|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
Please Help, first threat gone, several more hidden
I have read several threads across several websites. I was infected several days ago with a huge wave off spyware, malware, trojans, or whatever they're called. Rather than take it upon myself to follow the instructions of others I'll take the advice always given and dont do anything without professional supervision. I am literally pleading for help here.
I was taken off guard and my computer was being attacked for about 30 minutes while I was away and Norton Internet Security stopped alot of it. To name a few Trojan.Adclicker, Backdoor.Tidserv!gen5, Adware.Lop, Packed.Mystic!gen4, tkb.exe, Hacktool.Rootkit, tkd.exe, rknfl.exe, alot of Trojans, Malware.Packer.Gen, Broken.OpenCommand, Adware.Adrotator, Worm.KoobFace, and more randomly named ones. Originally it was "Antimalware Doctor" that I first saw on my desktop as pop-ups, the ghost music/ads, and Norton lit up my monitor like Times Square. I freaked, read online all the while still being attacked, I probably have over 100 unauthorized intrusions. I installed rkill/exe ran that, downloaded malwarebytes, ran that, got rid of the first round, took about three to get rid of the Antimalware Doctor icons (I knew not to try and delete them on my own). Things slowed, I ran about a dozen scans there was nothing. Then a random scan and 14 found days later. This Adware.EZlife is impossible to get rid of. I have down at least six scans and immediate reboots and they are still there. Also more trojans are being found, the ads are back more than ever, and I can hardly type this. I use this computer for everything, I am a young college student who is 100% self supportive on minimum wage and no one to turn to. I have had no choice but to log into my emails, bank accounts, and work accounts on the infected computer. If I lose anything I am SCREWED. Please help me and I thank you in advance for whatever assistance I can get. The main problem now is this Adware.EZlife that malwarebytes detects but cannot get rid of (although it never tells me it cant, its just always there on the new scan and reboot). When I attempt to get to the control panel the infamous white notepad appears for a split second then a million ads. In the uninstall menu I see a " Street-Ads Browser Enhancer ", " Sky-Banners browser enhancer ", and " Performance Platform Voguecash ". I mainly use Internet Explorer and sometimes Firefox. I am not against completely 100% wiping my hard drive and re installing windows and starting over again. I was not sent backup or windows disks with my computer years ago but run a legitimate Vista. I have not had a virus in over 6 years and know that my computer will always be weaker. I need this stuff gone until I can wipe everything and start over to feel secure. Thanks -------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:02:42 AM, on 6/6/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18444) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Portrait Displays\HP My Display\dthtml.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Ralink\Common\RaUI.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Windows\system32\wuauclt.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Works\wkswp.exe c:\Program Files\Microsoft Works\WkDStore.exe C:\Program Files\Microsoft Works\wkgdcach.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Street-Ads Browser Enhancer wmkuiygw - {0ABA9E30-B7F8-45F8-8ECA-3AB04D27E160} - C:\Windows\system32\wmkuiygw.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Sky-Banners Browser Enhancer ahnpxfnb - {E40B09AA-3825-42CE-BAD0-1DBB892FF96D} - C:\Windows\system32\ahnpxfnb.dll O2 - BHO: voguecash browser enhancer - {F4CFF9AB-3DEE-222D-B9C1-70A11594565B} - C:\Windows\system32\fxljiyzysswg.dll (file missing) O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [skb] rundll32 "ahnpxfnb.dll",,Run O4 - HKLM\..\Run: [MChk] C:\Windows\system32\fxoncarg.exe O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O13 - Gopher Prefix: O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windo..._5.3.0.228.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 9114 bytes ------------------------------------------- Malwarebytes last log Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4169 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 6/5/2010 2:44:13 PM mbam-log-2010-06-05 (14-44-13).txt Scan type: Quick scan Objects scanned: 136884 Time elapsed: 8 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 12 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Windows\System32\ahnpxfnb.dll (Adware.EZlife) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{797fd362-29e7-49a5-8b86-6fa7ea97851c} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{797fd362-29e7-49a5-8b86-6fa7ea97851c} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{797fd362-29e7-49a5-8b86-6fa7ea97851c} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Windows\System32\ahnpxfnb.dll (Adware.EZlife) -> Delete on reboot. Last edited by Mynamehere; June 6th, 2010 at 05:08 AM. |
#2
|
||||
|
||||
Hello, Mynamehere
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems. Please take note of some guidelines for this fix:
|
#3
|
|||
|
|||
How do I know that the information I post here does not expose me to further threats?
The information in one of the logs is extremely personal, including every file Ive created in 90 days and my windows username. I will not post this on an open forum and can PM it to you if you would like. Thanks ------------------------------------------------------------ Extras.Txt OTL Extras logfile created on: 6/6/2010 11:31:49 PM - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Systemgo\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free 7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139.61 Gb Total Space | 47.13 Gb Free Space | 33.76% Space Free | Partition Type: NTFS Drive D: | 9.44 Gb Total Space | 1.25 Gb Free Space | 13.21% Space Free | Partition Type: NTFS Drive E: | 596.17 Gb Total Space | 226.92 Gb Free Space | 38.06% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 232.83 Gb Total Space | 127.61 Gb Free Space | 54.81% Space Free | Partition Type: FAT32 Computer Name: SYSTEMGO-PC Current User Name: Systemgo Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{36D99AA2-CB2A-419A-9449-F97871E563B1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{381608C8-ACB2-4A87-8FD5-EB0D0230E622}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{0AC9E2A0-9E29-473E-A16D-E4B5768FC8F6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{0E390265-E189-4E37-A4FD-B6EA64F2A121}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{0E78B21D-E260-4E9D-B934-EAD1B5F27EC1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{0E7EF5E5-99DA-4D97-9E86-117243CA855B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0EB534BC-A1A9-4BBF-9802-012061AB6F42}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe | "{139D6A52-3E19-4499-BA3A-AEB7ABE49B7B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{1C3433A1-D40A-4F79-B51F-68B17B99ABE5}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{26A5528C-3E4F-4909-8185-488A3918BF64}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{26C84D09-2A2D-437D-B7A3-6A6CB882D601}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{2C727812-717C-4732-8E33-114B60F49037}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe | "{308AC9FE-3CB4-4F7D-9702-1C96750C0425}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | "{3508899C-A53B-453B-89BE-5B51255EB7B0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3C309359-2877-45BA-AE2F-565AC7BAF6C4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{43D7FB32-87DB-4C5A-8989-11D5C0CBAA43}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{45C18BCE-EE41-48DF-BD9E-6C46A5B7DD52}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4B567BF9-9E7E-42AB-9738-231534A3BB41}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | "{4CF48A0A-AAD0-4DAF-98FD-B3E2A1A3C342}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{52B2193A-0EEF-4C4B-BFB6-66002FDF76ED}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{68AE5B43-CB14-4242-90F8-7348B1D1B54B}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{6A93BA20-769B-4FBB-9DD2-92E7CCF6CEAE}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe | "{6BE1C69E-19BC-46B8-BC1F-5C6A348665D1}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{6C46771F-EEFE-486E-928C-DF5CA6CAEE03}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{78A093D3-2893-4E31-B610-ECCF1B925188}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{8293DA4F-0551-46C8-A70C-27A00D5B21FA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{860E355F-8888-4B8F-AD43-8617B645875B}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe | "{88AA47F8-0EB1-4109-87C4-E62AD61AB4A7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{8B0815D5-A1CA-4157-83B2-B39E72BA726C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | "{91203601-57A9-4641-80EA-93C4F5A83469}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{AC427B6A-B003-480E-89AB-0BBBA163C01D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{B505D747-97F5-4A1B-BA1C-F65879C8D716}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{C2830507-6035-4EEC-AEBF-040A0C26A309}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{C3D9B074-4239-4E03-BA6F-33971F88F397}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{D0B82BA7-8F5A-4EE6-85E1-74C1F25AB649}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{D3B3BB6E-334A-4E4C-B755-99B5D97D354F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{D573C5FE-2DBB-4A4F-A97F-B192DC90BB3D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{D98FE53C-F889-4C52-AE25-2FC3EA59BE0B}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{DBE547C7-ABE2-40D1-B371-3B2CEF57B826}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{E8673A7B-6D85-4DB5-BDEA-9FE4F6F06071}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{EB299198-033B-4882-8B82-61B6D497E915}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{EE012621-68F6-44C0-998A-9340989F4C73}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "TCP Query User{A6EF45A0-60EE-42A8-8CA1-36DF25646B52}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe | "UDP Query User{C5F9C26A-1B15-4DC1-A587-BEE5C82E9227}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe | |
#4
|
|||
|
|||
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "$NtUninstallMTF1011$" = Street-Ads Browser Enhancer "$NtUninstall***1012$" = Sky-Banners browser enhancer "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4 "{209DF55F-5E5C-48A3-BC3D-A7CB1224458C}" = HP Print Diagnostic Utility "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20 "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card "{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}" = HP Total Care Advisor "{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69EA6470-D4D3-49A3-89C8-0530C416ADB9}" = Need For Speed Hot Pursuit 2 Demo "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3 "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5 "{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9 "{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0b "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9 "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1 "{E9EB5689-4F76-4E3C-A675-5ED5F52AB890}" = NTI Shadow 3 "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy "{FB706A00-C234-4716-AB1F-27DCB192C664}" = Opera 9.26 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "AIM_7" = AIM 7 "ASIO4ALL" = ASIO4ALL "Audacity_is1" = Audacity 1.2.6 "CardRecovery" = CardRecovery "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "FL Studio 9" = FL Studio 9 "GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only) "Hardcore" = Hardcore "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 2.0 "HP Print Projects" = HP Print Projects 1.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "IL Download Manager" = IL Download Manager "Indeo® Software" = Indeo® Software "InstallShield_{69EA6470-D4D3-49A3-89C8-0530C416ADB9}" = Need For Speed Hot Pursuit 2 Demo "lfctkdpuech" = Performance Platform Voguecash "Live 7.0.10" = Live 7.0.10 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "NIS" = Norton Internet Security "NVIDIA Drivers" = NVIDIA Drivers "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools "PoiZone" = PoiZone "RarZilla Free Unrar 2.12" = RarZilla Free Unrar 2.12 "RealPlayer 6.0" = RealPlayer "Recuva" = Recuva (remove only) "rgc:audio z3ta+ VSTi_is1" = rgc:audio z3ta+ VSTi v1.4 DEMO "Sakura" = Sakura "Sawer" = Sawer "SoftwareUpdUtility" = Download Updater (AOL LLC) "SpeedFan" = SpeedFan (remove only) "SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009) "SWAT3 Elite Edition" = SWAT3 Elite Edition "Toxic Biohazard" = Toxic Biohazard "ViewpointMediaPlayer" = Viewpoint Media Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 1/24/2009 1:10:23 PM | Computer Name = Systemgo-PC | Source = WerSvc | ID = 5007 Description = Error - 1/25/2009 12:49:20 PM | Computer Name = Systemgo-PC | Source = WerSvc | ID = 5007 Description = Error - 1/26/2009 11:17:35 AM | Computer Name = Systemgo-PC | Source = WerSvc | ID = 5007 Description = Error - 1/26/2009 12:15:56 PM | Computer Name = Systemgo-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 7.0.6000.16764 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 16ec Start Time: 01c97fcd75a5ccff Termination Time: 162 Error - 1/27/2009 12:58:48 PM | Computer Name = Systemgo-PC | Source = WerSvc | ID = 5007 Description = Error - 1/28/2009 10:30:34 AM | Computer Name = Systemgo-PC | Source = WerSvc | ID = 5007 Description = Error - 1/28/2009 7:49:57 PM | Computer Name = Systemgo-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 7.0.6000.16764 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: c08 Start Time: 01c98155556eead1 Termination Time: 40 Error - 1/29/2009 9:38:40 AM | Computer Name = Systemgo-PC | Source = WerSvc | ID = 5007 Description = Error - 1/30/2009 10:29:06 AM | Computer Name = Systemgo-PC | Source = WerSvc | ID = 5007 Description = Error - 1/31/2009 10:58:41 AM | Computer Name = Systemgo-PC | Source = WerSvc | ID = 5007 Description = [ Media Center Events ] Error - 10/19/2007 7:39:03 PM | Computer Name = Systemgo-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 10/21/2007 1:35:34 PM | Computer Name = Systemgo-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 10/22/2007 3:36:11 PM | Computer Name = Systemgo-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 10/22/2007 5:32:31 PM | Computer Name = Systemgo-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 10/27/2007 9:57:26 PM | Computer Name = Systemgo-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 10/30/2007 3:48:43 PM | Computer Name = Systemgo-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 11/18/2007 8:59:33 PM | Computer Name = Systemgo-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 12/20/2007 5:01:58 PM | Computer Name = Systemgo-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 12/20/2007 8:03:03 PM | Computer Name = Systemgo-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 12/22/2007 12:57:22 AM | Computer Name = Systemgo-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. [ System Events ] Error - 6/6/2010 12:15:03 AM | Computer Name = Systemgo-PC | Source = DCOM | ID = 10005 Description = Error - 6/6/2010 12:15:27 AM | Computer Name = Systemgo-PC | Source = Service Control Manager | ID = 7001 Description = Error - 6/6/2010 12:15:27 AM | Computer Name = Systemgo-PC | Source = Service Control Manager | ID = 7026 Description = Error - 6/6/2010 12:25:43 AM | Computer Name = Systemgo-PC | Source = HTTP | ID = 15016 Description = Error - 6/6/2010 12:27:09 AM | Computer Name = Systemgo-PC | Source = Service Control Manager | ID = 7000 Description = Error - 6/6/2010 9:03:27 AM | Computer Name = Systemgo-PC | Source = HTTP | ID = 15016 Description = Error - 6/6/2010 9:04:54 AM | Computer Name = Systemgo-PC | Source = Service Control Manager | ID = 7000 Description = Error - 6/6/2010 9:08:44 AM | Computer Name = Systemgo-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 6/6/2010 11:09:16 PM | Computer Name = Systemgo-PC | Source = HTTP | ID = 15016 Description = Error - 6/6/2010 11:10:42 PM | Computer Name = Systemgo-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > |
#5
|
||||
|
||||
You can edit your username, the rest from the log should not be too personal. We need the logfiles in the thread, because we are a forum, and other people can found some help too
|
#6
|
|||
|
|||
OTL logfile created on: 6/6/2010 11:31:49 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Systemgo\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free 7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139.61 Gb Total Space | 47.13 Gb Free Space | 33.76% Space Free | Partition Type: NTFS Drive D: | 9.44 Gb Total Space | 1.25 Gb Free Space | 13.21% Space Free | Partition Type: NTFS Drive E: | 596.17 Gb Total Space | 226.92 Gb Free Space | 38.06% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 232.83 Gb Total Space | 127.61 Gb Free Space | 54.81% Space Free | Partition Type: FAT32 Computer Name: SYSTEMGO-PC Current User Name: Systemgo Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/06/06 23:30:50 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Systemgo\Desktop\OTL.exe PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe PRC - [2009/10/05 15:10:02 | 003,634,024 | ---- | M] (AOL LLC) -- C:\Program Files\AIM\aim.exe PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009/03/09 11:52:10 | 001,824,032 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaUI.exe PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/09/05 10:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe PRC - [2007/09/19 07:50:44 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007/02/15 06:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe PRC - [2007/01/16 17:12:04 | 000,280,576 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Portrait Displays\HP My Display\dthtml.exe PRC - [2007/01/16 17:10:14 | 000,073,728 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe PRC - [2007/01/16 17:10:08 | 000,110,592 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe PRC - [2006/09/28 09:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe ========== Modules (SafeList) ========== MOD - [2010/06/06 23:30:50 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Systemgo\Desktop\OTL.exe MOD - [2010/05/14 01:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll MOD - [2009/07/12 04:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcr 90.dll MOD - [2009/07/12 04:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcp 90.dll MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2008/01/19 03:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdb aa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS) SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2008/09/05 10:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter) SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc) SRV - [2007/01/16 17:10:14 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC) ========== Driver Services (SafeList) ========== DRV - [2010/05/28 15:33:19 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20 100528.003\IDSvix86.sys -- (IDSVix86) DRV - [2010/05/27 21:42:02 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2010/05/27 21:42:02 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010/05/10 23:39:33 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\ 20100606.003\NAVEX15.SYS -- (NAVEX15) DRV - [2010/05/10 23:39:33 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\ 20100606.003\NAVENG.SYS -- (NAVENG) DRV - [2010/05/06 00:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1107000.00C\SYMTDI V.SYS -- (SYMTDIv) DRV - [2010/04/29 13:44:04 | 000,537,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\2 0100429.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\Ironx8 6.SYS -- (SymIRON) DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\SYMEFA .SYS -- (SymEFA) DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1107000.00C\SRTSP. SYS -- (SRTSP) DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\SRTSPX .SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\ccHPx8 6.sys -- (ccHP) DRV - [2010/02/10 13:22:01 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009/11/05 18:06:13 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1107000.00C\SYMDS. SYS -- (SymDS) DRV - [2009/03/03 14:21:24 | 000,710,144 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2009/02/11 12:38:14 | 002,324,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2008/05/22 21:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008/01/19 01:53:31 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883) DRV - [2008/01/19 01:53:31 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc) DRV - [2008/01/19 01:53:28 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV) DRV - [2008/01/19 01:53:28 | 000,050,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstape.sys -- (MSTAPE) DRV - [2008/01/19 01:53:26 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avcstrm.sys -- (AVCSTRM) DRV - [2007/10/26 18:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32) DRV - [2006/11/16 17:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PdiPorts.sys -- (PdiPorts) DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1g60i32.sys -- (E1G60) Intel(R) DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan) DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio) |
#7
|
|||
|
|||
========== Standard Registry (SafeList) ==========
========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.com" FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA059 1-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\ [2010/05/26 08:13:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F365 1-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\ [2010/02/11 12:07:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\smartweb printing@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/27 12:38:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 13:01:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/31 19:03:42 | 000,000,000 | ---D | M] [2010/03/18 00:04:55 | 000,000,000 | ---D | M] -- C:\Users\Systemgo\AppData\Roaming\Mozilla\Extensio ns [2010/06/06 23:25:01 | 000,000,000 | ---D | M] -- C:\Users\Systemgo\AppData\Roaming\Mozilla\Firefox\ Profiles\djomz82g.default\extensions [2010/03/18 00:06:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Systemgo\AppData\Roaming\Mozilla\Firefox\ Profiles\djomz82g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/06/06 23:25:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/05/31 19:03:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/05/30 09:51:22 | 000,002,076 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (moigh Object) - {0ABA9E30-B7F8-45F8-8ECA-3AB04D27E160} - C:\Windows\System32\wmkuiygw.dll () O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation) O2 - BHO: (adShotHlpr Object) - {86EEDEA1-DA21-4101-91AA-9E3C4402A82F} - C:\Windows\System32\ahnpxfnb.dll () O2 - BHO: (voguecash browser enhancer) - {F4CFF9AB-3DEE-222D-B9C1-70A11594565B} - C:\Windows\System32\fxljiyzysswg.dll File not found O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [MChk] C:\Windows\System32\fxoncarg.