Jump to content
Sign in to follow this  
jpb4999

Malware turned screen white

Recommended Posts

Something is causing my screen to turn white, usually after being left alone for a period of time. Hijackthis log is as follows. I have scanned with AdAware.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:26:40 AM, on 4/3/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iolo\common\lib\ioloServiceManager.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\CyberPatrol LLC\CyberPatrol\cpserver.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defa.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defa.../search/ie.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [CyberPatrolNew] "C:\Program Files\CyberPatrol LLC\CyberPatrol\CPHQ.exe" /m

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {A8B02DCA-7648-46D6-95A8-B84EC80CA49D} (JamShellLinkX Control) - https://builder.inmotionhosting.com/applet/...ploaderProj.cab

O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-29-0.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: CyberPatrol UpdateService - CyberPatrol LLC - C:\Program Files\CyberPatrol LLC\CyberPatrol\UpdateService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 9996 bytes

Share this post


Link to post
Share on other sites

Hello there, jpb4999

 

I'm Conspire, I'll be glad to help you with your computer problems.

 

Please observe these rules while we work:

  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise.

This may cause a delay, but I will do my best to keep it as short as possible.

 

Please bear with me, I will post back to you as soon as I can.

 

IMPORTANT NOTE : Please do not delete anything unless instructed to.

 

**In any case where you happen to be busy or unable to give us a reply, we would be more than grateful if you keep us informed in advance and we will be more than happy to wait. :)

Share this post


Link to post
Share on other sites

jpb4999

 

Sorry about that, followed the wrong link. Conspire will be along shortly

Share this post


Link to post
Share on other sites

Hi,

 

Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.(If exist)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

 

 

Note : Do not worry if you are unable to find any of these entries, continue with the ones that you discovered. Now close all windows other than HijackThis, then click Fix checked. Close HijackThis. Then reboot.

 

===================================================

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    netsvcs

    %SYSTEMDRIVE%\*.exe

    /md5start

    eventlog.dll

    scecli.dll

    netlogon.dll

    cngaudit.dll

    sceclt.dll

    ntelogon.dll

    logevent.dll

    iaStor.sys

    nvstor.sys

    atapi.sys

    IdeChnDr.sys

    viasraid.sys

    AGP440.sys

    vaxscsi.sys

    nvatabus.sys

    viamraid.sys

    nvata.sys

    nvgts.sys

    iastorv.sys

    ViPrt.sys

    eNetHook.dll

    ahcix86.sys

    KR10N.sys

    nvstor32.sys

    ahcix86s.sys

    nvrd32.sys

    symmpi.sys

    adp3132.sys

    mv61xx.sys

    /md5stop

    %systemroot%\*. /mp /s

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\system32\drivers\*.sys /lockedfiles

    %systemroot%\System32\config\*.sav

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.
===================================================

Posted Image

Download GMER Rootkit Scanner from here or here.

  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

     

    Posted Image

    Click the image to enlarge it

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

  • Save it where you can easily find it, such as your desktop, and attach it in your reply.
**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

===================================================

 

On your next reply please post :

OTL log

GMER log

Good Day!

Share this post


Link to post
Share on other sites

OTL Extras logfile created on: 4/6/2010 6:53:31 PM - Run 1

OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Owner.JOECOMPUTER\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 71.68 Gb Total Space | 19.07 Gb Free Space | 26.60% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

Drive I: | 232.88 Gb Total Space | 110.54 Gb Free Space | 47.47% Space Free | Partition Type: NTFS

 

Computer Name: JOECOMPUTER

Current User Name: Owner

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Program Files\Human Computing\ComicBase 14\ComicBase 14.exe" = C:\Program Files\Human Computing\ComicBase 14\ComicBase 14.exe:*:Enabled:ComicBase 14.exe -- (Human Computing. 95 S. Market Street #500, San Jose, CA 95113)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{06053AB3-B607-B752-3252-4A2EA9E9761E}" = CCC Help Dutch

"{06230E02-2B7E-11D2-92D0-0040051BD005}" = OLYMPUS CAMEDIA Master 2.5

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0B4A8658-43F1-50CA-AF30-C67E3AE2C9ED}" = CCC Help Greek

"{0CC61470-D776-2353-D5CB-C7BC20204863}" = CCC Help Finnish

"{0DE6646A-AFD0-44AC-A493-5A8A7ABB858F}" = CyberPatrol (Remove Only)

"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp

"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up

"{12655AB3-9285-A2F0-5BBC-C5C45E4D718C}" = CCC Help Czech

"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch

"{14374622-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Pro 2005

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy

"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy

"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding

"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = Symantec

"{24700C01-3A72-29D4-001B-6EE6BF71EB5E}" = CCC Help Korean

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{26262388-95BF-58B0-CD46-A8F957BB67BF}" = Catalyst Control Center Graphics Full Existing

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17

"{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet

"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{329376FB-FB6C-C587-F483-07E3418456F5}" = ccc-utility

"{33A38A8B-9E1E-BCBB-EA87-CE797EC75080}" = CCC Help Chinese Traditional

"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{369EEB32-64D1-F22A-1B2C-A3E81582E767}" = CCC Help Japanese

"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{3FCD8F30-057D-C96F-AEF4-B0D77DE9730C}" = CCC Help Portuguese

"{46605BDE-7F82-DB0F-7906-3279A7E639BE}" = Catalyst Control Center Localization All

"{480A8E00-D808-7D79-977B-CEBBB3BEB409}" = CCC Help French

"{48C7FD10-D6AD-8EE0-2E8E-0480C4EEB1BD}" = Catalyst Control Center HydraVision Full

"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City

"{4C643986-DE3C-4737-8472-CCEC36CCC267}" = Studio Content CD

"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics

"{53EF6570-21A4-47ED-A40A-E6470A5677A3}" = Studio 8

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic

"{5CA7ABC3-5F89-3A1D-A113-046EA4C7FCEB}" = ccc-core-static

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{6F77AD48-BA04-F868-2D04-FC1BFF5E00BA}" = Catalyst Control Center Graphics Light

