\Users\Sidra\ntuser.dat [2010/01/09 16:56:59 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AA37BB9B-F6A1-4137-A1BE-9D365DA083DE}.job [2010/01/09 16:56:27 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/01/09 16:56:27 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/01/09 16:56:27 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/01/09 16:51:54 | 00,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe [2010/01/09 16:51:53 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/01/09 09:21:31 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/01/09 09:21:31 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/01/09 03:21:32 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll [2010/01/09 03:21:29 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/01/09 03:20:28 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010/01/09 03:20:23 | 00,524,288 | -HS- | M] () -- C:\Users\Sidra\ntuser.dat{5ade25d8-bf5f-11de-8109-0023545d4c09}.TMContainer00000000000000000001.regt rans-ms [2010/01/09 03:20:23 | 00,065,536 | -HS- | M] () -- C:\Users\Sidra\ntuser.dat{5ade25d8-bf5f-11de-8109-0023545d4c09}.TM.blf [2010/01/09 03:20:22 | 06,291,456 | -H-- | M] () -- C:\Users\Sidra\AppData\Local\IconCache.db [2010/01/09 03:01:41 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini [2010/01/08 22:52:15 | 00,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2010/01/08 22:34:46 | 00,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/01/08 22:33:23 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sidra\Desktop\mbam-setup.exe [2010/01/08 21:22:45 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Sidra\Desktop\OTL.exe [2010/01/07 18:31:25 | 00,024,576 | ---- | M] () -- C:\Users\Sidra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/01/06 02:38:56 | 00,438,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/01/05 03:01:26 | 00,000,044 | ---- | M] () -- C:\Windows\System32\$FFPROFINI$prefs.js [2010/01/04 22:06:12 | 00,129,456 | ---- | M] () -- C:\Users\Sidra\AppData\Local\GDIPFONTCACHEV1.DAT [2009/12/31 14:01:50 | 06,576,621 | ---- | M] () -- C:\Users\Sidra\Desktop\Dr.Ghassan Practical.rar [2009/12/28 15:20:54 | 31,077,5168 | ---- | M] () -- C:\Windows\MEMORY.DMP [2009/12/28 04:31:12 | 04,263,519 | ---- | M] () -- C:\Users\Sidra\Desktop\1964_Oxford_Union.ra ========== Files Created - No Company Name ========== [2010/01/08 22:34:46 | 00,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/01/07 14:06:54 | 21,880,219 | ---- | C] () -- C:\Users\Sidra\Desktop\Color Atlas of Physiology, 6th edition.pdf [2010/01/05 03:01:26 | 00,000,044 | ---- | C] () -- C:\Windows\System32\$FFPROFINI$prefs.js [2009/12/31 14:01:49 | 06,576,621 | ---- | C] () -- C:\Users\Sidra\Desktop\Dr.Ghassan Practical.rar [2009/12/28 15:41:00 | 04,263,519 | ---- | C] () -- C:\Users\Sidra\Desktop\1964_Oxford_Union.ra [2009/12/24 19:01:47 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/10/29 14:36:19 | 00,000,680 | ---- | C] () -- C:\Users\Sidra\AppData\Local\d3d9caps.dat [2009/10/21 04:15:30 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/10/11 03:00:06 | 00,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2009/10/11 01:04:55 | 00,024,576 | ---- | C] () -- C:\Users\Sidra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/07 15:24:25 | 00,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll [2008/10/10 17:57:26 | 00,003,584 | ---- | C] () -- C:\Windows\System32\wceprv.dll [2008/07/30 04:33:22 | 00,057,344 | ---- | C] () -- C:\Windows\System32\BtwNamespaceExt2.dll [2008/04/15 20:22:51 | 00,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2008/03/09 17:01:07 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007/10/01 09:59:45 | 01,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007/05/09 10:16:39 | 00,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2006/11/02 15:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 10:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/03/09 04:57:59 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005/04/03 07:30:00 | 00,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll [2001/11/15 00:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [1998/05/06 12:10:00 | 00,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll ========== LOP Check ========== [2010/01/09 03:20:27 | 00,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009/10/26 16:59:04 | 00,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{935DB795-8C8A-4FC9-A58B-C567B6118D54}.job [2010/01/09 16:56:59 | 00,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AA37BB9B-F6A1-4137-A1BE-9D365DA083DE}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/01/21 05:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008/01/21 05:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\mac hine.inf_51b95d75\AGP440.sys [2008/01/21 05:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\mac hine.inf_f750e484\AGP440.sys [2008/01/21 05:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35 _6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/21 05:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35 _6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006/11/02 12:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\mac hine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009/04/11 09:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009/04/11 09:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\msh dc.inf_b12d8e84\atapi.sys [2009/04/11 09:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6 .0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/21 05:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\msh dc.inf_cc18792d\atapi.sys [2008/01/21 05:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6 .0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 12:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\msh dc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 12:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 12:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d29293 2a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2008/09/12 08:32:55 | 00,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Windows\System32\drivers\iaStor.sys [2008/09/12 08:32:55 | 00,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Windows\System32\DriverStore\FileRepository\iaa hci.inf_3c4af4a0\iaStor.sys < MD5 for: IASTORV.SYS > [2008/01/21 05:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008/01/21 05:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\ias torv.inf_c9df7691\iaStorV.sys [2008/01/21 05:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35 _6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 12:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\ias torv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/04/11 09:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009/04/11 09:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3 304f351bb3a3\netlogon.dll [2008/01/21 05:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7 b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006/11/02 12:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvr aid.inf_733654ff\nvstor.sys [2008/01/21 05:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008/01/21 05:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvr aid.inf_31c3d71d\nvstor.sys [2008/01/21 05:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_ 6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/21 05:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.1 8000_none_380de25bd91b6f12\scecli.dll [2009/04/11 09:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009/04/11 09:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.1 8005_none_39f95b67d63d3a5e\scecli.dll < %systemroot%\*. /mp /s > < End of report >
|
|
#12
January 9th, 2010, 05:32 PM
|
||||
|
||||
|
Hi,
How is it running right now? I'd like us to scan your machine with ESET OnlineScan
|
button.
to download the ESET Smart Installer. Save it to your desktop.
icon on your desktop.
button.
, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
button.
|
#15
January 9th, 2010, 09:47 PM
|
|||
|
|||
|
hi there
i ran the scan and it says no threats found does tht mean evthg is ok n can i uninstall all these programs tht i had to install? however i still have the problem of my internet explorer getting stuck at times...and it stops responding (not responding message) so i hav to close it down n rstart it n restore my pages...do u think nethg cud b done abt tht?
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| Vista 32 Home Premium - 4 GB? | joypatra | Windows Vista | 2 | August 3rd, 2009 05:05 PM |
| Vista Home Premium | Ginge880 | Windows Vista | 1 | July 18th, 2009 01:32 PM |
| Vista Home Premium | merlinwiz | Windows Vista | 2 | May 13th, 2008 03:21 PM |
| Difference between Vista home premium Vista ultimate | markp1973 | Windows Vista | 2 | December 14th, 2007 04:18 AM |
| Vista Home Premium | larry ziegler | Windows Vista | 1 | February 19th, 2007 11:32 PM |
All times are GMT +1. The time now is 03:13 PM.