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [skb] C:\Windows\System32\ahnpxfnb.dll () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe File not found O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O4 - Startup: C:\Users\Systemgo\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control) O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} http://host.cycore.net/plugins/windo..._5.3.0.228.cab (Cult3D ActiveX Player) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab (DLM Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_12) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/08/13 14:58:49 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2010/05/31 18:32:33 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010/06/06 23:30:42 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Systemgo\Desktop\OTL.exe [2010/06/06 00:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010/06/05 23:03:53 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Systemgo\Desktop\hijackthis.exe [2010/05/31 19:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/05/31 18:31:07 | 000,000,000 | ---D | C] -- C:\PerfLogs [2010/05/30 12:52:40 | 000,000,000 | ---D | C] -- C:\Users\Systemgo\AppData\Roaming\Malwarebytes [2010/05/30 12:52:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/05/30 12:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/05/30 12:52:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/05/30 12:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/05/30 12:50:29 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Systemgo\Desktop\mbam-setup.exe [2010/05/30 12:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\$NtUninstall***1012$ [2010/05/30 12:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Update [2010/05/30 12:34:42 | 000,000,000 | ---D | C] -- C:\Users\Systemgo\AppData\Roaming\C864C74BBAEA05C8 B9E5271DF4DC1F61 [2010/04/26 19:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2 [2010/04/26 18:56:22 | 000,000,000 | ---D | C] -- C:\Users\Systemgo\Documents\Image-Line [2010/04/26 18:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line [2010/04/26 18:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim [2010/03/29 23:48:58 | 000,000,000 | ---D | C] -- C:\Users\Systemgo\Desktop\my pictures [2010/03/20 16:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage [2010/03/20 15:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live [2010/03/20 15:37:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2010/03/18 00:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS [2010/03/18 00:04:43 | 000,000,000 | ---D | C] -- C:\Users\Systemgo\AppData\Roaming\Mozilla [2010/03/18 00:04:43 | 000,000,000 | ---D | C] -- C:\Users\Systemgo\AppData\Local\Mozilla [2010/03/18 00:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] |
#8
|
|||
|
|||
========== Files - Modified Within 90 Days ==========
[2010/06/06 23:33:28 | 002,099,506 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\Cat.DB [2010/06/06 23:31:22 | 004,194,304 | -HS- | M] () -- C:\Users\Systemgo\NTUSER.DAT [2010/06/06 23:30:50 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Systemgo\Desktop\OTL.exe [2010/06/06 23:26:37 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/06/06 23:26:37 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/06/06 23:15:18 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/06/06 23:15:18 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/06/06 23:15:18 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/06/06 23:09:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/06/06 23:09:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/06/06 23:09:04 | 3620,278,272 | -HS- | M] () -- C:\hiberfil.sys [2010/06/06 13:45:15 | 000,524,288 | -HS- | M] () -- C:\Users\Systemgo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms [2010/06/06 13:45:15 | 000,065,536 | -HS- | M] () -- C:\Users\Systemgo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/06/06 13:45:06 | 001,883,027 | -H-- | M] () -- C:\Users\Systemgo\AppData\Local\IconCache.db [2010/06/06 00:15:16 | 000,001,356 | ---- | M] () -- C:\Users\Systemgo\AppData\Local\d3d9caps.dat [2010/06/06 00:02:09 | 000,001,876 | ---- | M] () -- C:\Users\Systemgo\Desktop\HijackThis.lnk [2010/06/05 23:59:50 | 000,007,170 | ---- | M] () -- C:\Users\Systemgo\AppData\Roaming\wklnhst.dat [2010/06/05 23:04:09 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Systemgo\Desktop\hijackthis.exe [2010/06/05 22:39:52 | 000,200,704 | ---- | M] () -- C:\Users\Systemgo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/05 20:34:16 | 010,425,143 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- You can call me Al - Paul Simon - solo acoustic guitar - Igor Presnyakov.mp4 [2010/06/05 20:25:18 | 021,586,583 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Paul Simon - You Can Call Me Al.mp4 [2010/06/03 18:47:09 | 000,445,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/06/03 18:13:36 | 000,309,760 | ---- | M] () -- C:\Windows\System32\wmkuiygw.dll [2010/06/03 18:11:38 | 000,327,680 | ---- | M] () -- C:\Windows\System32\ahnpxfnb.dll [2010/06/01 23:28:12 | 005,076,461 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Rich Boy - Drop(Instrumental).mp4 [2010/06/01 23:22:39 | 009,282,107 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Jay Sean - Down (Instrumental & Lyrics).mp4 [2010/06/01 23:15:21 | 015,873,627 | ---- | M] () -- C:\Users\Systemgo\Documents\ube- Journey - Don't Stop Believin' (Instrumental & Lyrics).mp4 [2010/06/01 18:03:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf [2010/06/01 00:00:56 | 000,000,670 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Systemgo.job [2010/05/31 18:43:26 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest [2010/05/31 18:11:18 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll [2010/05/31 18:11:16 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll [2010/05/30 12:52:29 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/05/30 12:50:33 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Systemgo\Desktop\mbam-setup.exe [2010/05/30 12:48:00 | 000,363,520 | ---- | M] () -- C:\Users\Systemgo\Desktop\rkill.com [2010/05/30 12:35:31 | 000,050,981 | ---- | M] () -- C:\Windows\System32\lfctkdpuech.exe [2010/05/30 10:13:46 | 013,969,799 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- bodogFIGHT Girls Arm Bar from the Guard.mp4 [2010/05/26 11:05:25 | 013,056,282 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Oasis - Wonderwall (Drum & Bass remix).mp3 [2010/05/26 11:01:51 | 005,930,778 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Engine-Earz Experiment (Feat. Lena Cullen) - Reach You.mp3 [2010/05/26 11:01:49 | 008,467,482 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Zeds Dead - White Satin.mp3 [2010/05/26 11:01:46 | 007,260,954 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Sharam Ft. Daniel Bedingfield - The One.mp3 [2010/05/26 11:01:44 | 004,923,930 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Medicin - Summer Drummer (Rollz Remix).mp3 [2010/05/26 11:01:41 | 011,829,786 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Indivision - Secret Vision.mp3 [2010/05/26 11:01:14 | 044,465,636 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Oasis - Wonderwall (Drum & Bass remix).mp4 [2010/05/26 10:53:36 | 026,981,560 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Indivision - Secret Vision.mp4 [2010/05/26 10:40:01 | 018,923,419 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Zeds Dead - White Satin.mp4 [2010/05/26 10:37:47 | 013,120,625 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Engine-Earz Experiment (Feat. Lena Cullen) - Reach You.mp4 [2010/05/26 10:33:20 | 005,185,038 | ---- | M] () -- C:\Users\Systemgo\Desktop\TrillBass Right Round Remix.mp3 [2010/05/26 10:19:13 | 011,602,182 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Medicin - Summer Drummer (Rollz Remix).mp4 [2010/05/24 12:31:20 | 000,040,633 | ---- | M] () -- C:\Windows\System32\fxoncarg.exe [2010/05/21 11:35:44 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2010/05/19 18:15:48 | 000,027,932 | ---- | M] () -- C:\Users\Systemgo\Documents\--------------------- [2010/05/19 18:15:34 | 000,027,932 | ---- | M] () -- C:\Users\Systemgo\Documents\Untitled 1.odt [2010/05/18 21:01:53 | 000,305,440 | ---- | M] () -- C:\Users\Systemgo\Documents\level6win.jpg [2010/05/17 18:50:46 | 027,772,261 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- TheStar.com Air ambulance ride-along.mp4 [2010/05/17 18:03:15 | 001,301,896 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Two Ambulances Meet at Intersection Code 3.mp4 [2010/05/17 17:45:01 | 001,960,565 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Ambulance in New York city.mp4 [2010/05/14 02:32:01 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\isolat e.ini [2010/05/11 22:27:03 | 007,646,490 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- One Republic~All the right moves With Lyrics.mp3 [2010/05/11 21:45:55 | 014,849,023 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Bostonian Street Performer.mp4 [2010/05/11 21:25:34 | 007,032,945 | ---- | M] () -- C:\Users\Systemgo\Desktop\incredible_accordion_shr edding[1].flv [2010/05/11 21:23:43 | 004,949,750 | ---- | M] () -- C:\Users\Systemgo\Desktop\swedish_piano_stairs[1].flv [2010/05/11 21:09:22 | 013,714,966 | ---- | M] () -- C:\Users\Systemgo\Desktop\christmas_light_show[1].flv [2010/05/11 21:06:57 | 002,043,721 | ---- | M] () -- C:\Users\Systemgo\Desktop\checkerboard_illusion[1].flv [2010/05/11 21:06:03 | 003,208,152 | ---- | M] () -- C:\Users\Systemgo\Desktop\x_room_illusion[1].flv [2010/05/11 21:04:27 | 002,242,998 | ---- | M] () -- C:\Users\Systemgo\Desktop\gravity_soda_holder[1].flv [2010/05/11 21:03:07 | 003,601,561 | ---- | M] () -- C:\Users\Systemgo\Desktop\back_to_the_future_optic al_illusion[1].flv [2010/05/11 20:57:37 | 001,157,554 | ---- | M] () -- C:\Users\Systemgo\Desktop\superman_in_the_russian_ police[1].flv [2010/05/11 20:52:25 | 002,699,216 | ---- | M] () -- C:\Users\Systemgo\Desktop\coolest_candle_trick[1].flv |
#9
|
|||
|
|||
[2010/05/11 20:45:34 | 056,432,407 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Mark Titus (Club Trillion) - Mr. Rainmaker.mp4
[2010/05/11 20:42:19 | 006,849,421 | ---- | M] () -- C:\Users\Systemgo\Desktop\time_for_some_scratch_mu sic[1].flv [2010/05/11 20:19:59 | 003,200,391 | ---- | M] () -- C:\Users\Systemgo\Desktop\awesome_hockey_shootout[1].flv [2010/05/11 20:09:53 | 004,799,928 | ---- | M] () -- C:\Users\Systemgo\Desktop\failed_attempt_at_jumpin g_off_the_empire_state_building[1].flv [2010/05/11 20:07:31 | 014,102,314 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- One Republic~All the right moves With Lyrics.mp4 [2010/05/08 11:23:00 | 009,520,410 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Bloc Party - One More Chance (Tiësto Remix).mp3 [2010/05/08 11:22:57 | 009,938,202 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Wu Tang - PencilMyPianoFirehouse (Soroka Remixes) (Released 2009).mp3 [2010/05/08 11:22:56 | 004,007,706 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Way Out West - One Bright Night (Scuba Remix).mp3 [2010/05/08 11:22:55 | 011,686,170 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Way Out West - One Bright Night.mp3 [2010/05/08 11:22:53 | 014,339,610 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Sharam (Deep Dish) - Be The Change.mp3 [2010/05/08 11:22:51 | 014,438,682 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Moussa Clarke feat. Kathleen Fisher - Love Key (Jody Wisternoff Mix).mp3 [2010/05/08 11:22:49 | 010,755,354 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Jadakiss ft. Lil Wayne - Magic City (2009 Remix).mp3 [2010/05/08 11:22:48 | 006,966,810 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Gucci Mane - Gorgeous (Prod. By Zaytoven).mp3 [2010/05/06 00:28:20 | 004,972,610 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Gucci Mane - Gorgeous (Prod. By Zaytoven).mp4 [2010/05/06 00:24:06 | 013,483,328 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Jadakiss ft. Lil Wayne - Magic City (2009 Remix).mp4 [2010/05/06 00:17:34 | 010,549,590 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Wu Tang - PencilMyPianoFirehouse (Soroka Remixes) (Released 2009).mp4 [2010/05/06 00:13:42 | 001,565,671 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Thumper is a cuppycake..mp4 [2010/05/06 00:04:38 | 009,674,198 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Way Out West - One Bright Night.mp4 [2010/05/06 00:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\symtdi v.sys [2010/05/06 00:01:43 | 000,001,473 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symnet v.inf [2010/05/06 00:01:43 | 000,001,445 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symnet .inf [2010/05/05 23:56:11 | 003,763,571 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Way Out West - One Bright Night (Scuba Remix).mp4 [2010/05/05 23:55:44 | 019,168,888 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Jody Wisternoff in the Way Out West studio.mp4 [2010/05/05 23:47:13 | 026,517,002 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Moussa Clarke feat. Kathleen Fisher - Love Key (Jody Wisternoff Mix).mp4 [2010/05/05 23:45:00 | 026,719,416 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Sharam (Deep Dish) - Be The Change.mp4 [2010/05/05 23:40:51 | 000,036,254 | ---- | M] () -- C:\Users\Systemgo\Documents\Tiesto Tracklist.odt [2010/05/05 23:39:29 | 007,620,992 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Sharam-The One.mp4 [2010/05/05 23:36:21 | 004,290,066 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Sharam Ft. Daniel Bedingfield - The One.mp4 [2010/05/05 23:34:42 | 022,471,617 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Bloc Party - One More Chance (Tiësto Remix).mp4 [2010/05/05 22:40:03 | 010,009,150 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Chanel - Haute Couture Spring Summer 2010 - Focus on AcessoriesDetails.mp4 [2010/05/05 18:08:21 | 006,667,290 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Matisyahu - One Day - Lyrics.mp3 [2010/05/05 18:08:20 | 012,613,914 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Matisyahu - Time Of Your Song.mp3 [2010/05/05 18:05:49 | 012,124,981 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Matisyahu - Time Of Your Song.mp4 [2010/05/05 18:00:47 | 008,925,435 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Matisyahu - One Day - Lyrics.mp4 [2010/05/05 14:16:16 | 007,622,682 | ---- | M] () -- C:\Users\Systemgo\Documents\Drop the World - Lil Wayne and Eminem.mp3 [2010/05/05 14:16:15 | 007,743,258 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Coolio - Gangsters Paradise.mp3 [2010/05/05 14:16:14 | 007,958,298 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Eminem - Not Afraid.mp3 [2010/05/05 14:13:52 | 018,326,143 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Eminem - Not Afraid.mp4 [2010/05/05 14:04:54 | 006,785,999 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Coolio - Gangsters Paradise.mp4 [2010/05/05 14:04:16 | 007,621,561 | ---- | M] () -- C:\Users\Systemgo\Documents\Drop the World - Lil Wayne and Eminem.mp4 [2010/05/05 13:48:21 | 009,581,850 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Future Prophecies - September (Camo & Krooked Remix).mp3 [2010/05/05 13:45:57 | 010,062,618 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Miike Snow - Black & Blue (Netsky Remix).mp3 [2010/05/02 15:16:30 | 018,349,277 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Miike Snow - Black & Blue (Netsky Remix).mp4 [2010/05/02 15:07:37 | 022,031,394 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Future Prophecies - September (Camo & Krooked Remix).mp4 [2010/04/30 23:25:08 | 000,028,160 | ---- | M] () -- C:\Users\Systemgo\Documents\Cosmology Through the Disciplines.doc [2010/04/30 01:27:08 | 000,021,848 | ---- | M] () -- C:\Users\Systemgo\Documents\Scholarship Essay 5.0.odt [2010/04/29 22:31:42 | 011,596,314 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Wingsuit Base Jumping to Drum and Bass.mp3 [2010/04/29 22:31:40 | 012,007,194 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Moby - Porcelain (Atlantic Connection Remix).mp3 [2010/04/29 22:31:37 | 006,857,754 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Jay Sean - Down (ft. Lil Wayne) [SONG + LYRICS].mp3 [2010/04/29 22:31:36 | 006,501,402 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Ludacris - My Chick Bad Remix Feat Diamond Trina And Eve.mp3 [2010/04/29 19:09:45 | 011,281,173 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Moby - Porcelain (Atlantic Connection