"{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC

"{788907C5-C83B-9785-A1F0-67050017324E}" = CCC Help Spanish

"{7F5F1767-88C6-CBFC-5DD3-D853343FD5AE}" = CCC Help German

"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01

"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01

"{84DE3702-3262-BE38-27E8-5ED423D803C6}" = CCC Help Chinese Standard

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery

"{95053B5A-42E0-830E-85BD-733FAFC28BA7}" = ccc-core-preinstall

"{9B40D533-4F38-893D-EE5A-17226104BBC2}" = Skins

"{A08CB73B-5DEA-185D-5D98-2230004D75ED}" = CCC Help Danish

"{A22D91C3-E7BD-CBEE-7CDC-DE4C42FA27B7}" = CCC Help Hungarian

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom

"{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3

"{AD0DD974-ADC2-8C10-DFA6-C1203A6E5106}" = CCC Help Polish

"{ADC13459-59DE-4932-AD18-0C2D84179CD1}" = ComicBase 14.1.1 Update

"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{B014F739-B305-5319-D996-6612BD60ED74}" = CCC Help Swedish

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B4B1F18B-5CED-4f8f-8A8F-1BD0503C222E}" = DJ_AIO_ProductContext

"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers

"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C570CAF4-D734-5412-C842-9AB150803074}" = Catalyst Control Center Core Implementation

"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005

"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D01F5B2C-2776-6C46-441C-E819C08DF4FF}" = CCC Help Turkish

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}" = Norton AntiVirus SYMLT MSI

"{D2FCA53F-F568-D08A-458F-F7C9769A30ED}" = CCC Help Norwegian

"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center

"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer

"{D89B70AB-CF91-36A4-8658-FACA3AF6A654}" = Catalyst Control Center Graphics Previews Common

"{DADE7970-4E6A-11D4-8BA5-0050BAAA20E2}" = Jeopardy! 2nd Edition

"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon

"{DE057B84-3977-4107-AA5C-BD0600CDC8DF}" = MINITAB 14 Student

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{DF1274DC-02D4-B2D7-6197-5D24E1EF84B1}" = CCC Help Thai

"{E000D42E-5842-20A6-EEB1-6DED8C2746C5}" = CCC Help Italian

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari

"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI

"{E6B1F8A7-2EF2-47DC-B7D4-BA7E0C885D56}" = CuteFTP 6 Home

"{E7679B31-21F5-4AAE-1620-0DFACF702325}" = Catalyst Control Center Graphics Full New

"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes

"{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min

"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update

"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE

"{F83491F9-7CDF-46A7-9994-9E002CE5CE75}" = CCC Help Russian

"{FAB79D8F-6AAE-4B41-A7AF-14153245347D}" = Mach5 Mailer

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status

"{FDE409B1-1FF3-DC39-083E-C0F4ED496D5E}" = CCC Help English

"7-Zip" = 7-Zip 4.57

"Ad-Aware" = Ad-Aware

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"All ATI Software" = ATI - Software Uninstall Utility

"ATI Display Driver" = ATI Display Driver

"Belltech Greeting Card Designer 5.4.0_is1" = Belltech Greeting Card Designer 5.4.0

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"HijackThis" = HijackThis 2.0.2

"Hollywood FX 4.6" = Pinnacle Hollywood FX 4.6

"HP Imaging Device Functions" = HP Imaging Device Functions 9.0

"HP Photosmart Essential" = HP Photosmart Essential 2.01

"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0

"HPExtendedCapabilities" = HP Customer Participation Program 9.0

"ie8" = Windows Internet Explorer 8

"InstallShield_{DE057B84-3977-4107-AA5C-BD0600CDC8DF}" = MINITAB 14 Student

"InstallShield_{E6B1F8A7-2EF2-47DC-B7D4-BA7E0C885D56}" = CuteFTP 6 Home

"JAIELangPack" = Japanese Language Support

"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Basic)

"LiveReg" = LiveReg (Symantec Corporation)

"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"PROPLUSR" = Microsoft Office Professional Plus 2007

"PROSet" = Intel® PRO Network Adapters and Drivers

"RealArcade" = RealArcade

"RealPlayer 6.0" = RealPlayer Basic

"SBC Yahoo! DSL" = SBC Yahoo! DSL

"SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005 (Symantec Corporation)

"Unknown Device Identifier_is1" = Unknown Device Identifier 7.00

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinGimp-2.0_is1" = GIMP 2.6.7

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"yahtzeedownloadedition" = Yahtzee Download Edition

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"BitTorrent" = BitTorrent

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2/18/2010 1:58:41 AM | Computer Name = JOECOMPUTER | Source = MsiInstaller | ID = 11706

Description = Product: SolutionCenter -- Error 1706. An installation package for

the product SolutionCenter cannot be found. Try the installation again using a

valid copy of the installation package 'SolutionCenter.msi'.

 

Error - 3/8/2010 10:45:12 PM | Computer Name = JOECOMPUTER | Source = Microsoft Office 12 | ID = 1000

Description = Faulting application powerpnt.exe, version 12.0.4518.1014, stamp 45428035,

faulting module ppcore.dll, version 12.0.4518.1014, stamp 454281a3, debug? 0, fault

address 0x001af7b0.

 

Error - 3/10/2010 12:05:03 AM | Computer Name = JOECOMPUTER | Source = Application Error | ID = 1000

Description = Faulting application itunes.exe, version 9.0.3.15, faulting module

quicktime.qts, version 7.65.17.80, fault address 0x00104494.

 

Error - 3/11/2010 3:07:30 PM | Computer Name = JOECOMPUTER | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module unknown, version 0.0.0.0, fault address 0x3a2f2f70.