Remix).mp4 [2010/04/29 19:01:02 | 086,103,473 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Wingsuit Base Jumping to Drum and Bass.mp4 [2010/04/29 18:45:16 | 005,414,309 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Jay Sean - Down (ft. Lil Wayne) [SONG + LYRICS].mp4 [2010/04/29 18:35:14 | 026,436,859 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Ludacris - My Chick Bad Remix Feat Diamond Trina And Eve.mp4 [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\ironx8 6.sys [2010/04/29 01:03:51 | 000,007,438 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\iron.c at [2010/04/29 01:03:51 | 000,000,741 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\iron.i nf [2010/04/29 00:07:46 | 000,022,359 | ---- | M] () -- C:\Users\Systemgo\Documents\Scholarship Essay 4.0.odt [2010/04/27 14:53:42 | 000,021,626 | ---- | M] () -- C:\Users\Systemgo\Documents\Scholarship Essay 3.0.odt [2010/04/27 13:57:13 | 000,020,848 | ---- | M] () -- C:\Users\Systemgo\Documents\Scholarship Essay 2.0.odt [2010/04/27 13:40:38 | 000,025,581 | ---- | M] () -- C:\Users\Systemgo\Documents\Scholarship Essay.odt [2010/04/26 19:00:19 | 000,000,937 | ---- | M] () -- C:\Users\Systemgo\Documents\ASIO4ALL v2 Instruction Manual.lnk [2010/04/26 12:10:53 | 006,579,738 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Kesha - Tik Tok [HQ][official track + lyrics].mp3 [2010/04/26 12:10:52 | 004,941,594 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Ludacris - Roll Out.mp3 [2010/04/26 12:09:07 | 006,846,303 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Kesha - Tik Tok [HQ][official track + lyrics].mp4 [2010/04/26 12:06:14 | 006,432,940 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Ludacris - Roll Out.mp4 [2010/04/26 12:04:20 | 009,364,506 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- White Lies - Death (Chase & Status Remix).mp3 [2010/04/26 12:04:15 | 008,306,202 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Savage Rehab - New Dawn (Roll Out Of Bed Mix).mp3 [2010/04/26 12:04:12 | 004,590,618 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Flux Pavilion - Night Goes On.mp3 [2010/04/26 12:04:10 | 004,649,754 | ---- | M] () -- C:\Users\Systemgo\Documents\youTube- Flux Pavilion - Got 2 Know.mp3 [2010/04/26 12:04:09 | 007,769,370 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Drumsound & Bassline Smith - Fire (Burning).mp3 [2010/04/26 12:04:07 | 011,698,458 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Danny Byrd Ft. Liquid - Sweet Harmony.mp3 [2010/04/26 12:04:05 | 009,970,458 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Blue Foundation - Eyes On Fire (Zeds Dead Remix).mp3 [2010/04/26 12:04:04 | 005,582,874 | ---- | M] () -- C:\Users\Systemgo\Documents\Flux Pavilion - Voscillate (Roksonix Remix).mp3 [2010/04/26 12:04:02 | 004,655,898 | ---- | M] () -- C:\Users\Systemgo\Documents\Dubstep Snowman.mp3 [2010/04/26 11:58:03 | 022,699,634 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Blue Foundation - Eyes On Fire (Zeds Dead Remix).mp4 [2010/04/26 11:53:47 | 016,891,481 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- White Lies - Death (Chase & Status Remix).mp4 [2010/04/26 04:18:40 | 000,007,873 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symefa .cat [2010/04/26 01:23:03 | 018,042,423 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Drumsound & Bassline Smith - Fire (Burning).mp4 [2010/04/26 01:14:44 | 026,913,957 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Danny Byrd Ft. Liquid - Sweet Harmony.mp4 [2010/04/24 07:31:04 | 000,003,373 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symefa .inf [2010/04/24 03:19:15 | 006,106,485 | ---- | M] () -- C:\Users\Systemgo\Documents\------------------- [2010/04/22 23:59:45 | 019,098,064 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Savage Rehab - New Dawn (Roll Out Of Bed Mix).mp4 [2010/04/22 22:53:11 | 000,068,665 | ---- | M] () -- C:\Users\Systemgo\Documents\math142regressionexamp les.pdf [2010/04/22 22:52:42 | 000,026,492 | ---- | M] () -- C:\Users\Systemgo\Documents\Project 2 Math 161.ods [2010/04/22 22:44:46 | 000,025,751 | ---- | M] () -- C:\Users\Systemgo\Documents\Project 2 Math 161 Revised.ods [2010/04/21 23:02:36 | 000,007,787 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symnet v.cat [2010/04/21 23:02:36 | 000,007,368 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symnet .cat [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\symefa .sys [2010/04/21 23:01:56 | 000,007,425 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symds. cat [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\srtsp. sys [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\srtspx .sys [2010/04/21 22:29:50 | 000,007,442 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\srtspx .cat [2010/04/21 22:29:50 | 000,007,438 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\srtsp. cat [2010/04/21 22:29:50 | 000,001,388 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\srtspx .inf [2010/04/21 22:29:50 | 000,001,382 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\srtsp. inf [2010/04/20 20:34:47 | 000,318,016 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Lonestar- What About Now.mp3.sfk [2010/04/20 20:32:00 | 006,782,976 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Lonestar- What About Now.mp3 [2010/04/20 20:31:26 | 008,175,343 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Lonestar- What About Now.mp4 [2010/04/19 19:20:40 | 001,672,231 | ---- | M] () -- C:\Users\Systemgo\Documents\U10C019-U10C020_End_UserGuide_1.6-2009-02-20.pdf [2010/04/19 17:46:49 | 003,729,356 | ---- | M] () -- C:\Users\Systemgo\Documents\YouTube- Flux Pavilion - Night Goes On.mp4 [2010/04/19 17:44:30 | 004,016,920 | ---- | M] () -- C:\Users\Systemgo\Documents\youTube- Flux Pavilion - Got 2 Know.mp4 [2010/04/19 17:40:41 | 004,727,370 | ---- | M] () -- C:\Users\Systemgo\Documents\Flux Pavilion - Voscillate (Roksonix Remix).mp4 [2010/04/19 15:56:49 | 000,053,084 | ---- | M] () -- C:\Users\Systemgo\Documents\Excel Lab 4.ods [2010/04/14 23:47:55 | 011,406,376 | ---- | M] () -- C:\Users\Systemgo\Documents\Dubstep Snowman.mp4 [2010/04/14 22:49:18 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/04/13 22:18:53 | 000,022,016 | ---- | M] () -- C:\Users\Systemgo\Documents\SOD.xls [2010/04/06 23:35:17 | 000,028,861 | ---- | M] () -- C:\Users\Systemgo\Documents\------------------ [2010/03/24 23:46:08 | 000,035,189 | ---- | M] () -- C:\Users\Systemgo\Documents\My Letter.odt [2010/03/24 00:14:53 | 000,031,222 | ---- | M] () -- C:\Users\Systemgo\Documents\2009-10AcademicCalSummary.pdf [2010/03/24 00:07:00 | 000,029,850 | ---- | M] () -- C:\Users\Systemgo\Documents\2010-11AcademicCalSummary.pdf [2010/03/24 00:06:43 | 000,044,330 | ---- | M] () -- C:\Users\Systemgo\Documents\2010FA-regflyer%20.pdf [2010/03/23 12:48:56 | 000,035,178 | ---- | M] () -- C:\Users\Systemgo\Documents\hmmd.odt [2010/03/23 02:09:25 | 000,035,912 | ---- | M] () -- C:\Users\Systemgo\Documents\hmm.odt [2010/03/22 12:40:25 | 000,024,064 | ---- | M] () -- C:\Users\Systemgo\Documents\Using e - Solutions.doc [2010/03/20 13:43:39 | 000,021,595 | ---- | M] () -- C:\Users\Systemgo\Documents\--------- [2010/03/18 00:04:49 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2010/03/12 01:46:03 | 000,020,598 | ---- | M] () -- C:\Users\Systemgo\Documents\Excel Lab 3.ods [2010/03/11 01:47:23 | 000,031,862 | ---- | M] () -- C:\Users\Systemgo\Documents\----------------- [2010/03/09 01:42:24 | 000,146,473 | ---- | M] () -- C:\Users\Systemgo\Documents\------------------- [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] |
#10
|
|||
|
|||
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/06/13 17:21:23 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll [2008/06/12 17:07:39 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2008/06/12 17:07:29 | 000,000,032 | ---- | C] () -- C:\Windows\sierra.ini [2007/11/02 10:57:32 | 000,399,360 | ---- | C] () -- C:\Windows\System32\Smab.dll [2007/11/02 10:57:31 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2007/08/13 14:13:50 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll [2007/08/13 14:13:50 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll [2007/03/06 04:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2007/01/12 10:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2007/01/12 10:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2004/09/28 06:38:30 | 000,114,688 | ---- | C] () -- C:\Windows\System32\wmatimer.dll [1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2008/07/28 20:32:36 | 000,000,000 | ---D | M] -- C:\Users\Systemgo\AppData\Roaming\.purple [2008/11/06 21:00:46 | 000,000,000 | ---D | M] -- C:\Users\Systemgo\AppData\Roaming\Ableton [2008/07/28 10:26:36 | 000,000,000 | ---D | M] -- C:\Users\Systemgo\AppData\Roaming\acccore [2010/05/30 14:05:03 | 000,000,000 | ---D | M] -- C:\Users\Systemgo\AppData\Roaming\C864C74BBAEA05C8 B9E5271DF4DC1F61 [2009/03/27 08:31:19 | 000,000,000 | ---D | M] -- C:\Users\Systemgo\AppData\Roaming\Cakewalk [2007/11/17 16:13:23 | 000,000,000 | ---D | M] -- C:\Users\Systemgo\AppData\Roaming\ChaosPro [2007/11/01 20:51:52 | 000,000,000 | ---D | M] -- C:\Users\Systemgo\AppData\Roaming\GetRightToGo [2010/01/23 01:35:14 | 000,000,000 | ---D | M] -- C:\Users\Systemgo\AppData\Roaming\OpenOffice.org [2008/03/01 20:10:01 | 000,000,000 | ---D | M] -- C:\Users\Systemgo\AppData\Roaming\Opera [2009/03/29 19:45:56 | 000,000,000 | ---D | M] -- C:\Users\Systemgo\AppData\Roaming\Publish Providers [2007/08/18 14:40:33 | 000,000,000 | ---D | M] -- C:\Users\Systemgo\AppData\Roaming\Snapfish [2009/08/19 11:46:56 | 000,000,000 | ---D | M] -- C:\Users\Systemgo\AppData\Roaming\Sony [2007/08/18 22:03:10 | 000,000,000 | ---D | M] -- C:\Users\Systemgo\AppData\Roaming\Template [2010/06/06 13:45:11 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\mac hine.inf_f750e484\AGP440.sys [2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35 _6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35 _6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\agp440.sys [2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\mac hine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f 5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad36 4e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sy s [2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\msh dc.inf_cc18792d\atapi.sys [2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6 .0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\msh dc.inf_c6c2e699\atapi.sys [2008/02/13 16:15:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\msh dc.inf_7de13c21\atapi.sys [2008/02/13 16:15:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6 .0.6000.16632_none_db337a442479c42c\atapi.sys [2008/02/13 16:15:56 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6 .0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d29293 2a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\ias torv.inf_c9df7691\iaStorV.sys [2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35 _6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\ias torv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80 f5473b0ed783\netlogon.dll [2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f 5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3 304f351bb3a3\netlogon.dll [2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7 b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvr aid.inf_733654ff\nvstor.sys [2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvr aid.inf_31c3d71d\nvstor.sys [2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_ 6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.1 8000_none_380de25bd91b6f12\scecli.dll [2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.1 6386_none_35d7205fdc305e3e\scecli.dll [2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f 5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.1 8005_none_39f95b67d63d3a5e\scecli.dll < %systemroot%\*. /mp /s > ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E88BE39E < End of report > Good luck getting through that the post limits made it much harder. I replaced some things with "------------". "ahnpxfnb.dll" would be the Adware.EZlife virus. Last edited by Mynamehere; June 8th, 2010 at 08:25 PM. |
#11
|
||||
|
||||
Hi,
Download Combofix from any of the links below but rename it to <schrauber> before saving it to your desktop. Link 1 Link 2 -------------------------------------------------------------------- Double click on the renamed Combofix.exe & follow the prompts.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply. This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper If you need help, see this link: http://www.bleepingcomputer.com/comb...o-use-combofix |
#12
|
|||
|
|||
ComboFix 10-06-10.06 - Systemgo 06/11/2010 19:57:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3454.2239 [GMT -4:00] Running from: c:\users\Systemgo\Desktop\schrauber.exe AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor c:\programdata\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk c:\users\Systemgo\AppData\Roaming\C864C74BBAEA05C8 B9E5271DF4DC1F61 c:\users\Systemgo\AppData\Roaming\C864C74BBAEA05C8 B9E5271DF4DC1F61\enemies-names.txt c:\users\Systemgo\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Antimalware Doctor c:\windows\system32\ahNPxfnb.dll c:\windows\system32\wmkuiygw.dll . ((((((((((((((((((((((((( Files Created from 2010-05-12 to 2010-06-12 ))))))))))))))))))))))))))))))) . 2010-06-12 00:06 . 2010-06-12 00:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-06-10 00:46 . 2010-04-05 16:07 67072 ----a-w- c:\windows\system32\asycfilt.dll 2010-06-10 00:41 . 2010-04-16 16:10 1314816 ----a-w- c:\windows\system32\quartz.dll 2010-06-10 00:40 . 2010-05-01 13:53 2036224 ----a-w- c:\windows\system32\win32k.sys 2010-06-06 04:02 . 2010-06-06 04:02 -------- d-----w- c:\program files\Trend Micro 2010-06-01 21:25 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll 2010-06-01 21:25 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys 2010-06-01 21:25 . 2010-01-29 16:21 738304 ----a-w- c:\windows\system32\inetcomm.dll 2010-06-01 21:24 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll 2010-06-01 21:23 . 2008-09-18 04:56 125952 ----a-w- c:\windows\system32\wersvc.dll 2010-06-01 21:23 . 2008-09-18 04:56 147456 ----a-w- c:\windows\system32\Faultrep.dll 2010-06-01 21:23 . 2008-08-02 01:01 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2010-06-01 21:23 . 2008-06-26 03:29 565248 ----a-w- c:\windows\system32\emdmgmt.dll 2010-06-01 21:23 . 2008-08-02 03:26 36864 ----a-w- c:\windows\system32\cdd.dll 2010-06-01 21:23 . 2008-06-26 03:29 45056 ----a-w- c:\windows\system32\dataclen.dll 2010-06-01 21:23 . 2008-05-20 02:07 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys 2010-06-01 21:23 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll 2010-06-01 21:23 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll 2010-06-01 21:23 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll 2010-06-01 21:23 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe 2010-06-01 21:23 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe 2010-05-31 23:03 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-31 22:31 . 2010-05-31 22:31 -------- d-----w- C:\PerfLogs 2010-05-30 16:52 . 2010-05-30 16:52 -------- d-----w- c:\users\Systemgo\AppData\Roaming\Malwarebytes 2010-05-30 16:52 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-30 16:52 . 2010-05-30 16:52 -------- d-----w- c:\programdata\Malwarebytes 2010-05-30 16:52 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-30 16:52 . 2010-05-30 16:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-30 16:35 . 2010-05-30 16:35 50981 ----a-w- c:\windows\system32\lfctkdpuech.exe 2010-05-30 16:35 . 2010-05-30 16:35 -------- d-----w- c:\program files\$NtUninstall***1012$ 2010-05-30 16:35 . 2010-06-04 15:41 -------- d-----w- c:\programdata\Update 2010-05-24 16:31 . 2010-05-24 16:31 40633 ----a-w- c:\windows\system32\fxoncarg.