 

Error - 3/18/2010 4:36:57 PM | Computer Name = JOECOMPUTER | Source = Microsoft Office 12 | ID = 1000

Description = Faulting application powerpnt.exe, version 12.0.4518.1014, stamp 45428035,

faulting module ppcore.dll, version 12.0.4518.1014, stamp 454281a3, debug? 0, fault

address 0x001af7b0.

 

Error - 4/3/2010 12:51:31 PM | Computer Name = JOECOMPUTER | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error - 4/3/2010 12:51:34 PM | Computer Name = JOECOMPUTER | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error - 4/5/2010 10:24:03 AM | Computer Name = JOECOMPUTER | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error - 4/5/2010 10:38:07 AM | Computer Name = JOECOMPUTER | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error - 4/5/2010 10:38:17 AM | Computer Name = JOECOMPUTER | Source = Application Hang | ID = 1001

Description = Fault bucket 1180947459.

 

[ OSession Events ]

Error - 9/29/2009 8:39:37 AM | Computer Name = JOECOMPUTER | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 86 seconds with 60 seconds of active time. This session ended with a crash.

 

Error - 9/29/2009 8:40:29 AM | Computer Name = JOECOMPUTER | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 44 seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 9/29/2009 8:47:39 AM | Computer Name = JOECOMPUTER | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session

lasted 422 seconds with 180 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 4/5/2010 10:33:57 AM | Computer Name = JOECOMPUTER | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the LiveUpdate service to

connect.

 

Error - 4/5/2010 10:33:57 AM | Computer Name = JOECOMPUTER | Source = Service Control Manager | ID = 7000

Description = The LiveUpdate service failed to start due to the following error:

%%1053

 

Error - 4/5/2010 7:41:19 PM | Computer Name = JOECOMPUTER | Source = Service Control Manager | ID = 7022

Description = The HP CUE DeviceDiscovery Service service hung on starting.

 

Error - 4/5/2010 11:27:56 PM | Computer Name = JOECOMPUTER | Source = Service Control Manager | ID = 7022

Description = The HP CUE DeviceDiscovery Service service hung on starting.

 

Error - 4/6/2010 11:23:38 AM | Computer Name = JOECOMPUTER | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Symantec Core LC service

to connect.

 

Error - 4/6/2010 11:23:38 AM | Computer Name = JOECOMPUTER | Source = Service Control Manager | ID = 7000

Description = The Symantec Core LC service failed to start due to the following

error: %%1053

 

Error - 4/6/2010 11:25:19 AM | Computer Name = JOECOMPUTER | Source = W32Time | ID = 39452689

Description = Time Provider NtpClient: An error occurred during DNS lookup of the

manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup

again in 15 minutes. The error was: A socket operation was attempted to an unreachable

host. (0x80072751)

 

Error - 4/6/2010 11:25:19 AM | Computer Name = JOECOMPUTER | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.

 

Error - 4/6/2010 11:26:40 AM | Computer Name = JOECOMPUTER | Source = Service Control Manager | ID = 7022

Description = The HP CUE DeviceDiscovery Service service hung on starting.

 

Error - 4/6/2010 7:46:14 PM | Computer Name = JOECOMPUTER | Source = Service Control Manager | ID = 7022

Description = The HP CUE DeviceDiscovery Service service hung on starting.

 

 

< End of report >

Share this post


Link to post
Share on other sites

OTL logfile created on: 4/6/2010 6:53:31 PM - Run 1

OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Owner.JOECOMPUTER\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 71.68 Gb Total Space | 19.07 Gb Free Space | 26.60% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

Drive I: | 232.88 Gb Total Space | 110.54 Gb Free Space | 47.47% Space Free | Partition Type: NTFS

 

Computer Name: JOECOMPUTER

Current User Name: Owner

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Owner.JOECOMPUTER\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()

PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)

PRC - C:\Program Files\CyberPatrol LLC\CyberPatrol\cpserver.exe (CyberPatrol LLC.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)

PRC - C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE (Symantec Corporation)

PRC - C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\Owner.JOECOMPUTER\Desktop\OTL.exe (OldTimer Tools)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()

SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()

SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)

SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)

SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)

SRV - (Mach5 Mailer Scheduler) -- C:\Program Files\Mach5 Mailer 4\Mach5.SchedullerService.exe ()

SRV - (CyberPatrol UpdateService) -- C:\Program Files\CyberPatrol LLC\CyberPatrol\UpdateService.exe (CyberPatrol LLC)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)

SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)

SRV - (SBService) -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE (Symantec Corporation)

SRV - (NPFMntor) -- C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe (Symantec Corporation)

SRV - (navapsvc) -- C:\Program Files\Norton AntiVirus\navapsvc.exe (Symantec Corporation)

SRV - (SAVScan) -- C:\Program Files\Norton AntiVirus\SAVScan.exe (Symantec Corporation)

SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (SBRE) -- C:\WINDOWS\SYSTEM32\DRIVERS\SBREDrv.sys (Sunbelt Software)

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100331.005\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100331.005\NAVENG.SYS (Symantec Corporation)

DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20100402.001\SymIDSCo.sys (Symantec Corporation)

DRV - (symlcbrd) -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys (Symantec Corporation)

DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (61883) -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys (Microsoft Corporation)

DRV - (Avc) -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys (Microsoft Corporation)

DRV - (MSDV) -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys (Microsoft Corporation)

DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)

DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)

DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)

DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)

DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)

DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)

DRV - (P17) -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys (Creative Technology Ltd.)

DRV - (SAVRTPEL) -- C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS (Symantec Corporation)

DRV - (SAVRT) -- C:\Program Files\Norton AntiVirus\SAVRT.SYS (Symantec Corporation)

DRV - (ossrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)

DRV - (ctsfm2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)

DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

DRV - (pfc) -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys (Padus, Inc.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/customize/sbcydsl/defa.../search/ie.html

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/22 16:25:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/22 16:25:19 | 000,000,000 | ---D | M]

 

[2010/01/05 14:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JOECOMPUTER\Application Data\Mozilla\Extensions

[2010/03/26 09:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JOECOMPUTER\Application Data\Mozilla\Firefox\Profiles\225mavyo.default\extensions

[2010/01/05 15:35:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner.JOECOMPUTER\Application Data\Mozilla\Firefox\Profiles\225mavyo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/01/09 00:50:50 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Owner.JOECOMPUTER\Application Data\Mozilla\Firefox\Profiles\225mavyo.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2010/03/26 09:06:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2006/07/25 15:40:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2004/11/12 22:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll

[2006/10/10 15:57:38 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll

[2008/02/02 16:45:20 | 000,090,112 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

 

O1 HOSTS File: ([2010/04/03 13:23:36 | 000,385,900 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 13312 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [CyberPatrolNew] C:\Program Files\CyberPatrol LLC\CyberPatrol\CPHQ.exe (CyberPatrol LLC.)

O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (Yahoo! Inc.)

O9 - Extra 'Tools' menuitem : Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (Yahoo! Inc.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)

O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {A8B02DCA-7648-46D6-95A8-B84EC80CA49D} https://builder.inmotionhosting.com/applet/...ploaderProj.cab (JamShellLinkX Control)

O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DDRevision Class)

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-29-0.cab (EPUImageControl Class)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Owner.JOECOMPUTER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.JOECOMPUTER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{94f58a91-f653-11de-aacb-001111a9c4ba}\Shell - "" = AutoRun

O33 - MountPoints2\{94f58a91-f653-11de-aacb-001111a9c4ba}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{94f58a91-f653-11de-aacb-001111a9c4ba}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O33 - MountPoints2\{94f58a92-f653-11de-aacb-001111a9c4ba}\Shell\AutoRun\command - "" = F:\XCRACK\xKCARC\autorunme.exe -- File not found

O33 - MountPoints2\{94f58a92-f653-11de-aacb-001111a9c4ba}\Shell\Explore\Command - "" = F:\

O33 - MountPoints2\{94f58a92-f653-11de-aacb-001111a9c4ba}\Shell\open\command - "" = F:\XCRACK\xKCARC\autorunme.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2009/09/19 12:18:28 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/04/06 18:51:07 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.JOECOMPUTER\Desktop\OTL.exe

[2010/04/05 12:42:23 | 000,000,000 | ---D | C] -- C:\HIJACKTHIS

[2010/04/03 12:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/04/03 12:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

[2010/04/03 09:39:57 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\spybotsd162.exe

[2010/04/02 11:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2010/03/15 11:32:03 | 000,230,808 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid

[2010/03/15 00:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\Convergence Plans(Team Discussion)

[2010/03/15 00:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\docProps

[2010/03/15 00:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\ppt

[2010/03/15 00:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\_rels

[2010/03/09 09:47:04 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe

[2009/06/08 17:41:54 | 000,020,480 | ---- | C] (Mercury Development) -- C:\Program Files\Common Files\Mach5.Mailer.Install.dll

[2009/06/08 17:41:48 | 000,016,384 | ---- | C] (Mercury Development) -- C:\Program Files\Common Files\Mach5.Install.dll

[2007/11/16 07:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

[2007/06/09 17:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo

[2007/06/07 18:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!

[2006/12/17 09:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2006/12/16 19:23:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2006/08/18 22:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio

[2005/02/08 23:37:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2004/12/18 12:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec

[2004/12/15 19:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall

[2004/12/11 12:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2002/04/10 20:41:06 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010/04/06 18:51:12 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.JOECOMPUTER\Desktop\OTL.exe

[2010/04/06 18:48:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job

[2010/04/06 18:48:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job

[2010/04/06 18:48:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job

[2010/04/06 18:48:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job

[2010/04/06 18:44:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/04/06 18:44:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/04/06 10:49:22 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Owner.JOECOMPUTER\NTUSER.DAT

[2010/04/06 10:49:21 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner.JOECOMPUTER\ntuser.ini

[2010/04/05 18:37:07 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk

[2010/04/04 17:48:00 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/04/03 13:23:36 | 000,385,900 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts

[2010/04/03 09:39:57 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\spybotsd162.exe

[2010/04/02 23:37:34 | 000,000,102 | ---- | M] () -- C:\WINDOWS\VSWizard.ini

[2010/03/31 21:55:24 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Skype.lnk

[2010/03/29 21:37:29 | 000,013,275 | ---- | M] () -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\War is a Cockroach.docx

[2010/03/26 20:53:37 | 000,000,546 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job

[2010/03/24 17:22:09 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk

[2010/03/23 19:18:16 | 000,014,328 | ---- | M] () -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\Japanese Essay.docx

[2010/03/22 15:39:44 | 000,000,001 | ---- | M] () -- C:\WINDOWS\lgo

[2010/03/22 15:29:29 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\Owner.JOECOMPUTER\Desktop\System Mechanic.lnk

[2010/03/22 13:16:13 | 000,080,663 | ---- | M] () -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\Intege Japan.docx

[2010/03/22 08:54:11 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/03/22 08:54:09 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

[2010/03/22 08:53:35 | 000,000,001 | -H-- | M] () -- C:\WINDOWS\bk23567.dat

[2010/03/22 08:53:35 | 000,000,001 | ---- | M] () -- C:\WINDOWS\fdgg34353edfgdfdf

[2010/03/17 22:14:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/03/16 19:42:42 | 000,093,096 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll

[2010/03/16 19:42:32 | 002,315,688 | ---- | M] () -- C:\WINDOWS\System32\Incinerator.dll

[2010/03/15 11:32:03 | 000,230,808 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid

[2010/03/15 11:32:03 | 000,230,808 | ---- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid

[2010/03/15 00:03:36 | 000,006,213 | ---- | M] () -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\[Content_Types].xml

[2010/03/15 00:02:58 | 000,095,467 | ---- | M] () -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\Convergence Plans(Team Discussion).zip