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2010-06-11 23:30 . 2009-12-30 00:54 -------- d-----w- c:\users\Systemgo\AppData\Roaming\Skype 2010-06-11 22:38 . 2009-12-30 01:19 -------- d-----w- c:\users\Systemgo\AppData\Roaming\skypePM 2010-06-11 00:44 . 2008-05-17 14:48 1356 ----a-w- c:\users\Systemgo\AppData\Local\d3d9caps.dat 2010-06-10 21:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-06-10 21:39 . 2007-08-13 19:01 -------- d-----w- c:\programdata\Microsoft Help 2010-06-06 03:59 . 2007-08-19 02:03 7170 ----a-w- c:\users\Systemgo\AppData\Roaming\wklnhst.dat 2010-06-04 15:28 . 2008-03-23 03:15 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-01 22:03 . 2010-06-01 22:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf 2010-05-31 23:05 . 2009-08-29 17:45 -------- d-----w- c:\program files\SpeedFan 2010-05-31 23:04 . 2007-08-19 20:17 -------- d-----w- c:\program files\Common Files\Java 2010-05-31 23:03 . 2007-08-19 20:23 -------- d-----w- c:\program files\Java 2010-05-31 22:46 . 2007-09-22 13:32 -------- d-----w- c:\programdata\NVIDIA 2010-05-31 22:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2010-05-31 22:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2010-05-31 22:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2010-05-31 22:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2010-05-31 22:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2010-05-31 22:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2010-05-31 22:31 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-05-31 22:11 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2010-05-31 22:11 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll 2010-05-26 16:16 . 2010-06-10 00:42 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-26 14:25 . 2010-06-10 00:42 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-05-19 21:59 . 2010-01-23 05:42 1 ----a-w- c:\users\Systemgo\AppData\Roaming\OpenOffice.org\3 \user\uno_packages\cache\stamp.sys 2010-05-04 18:42 . 2010-06-10 00:42 833024 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 18:37 . 2010-06-10 00:42 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 16:53 . 2010-06-10 00:42 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2010-04-26 23:00 . 2010-04-26 23:00 -------- d-----w- c:\program files\ASIO4ALL v2 2010-04-26 22:56 . 2010-04-26 22:55 -------- d-----w- c:\program files\Image-Line 2010-04-26 22:55 . 2010-04-26 22:55 -------- d-----w- c:\program files\Outsim 2010-03-18 04:27 . 2010-03-18 04:27 1924976 ----a-w- c:\programdata\NOS\Adobe_Downloads\install_flash_p layer.exe 2010-03-18 04:04 . 2010-03-18 04:04 0 ----a-w- c:\windows\nsreg.dat 2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll 2006-05-03 10:06 . 2009-05-03 04:32 163328 --sh--r- c:\windows\System32\flvDX.dll 2007-02-21 11:47 . 2009-05-03 04:32 31232 --sh--r- c:\windows\System32\msfDX.dll 2008-03-16 13:30 . 2009-05-03 04:32 216064 --sh--r- c:\windows\System32\nbDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536] "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208] "DT HPW"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-01-16 280576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872] "NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-05-23 92704] "MChk"="c:\windows\system32\fxoncarg.exe" [2010-05-24 40633] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168] c:\users\Systemgo\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-9-9 113664] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2009-10-30 1824032] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R3 Df042pm17-;Df042pm17-; [x] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-03-03 710144] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\ SYMDS.SYS [2009-11-05 328752] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000 .00C\SYMEFA.SYS [2010-04-22 173104] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\2 0100429.001\BHDrvx86.sys [2010-04-29 537136] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.0 0C\ccHPx86.sys [2010-02-26 501888] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20 100604.004\IDSvix86.sys [2010-05-28 344112] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C \Ironx86.SYS [2010-04-29 116784] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1107000.00C \SYMTDIV.SYS [2010-05-06 339504] S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe [2010-02-26 126392] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-28 102448] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2010-06-08 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Systemgo.job - c:\program files\Norton Internet Security\Engine\17.7.0.12\navw32.exe [2010-05-21 05:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\users\Systemgo\AppData\Roaming\Mozilla\Firefox\ Profiles\djomz82g.default\ FF - prefs.js: browser.startup.homepage - google.com FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dl l FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinti ng.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.d ll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\components\co FFPlgn.dll FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\components\I PSFFPl.dll FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - BHO-{0ABA9E30-B7F8-45F8-8ECA-3AB04D27E160} - c:\windows\system32\wmkuiygw.dll BHO-{86EEDEA1-DA21-4101-91AA-9E3C4402A82F} - c:\windows\system32\ahnpxfnb.dll BHO-{F4CFF9AB-3DEE-222D-B9C1-70A11594565B} - c:\windows\system32\fxljiyzysswg.dll HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe HKLM-Run-skb - ahnpxfnb.dll AddRemove-SWAT3 Elite Edition - c:\sierra\SWAT3\UNWISE.EXE ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-11 20:06 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\users\Systemgo\AppData\Local\Temp\catchme.dll 53248 bytes executable scan completed successfully hidden files: 1 ************************************************** ************************ [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N IS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3136604953-2103396115-667938468-1000\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{A28BC4C8-6008-6191-AC89-FE818D99E166}*] "hapnbkhcbnoefbld"=hex:6a,61,65,65,62,6b,70,6e,69, 65,65,70,69,70,70,6f,6a,67, 6e,70,00,fb "ianklpkkondlflcppj"=hex:6a,61,67,65,6b,69,67,61,6 9,6b,6e,6e,66,6f,62,61,62,63, 6e,61,00,fb [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPL AY\HWP26A2\4&27cfc2d8&0&UID256\Device Parameters\MODES] @DACL=(02 0000) . Completion time: 2010-06-11 20:11:15 ComboFix-quarantined-files.txt 2010-06-12 00:11 Pre-Run: 48,614,064,128 bytes free Post-Run: 51,821,617,152 bytes free - - End Of File - - 2B63810EBFDFEB587C34306070A345FD |
#13
|
|||
|
|||
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org Database version: 4169 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 6/11/2010 8:36:38 PM mbam-log-2010-06-11 (20-36-38).txt Scan type: Quick scan Objects scanned: 127271 Time elapsed: 6 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> No action taken. HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
#14
|
||||
|
||||
Please re-run Malwarebytes and let it delete the threats found.
Please open OTL and post back with a fresh logfile. |
#15
|
|||
|
|||
Am I supposed to put in those original parameters you posted or should I just open the program and run a quick scan? The quick scan does not have nearly as much as the one I first pasted.
My Norton detected a vmain.class torjan virus the other day in a java folder if you have any interest in that. |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
AVG threat detect | wolflmg | Malware Removal | 11 | March 31st, 2010 01:59 AM |
Trojan Threat | avio | Malware Removal | 3 | February 21st, 2005 10:26 AM |
Another Adware threat | wheaton | Malware Removal | 2 | March 21st, 2004 09:55 PM |
adware threat | wheaton | Malware Removal | 22 | December 16th, 2003 04:31 AM |
Security Threat??? | gammite | Malware Removal | 7 | October 21st, 2003 11:39 AM |
All times are GMT +1. The time now is 05:44 PM.