[2010/03/14 08:01:04 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/03/14 08:01:03 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/03/14 08:01:02 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/03/11 14:12:19 | 000,301,910 | ---- | M] () -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\IMG00011-20100312-1011.jpg

[2010/03/10 10:57:18 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk

[2010/03/09 19:18:44 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/04/05 18:37:06 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk

[2010/03/29 19:10:04 | 000,013,275 | ---- | C] () -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\War is a Cockroach.docx

[2010/03/23 16:45:56 | 000,014,328 | ---- | C] () -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\Japanese Essay.docx

[2010/03/22 13:16:13 | 000,080,663 | ---- | C] () -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\Intege Japan.docx

[2010/03/22 08:53:35 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\bk23567.dat

[2010/03/22 08:53:35 | 000,000,001 | ---- | C] () -- C:\WINDOWS\lgo

[2010/03/22 08:53:35 | 000,000,001 | ---- | C] () -- C:\WINDOWS\fdgg34353edfgdfdf

[2010/03/15 00:02:53 | 000,095,467 | ---- | C] () -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\Convergence Plans(Team Discussion).zip

[2010/03/11 14:08:04 | 000,301,910 | ---- | C] () -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\IMG00011-20100312-1011.jpg

[2010/02/11 16:01:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.JOECOMPUTER\Application Data\wklnhst.dat

[2010/02/01 18:43:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.JOECOMPUTER\QBInstanceFinder.log

[2010/01/14 09:32:32 | 000,005,300 | ---- | C] () -- C:\Documents and Settings\Owner.JOECOMPUTER\63215362142514253251425321425142535142532514253251425325144125351425325142532514232514253.7z

[2010/01/14 00:21:18 | 000,004,435 | ---- | C] () -- C:\Documents and Settings\Owner.JOECOMPUTER\.recently-used.xbel

[2009/11/26 10:22:14 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/11/19 16:00:29 | 000,000,214 | ---- | C] () -- C:\WINDOWS\{ADC13459-59DE-4932-AD18-0C2D84179CD1}_WiseFW.ini

[2009/10/16 09:20:10 | 000,011,338 | ---- | C] () -- C:\WINDOWS\ts.dll

[2009/10/16 09:20:10 | 000,004,238 | ---- | C] () -- C:\WINDOWS\nt16.dll

[2009/10/13 17:43:44 | 000,002,012 | ---- | C] () -- C:\Program Files\Common Files\Mach5.Mailer.Install.InstallState

[2009/10/13 10:29:58 | 002,315,688 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll

[2009/10/13 10:22:10 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll

[2009/10/13 10:18:53 | 000,000,180 | ---- | C] () -- C:\WINDOWS\{28ABBD00-B23F-427A-AA55-B708F44A8F79}_WiseFW.ini

[2009/10/05 17:15:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.JOECOMPUTER\AdobeWeb.log

[2009/10/01 08:32:28 | 000,000,172 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/09/30 12:02:19 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Vocals

[2009/09/30 12:02:19 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner.JOECOMPUTER\Application Data\User Loops

[2009/09/30 12:02:19 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLdu.DAT

[2009/09/22 20:14:48 | 000,048,640 | ---- | C] () -- C:\WINDOWS\tsnt.dll

[2009/09/22 20:14:48 | 000,030,240 | ---- | C] () -- C:\WINDOWS\unwise.dll

[2009/09/22 20:13:40 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Owner.JOECOMPUTER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/09/21 00:04:23 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll

[2009/09/20 22:30:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AutoRun.INI

[2009/09/19 19:38:10 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini

[2009/09/19 19:38:10 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2009/09/19 19:33:59 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini

[2009/09/19 19:22:29 | 000,014,223 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log

[2009/09/19 18:42:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

[2009/09/19 17:50:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll

[2009/09/19 17:45:15 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Owner.JOECOMPUTER\ntuser.ini

[2009/09/19 17:45:14 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Owner.JOECOMPUTER\ntuser.dat.LOG

[2009/09/19 17:45:13 | 008,650,752 | -H-- | C] () -- C:\Documents and Settings\Owner.JOECOMPUTER\NTUSER.DAT

[2008/06/30 23:44:47 | 000,005,120 | -HS- | C] () -- C:\Program Files\Thumbs.db

[2008/06/30 23:10:07 | 000,064,570 | ---- | C] () -- C:\Program Files\Barbi2.jpg

[2006/06/29 19:33:31 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf

[2005/12/21 17:57:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll

[2005/12/21 17:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll

[2005/12/21 17:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll

[2005/05/03 06:38:42 | 000,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll

[2003/10/02 05:48:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll

 

========== LOP Check ==========

 

[2009/10/16 10:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberPatrol

[2009/09/30 12:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Dialogs

[2009/09/30 12:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EnterNHelp

[2009/10/13 09:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Human Computing

[2010/04/03 09:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\iolo

[2009/10/13 17:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Mach5 Mailer

[2009/09/30 12:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nikon

[2009/09/30 12:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ultima_T15

[2009/12/03 10:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Zylom

[2009/09/25 19:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2010/01/27 18:40:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

[2010/03/28 18:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JOECOMPUTER\Application Data\BitTorrent

[2009/10/16 15:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JOECOMPUTER\Application Data\GlobalSCAPE

[2010/01/13 23:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JOECOMPUTER\Application Data\gtk-2.0

[2009/09/25 15:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JOECOMPUTER\Application Data\Human Computing

[2009/10/13 18:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JOECOMPUTER\Application Data\InterTrust

[2009/10/13 10:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JOECOMPUTER\Application Data\iolo

[2009/09/19 19:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JOECOMPUTER\Application Data\Leadertech

[2009/09/30 12:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JOECOMPUTER\Application Data\Nikon

[2010/02/11 16:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.JOECOMPUTER\Application Data\Template

[2010/04/06 18:48:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job

[2010/04/06 18:48:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job

[2010/04/06 18:48:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job

[2010/04/06 18:48:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

[2008/09/27 04:05:42 | 240,807,904 | ---- | M] () -- C:\ComicBase Atlas.exe

[2009/01/05 21:27:54 | 002,718,936 | ---- | M] (Microsoft Corporation) -- C:\Jet40SP5_9xNT.exe

[2009/01/06 00:24:47 | 003,800,825 | ---- | M] () -- C:\mailer-nten.exe

[2005/08/26 14:59:18 | 000,746,496 | ---- | M] () -- C:\Resize.exe

[2008/12/24 14:36:32 | 008,215,688 | ---- | M] (SmartSoft Ltd) -- C:\SFTPMSI.exe

[2007/11/20 14:35:58 | 000,107,632 | ---- | M] () -- C:\sj630en.exe

[2010/04/03 09:39:57 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\spybotsd162.exe

[2008/12/25 01:27:38 | 001,465,242 | ---- | M] () -- C:\TubeThumperWin.exe

[2008/08/26 22:15:15 | 000,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\utorrent.exe

[2009/05/02 02:52:55 | 013,194,592 | ---- | M] () -- C:\winzip120.exe

[2009/07/17 11:19:48 | 009,577,800 | ---- | M] () -- C:\winzip121.exe

 

 

< MD5 for: AGP440.SYS >

[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys

[2004/08/12 09:06:15 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys

[2009/09/23 21:31:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys

[2009/09/23 21:31:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys

[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS

 

< MD5 for: ATAPI.SYS >

[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys

[2004/08/12 09:06:15 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys

[2009/09/23 21:31:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys

[2009/09/23 21:31:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys

[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys

[2004/08/12 08:55:51 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

 

< MD5 for: EVENTLOG.DLL >

[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll

[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL

[2004/08/12 08:57:17 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 

< MD5 for: IASTOR.SYS >

[2004/08/12 09:11:50 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\dell\iastor\iastor.sys

 

< MD5 for: NETLOGON.DLL >

[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll

[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL

[2004/08/12 09:02:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 

< MD5 for: SCECLI.DLL >

[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL

[2004/08/12 09:04:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[2009/09/29 21:20:58 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\ATIDEMGX.dll

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

[2009/09/19 12:23:01 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\default.sav

[2009/09/19 12:23:01 | 000,634,880 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\software.sav

[2009/09/19 12:23:01 | 000,909,312 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\system.sav

 

========== Files - Unicode (All) ==========

[2009/09/20 23:47:10 | 000,048,640 | ---- | C] ()(C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\?????.doc) -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\みなちゃん.doc

[2009/09/20 23:47:10 | 000,025,088 | ---- | C] ()(C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\???????.doc) -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\私のしゅうまつ.doc

[2009/09/20 23:47:10 | 000,024,576 | ---- | C] ()(C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\???????????????????.doc) -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\ピアノリサイタルの日が近ずいて来ました.doc

[2009/09/20 23:47:10 | 000,024,576 | ---- | C] ()(C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\??????????????.doc) -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\パレアモジェームス八月十六日.doc

[2009/09/20 23:47:10 | 000,024,576 | ---- | C] ()(C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\???????????.doc) -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\お月謝についてのお願い.doc

[2009/09/20 23:47:10 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\?????????.doc) -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\生徒募集のお知らせ.doc

[2009/09/20 23:47:10 | 000,021,504 | ---- | C] ()(C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\?????????.doc) -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\長い夏休みも終わり.doc

[2009/09/20 23:47:10 | 000,020,992 | ---- | C] ()(C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\????????????.doc) -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\ピアノリサイタルのご案内.doc

[2009/09/20 23:47:10 | 000,020,992 | ---- | C] ()(C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\??????.doc) -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\ご両親様各位.doc

[2009/09/01 10:30:38 | 000,024,576 | ---- | M] ()(C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\???????????.doc) -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\お月謝についてのお願い.doc

[2009/05/27 11:33:30 | 000,024,576 | ---- | M] ()(C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\???????????????????.doc) -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\ピアノリサイタルの日が近ずいて来ました.doc

[2009/05/04 07:31:31 | 000,020,992 | ---- | M] ()(C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\????????????.doc) -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\ピアノリサイタルのご案内.doc

[2009/04/12 21:47:16 | 000,025,088 | ---- | M] ()(C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\???????.doc) -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\私のしゅうまつ.doc

[2009/04/10 19:23:57 | 000,048,640 | ---- | M] ()(C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\?????.doc) -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\みなちゃん.doc

[2008/08/25 13:16:44 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\?????????.doc) -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\生徒募集のお知らせ.doc

[2008/08/16 17:57:31 | 000,024,576 | ---- | M] ()(C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\??????????????.doc) -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\パレアモジェームス八月十六日.doc

[2007/08/27 11:03:10 | 000,020,992 | ---- | M] ()(C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\??????.doc) -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\ご両親様各位.doc

[2006/08/21 15:14:10 | 000,021,504 | ---- | M] ()(C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\?????????.doc) -- C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\長い夏休みも終わり.doc

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\until2.gif:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\Under.gif:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\Seating.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\Project.dmsd:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\pcs3075_a.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\NeroVision:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\NanaLive.dmsd:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\Nana67.dmsd:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\n1533584367_122316_3491.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\My Scans:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\ken2007index.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\Joe Palermo - Joe's Greatest Hits 2.jwl:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\guys.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\Glasses2.JPG:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\GATotal.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\gaset4.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\gaset3.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\gaset2.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\GAset.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\GA5.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\GA2.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\GA1.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\Dmitri.bmp:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\ContactSheet-2 YPf.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\ContactSheet-1 YPf.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner.JOECOMPUTER\My Documents\853a_1.jpg:Roxio EMC Stream

< End of report >

Share this post


Link to post
Share on other sites

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-04-07 00:16:52

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOCUME~1\OWNER~1.JOE\LOCALS~1\Temp\ugdcyaog.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT 89D0AEF8 ZwConnectPort

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF766787E]

SSDT IPVNMon.sys (IPVNMon/Visual Networks) ZwDeviceIoControlFile [0xF795E803]

SSDT 8A488370 ZwOpenProcess

SSDT 8A47FA58 ZwOpenThread

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7667BFE]

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

 

---- Files - GMER 1.0.15 ----

 

File C:\System Volume Information\_restore{E67CB511-682B-4947-9EE9-9BB8C76EE60F}\RP245\snapshot\Repository\FS\INDEX.BTR 1261568 bytes

File C:\System Volume Information\_restore{E67CB511-682B-4947-9EE9-9BB8C76EE60F}\RP245\snapshot\Repository\FS\INDEX.MAP 648 bytes

File C:\System Volume Information\_restore{E67CB511-682B-4947-9EE9-9BB8C76EE60F}\RP245\snapshot\Repository\FS\MAPPING.VER 4 bytes

File C:\System Volume Information\_restore{E67CB511-682B-4947-9EE9-9BB8C76EE60F}\RP245\snapshot\Repository\FS\MAPPING1.MAP 3536 bytes

File C:\System Volume Information\_restore{E67CB511-682B-4947-9EE9-9BB8C76EE60F}\RP245\snapshot\Repository\FS\MAPPING2.MAP 3536 bytes

File C:\System Volume Information\_restore{E67CB511-682B-4947-9EE9-9BB8C76EE60F}\RP245\snapshot\Repository\FS\OBJECTS.DATA 5857280 bytes

File C:\System Volume Information\_restore{E67CB511-682B-4947-9EE9-9BB8C76EE60F}\RP245\snapshot\Repository\FS\OBJECTS.MAP 2896 bytes

File C:\System Volume Information\_restore{E67CB511-682B-4947-9EE9-9BB8C76EE60F}\RP246\A0037547.lnk 0 bytes

 

---- EOF - GMER 1.0.15 ----

Share this post


Link to post
Share on other sites

Hi,

 

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

     

    :OTL
    O33 - MountPoints2\{94f58a91-f653-11de-aacb-001111a9c4ba}\Shell - "" = AutoRun
    O33 - MountPoints2\{94f58a91-f653-11de-aacb-001111a9c4ba}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{94f58a91-f653-11de-aacb-001111a9c4ba}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{94f58a92-f653-11de-aacb-001111a9c4ba}\Shell\AutoRun\command - "" = F:\XCRACK\xKCARC\autorunme.exe -- File not found
    O33 - MountPoints2\{94f58a92-f653-11de-aacb-001111a9c4ba}\Shell\Explore\Command - "" = F:\
    O33 - MountPoints2\{94f58a92-f653-11de-aacb-001111a9c4ba}\Shell\open\command - "" = F:\XCRACK\xKCARC\autorunme.exe -- File not found
    [2010/03/22 08:53:35 | 000,000,001 | -H-- | M] () -- C:\WINDOWS\bk23567.dat
    [2010/03/22 08:53:35 | 000,000,001 | ---- | M] () -- C:\WINDOWS\fdgg34353edfgdfdf
    [2010/03/22 08:53:35 | 000,000,001 | ---- | C] () -- C:\WINDOWS\lgo
    
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
===================================================

 

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

 

(If you use FireFox or the Opera browser

To keep saved passwords, click No at the prompt.)

 

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

 

===================================================

 

Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware here and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.)
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:

    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.

 

===================================================

 

Eset online scannner

 

You can use either Internet Explorer or Mozilla FireFox for this scan.

 

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish.
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
===================================================

 

 

On your next reply please post :

OTL log

MBAM log

ESET log

Good Day!

Share this post


Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94f58a91-f653-11de-aacb-001111a9c4ba}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94f58a91-f653-11de-aacb-001111a9c4ba}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94f58a91-f653-11de-aacb-001111a9c4ba}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94f58a91-f653-11de-aacb-001111a9c4ba}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94f58a91-f653-11de-aacb-001111a9c4ba}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94f58a91-f653-11de-aacb-001111a9c4ba}\ not found.

File E:\LaunchU3.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94f58a92-f653-11de-aacb-001111a9c4ba}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94f58a92-f653-11de-aacb-001111a9c4ba}\ not found.

File F:\XCRACK\xKCARC\autorunme.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94f58a92-f653-11de-aacb-001111a9c4ba}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94f58a92-f653-11de-aacb-001111a9c4ba}\ not found.

File F:\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94f58a92-f653-11de-aacb-001111a9c4ba}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94f58a92-f653-11de-aacb-001111a9c4ba}\ not found.

File F:\XCRACK\xKCARC\autorunme.exe not found.

C:\WINDOWS\bk23567.dat moved successfully.

C:\WINDOWS\fdgg34353edfgdfdf moved successfully.

C:\WINDOWS\lgo moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: Administrator.JOECOMPUTER

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: All Users

 

User: All Users.WINDOWS

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: Default User.WINDOWS

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41044 bytes

 

User: Joe

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Java cache emptied: 963801 bytes

->Flash cache emptied: 11515 bytes

 

User: Joe2

->Temp folder emptied: 587274881 bytes

->Temporary Internet Files folder emptied: 113636401 bytes

->Java cache emptied: 28303616 bytes

->FireFox cache emptied: 6797195 bytes

->Apple Safari cache emptied: 14375347 bytes

->Flash cache emptied: 1632662 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 702871 bytes

 

User: LocalService.NT AUTHORITY

->Temp folder emptied: 65984 bytes

->Temporary Internet Files folder emptied: 158343 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 1223723 bytes

 

User: NetworkService.NT AUTHORITY

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 992682 bytes

 

User: Owner

 

User: Owner.JOECOMPUTER

->Temp folder emptied: 25081507 bytes

->Temporary Internet Files folder emptied: 425876070 bytes

->Java cache emptied: 13756637 bytes

->FireFox cache emptied: 46825743 bytes

->Flash cache emptied: 2604274 bytes

 

User: OWNER~1~JOE

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2615129 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 6047488 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23864566 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 596334 bytes

 

Total Files Cleaned = 1,243.00 mb

 

 

OTL by OldTimer - Version 3.2.1.0 log created on 04092010_083703

 

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\Owner.JOECOMPUTER\Local Settings\Temp\Temporary Internet Files\Content.IE5\R4KR2B2H\rtsdrama;genre=adaptation;genre=primetimedramatv;genre=drama;genre=sports;;tempPass=false;dcopt=ist;entry=no;refer=www.fancast[1].com;tile=1;sz=960x50;ord=2139581455972458855 not found!

File\Folder C:\Documents and Settings\Owner.JOECOMPUTER\Local Settings\Temp\Temporary Internet Files\Content.IE5\R4KR2B2H\rtsdrama;genre=adaptation;genre=primetimedramatv;genre=drama;genre=sports;;tempPass=false;dcopt=ist;entry=yes;refer=www.google[1].com;tile=1;sz=960x50;ord=5621680080661620918 not found!

File\Folder C:\Documents and Settings\Owner.JOECOMPUTER\Local Settings\Temp\Temporary Internet Files\Content.IE5\ACE73XP0\252F%252Flatimesblogs.latimes.com%252Fshowtracker%252F2009%252F10%252Ffriday-night-lights-season-4-episode-1-so-whats-it-like-being-the-guy-who-used-to-be-tim-riggins[1].html not found!

File\Folder C:\Documents and Settings\Owner.JOECOMPUTER\Local Settings\Temp\Temporary Internet Files\Content.IE5\60V7HGNH\tsdrama;genre=adaptation;genre=primetimedramatv;genre=drama;genre=sports;;tempPass=false;dcopt=ist;entry=no;refer=www.fancast[1].com;tile=2;sz=300x250;ord=2139581455972458855 not found!

File\Folder C:\Documents and Settings\Owner.JOECOMPUTER\Local Settings\Temp\Temporary Internet Files\Content.IE5\60V7HGNH\tsdrama;genre=adaptation;genre=primetimedramatv;genre=drama;genre=sports;;tempPass=false;dcopt=ist;entry=yes;refer=www.google[1].com;tile=2;sz=300x250;ord=5621680080661620918 not found!

C:\Documents and Settings\Owner.JOECOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\H6GFV716\index[1].htm moved successfully.

C:\Documents and Settings\Owner.JOECOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\C3DR6PX2\ddc[1].htm moved successfully.

C:\Documents and Settings\Owner.JOECOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\C3DR6PX2\PortalServe[1].htm moved successfully.

C:\Documents and Settings\Owner.JOECOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\5EZ1TII0\yahoo_com[2].htm moved successfully.

C:\Documents and Settings\Owner.JOECOMPUTER\Local Settings\Temporary Internet Files\Content.IE5\45Z66MXT\iframe[3].htm moved successfully.

 

Registry entries deleted on Reboot...

 

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

 

Database version: 3972

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

4/9/2010 9:22:38 AM

mbam-log-2010-04-09 (09-22-38).txt

 

Scan type: Quick scan

Objects scanned: 159115

Time elapsed: 5 minute(s), 45 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 4

Folders Infected: 2

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Folders Infected:

C:\Program Files\WinBudget (Adware.Admedia) -> Quarantined and deleted successfully.

C:\Program Files\WinBudget\bin (Adware.Admedia) -> Quarantined and deleted successfully.

 

Files Infected:

(No malicious items detected)

 

ESET Log to folllow!

Share this post


Link to post
Share on other sites

I just ran the ESET scan which took 4 hours. It found 1 infected file, which might have been a false positive, as it was in an Adware file adn I have Ad-Aware installed. At any rate, under C:\Program Files\ESET\EsetOnlineScanner\ there is not a file called log.txt. The only file is the uninstaller. Any suggestion? I don't want to spend another 4 hours running this......

 

Thanks!

Share this post


Link to post
Share on other sites

Hi,

 

It seems that your problem is not malware related and I suggest you to go to User to User Help and open up a topic for yourself and describe what problems you are currently facing. Don't forget to let them know that you have already been given an all clear from the malware forums by linking the thread.

 

Another option for you to consider is that try looking for another monitor by borrowing and see if the problem is still there.

Share this post


Link to post
Share on other sites

Thanks. I find that hard to believe. I believe this is definitely malware or virus related as it occured after I opened a known virus file in Facebook. My monitor is fine. Thanks.

Share this post


Link to post
Share on other sites

Your log appears to be clean. :)

 

Do you have any questions or problems to ask? Please do not hesitate to do so. :)

 

 

Here are some tips to reduce the potential for spyware infection in the future:

  • Make your Internet Explorer More Secure
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab.
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.

      • Change the Download signed ActiveX controls to Prompt.
      • Change the Download unsigned ActiveX controls to Disable.
      • Change the Initialise and script ActiveX controls not marked as safe to Disable.
      • Change the Installation of desktop items to Prompt.
      • Change the Launching programs and files in an IFRAME to Prompt.
      • Change the Navigate sub-frames across different domains to Prompt.
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

     

    See this link for a listing of some online & their stand-alone antivirus programs:

     

    Virus, Spyware, and Malware Protection and Removal Resources

     

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

     

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

     

    For a tutorial on Firewalls and a listing of some available ones see the link below:

     

    Understanding and Using Firewalls

     

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

     

  • Install Malwarebytes' Anti-Malware - This is another good tool to be used on a regular basis to minimize the risk of getting infected badly, and always be sure to remember to update the file definitions prior to scanning.

     

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

     

    A tutorial on installing & using this product can be found here:

     

    Using SpywareBlaster to protect your computer from Spyware and Malware

     

  • Consider a custom hosts file such as MVPS HOSTS - This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.

    For information on how to download and install, please read this tutorial by WinHelp2002

    Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

     

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

 

Hopefully this should take care of your problems! Good luck.

 

**Please respond this one more time to ensure it is resolved.

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...