View Full Version : unable to remove rootkit
turkish135
2009-03-23, 00:08
although it didn't show under hijack it did show up when I ran an AVG scan there is a rootkit that is infecting a hidden driver(this could be the cause of blue screen kernal dumps?) & the object is hidden so I cannot delete it. Ive tried deleting it through safe mode... It says it is in SystemRoot\System32\Drivers folder & it is called "SystemRoot\System32\Drivers\RDPWD.SYS倀韺 �R";"Hidden driver";"Object is hidden"
Please help!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:53:45 PM, on 3/22/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-21-1646258003-4093610400-459284884-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'TEST')
O4 - HKUS\S-1-5-21-1646258003-4093610400-459284884-1000\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray (User 'TEST')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9949fe5d9f1ed) (gupdate1c9949fe5d9f1ed) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8317 bytes
Hello and Welcome to Safer Networking,
My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
Please observe these rules while we work:
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Please continue to respond until I give you the "All Clear"
If you follow these instructions, everything should go smoothly.
Please read this rdpwd.sys (http://www.bleepingcomputer.com/filedb/rdpwd.sys-1935.html)
1 - download and run RSIT
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Note: If you are using Windows Vista, right click at RSIT.exe and select 'Run as administrator'.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)
2 - Status Check
Please reply with
1.the logs from RSIT (log.txt ,info.txt)
Thanks peku006
turkish135
2009-03-24, 16:00
When I ran the program-after OKing the disclaimer-I get a warning telling me Error optimizing registry hive-Then it gives the specific registry like HKEY_LOCAL_MACHINE\SECURITY!-Then it asks continue with next hive?-At the bottom of the warning it tells me [ RegCreateKeyEx: %5 - Access denied ]
It does the same warning with each registry..and I don't know if this has anything to do that I created a Administrator log on-so I switched users to try that, but same warning message.
Hi turkish135
Let´s try this
Download DDS
Download at your desktop DDS from one of the links below:
Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://www.forospyware.com/sUBs/dds)
Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finish it will open 2 reports.
Copy/paste both reports back here and remove DDS from your desktop.
Thanks peku006
turkish135
2009-03-24, 16:24
DDS (Ver_09-03-16.01) - NTFSx86
Run by fuck at 11:21:09.59 on Tue 03/24/2009
Internet Explorer: 8.0.6001.18372
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.220 [GMT -4:00]
AV: AVG Anti-Virus *On-access scanning enabled* (Outdated)
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\explorer.exe
C:\Users\TEST\Desktop\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\fuck\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\fuck\appdata\roaming\mozilla\firefox\profiles\85j9cprh.default\
============= SERVICES / DRIVERS ===============
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-3-17 12936]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-3-18 130424]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-17 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-17 90632]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-17 298264]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-3-18 348752]
S2 gupdate1c9949fe5d9f1ed;Google Update Service (gupdate1c9949fe5d9f1ed);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
=============== Created Last 30 ================
2009-03-24 10:43 <DIR> -cd-h--- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-24 10:43 <DIR> -cd-h--- c:\progra~2\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-22 18:53 <DIR> --d----- c:\program files\Trend Micro
2009-03-20 03:12 <DIR> --d----- C:\4def1fb4c283e45e9166c55fa90a
2009-03-20 02:48 <DIR> --d----- C:\ec219bc8d6ba0b0b0921a4efb1
2009-03-20 02:25 <DIR> --d----- C:\8e6ebc1bb1c1c707162a7e0495cc32
2009-03-18 04:34 <DIR> --d----- c:\users\fuck\appdata\roaming\GetRightToGo
2009-03-18 00:50 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-03-18 00:50 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-03-18 00:50 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-18 00:49 <DIR> a-d----- c:\programdata\TEMP
2009-03-18 00:49 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-03-18 00:49 <DIR> --d----- c:\program files\common files\PC Tools
2009-03-18 00:49 <DIR> --d----- c:\users\fuck\appdata\roaming\PC Tools
2009-03-18 00:49 <DIR> --d----- c:\programdata\PC Tools
2009-03-18 00:49 <DIR> --d----- c:\program files\Spyware Doctor
2009-03-18 00:49 <DIR> --d----- c:\progra~2\PC Tools
2009-03-18 00:03 161,792 a------- c:\windows\SWREG.exe
2009-03-18 00:03 98,816 a------- c:\windows\sed.exe
2009-03-17 22:58 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-17 22:58 12,936 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-03-17 22:57 90,632 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-17 22:57 98,440 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-17 22:57 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-17 12:32 <DIR> --d----- c:\programdata\Google
2009-03-16 21:23 <DIR> --d----- C:\FUCK YOU
2009-03-16 12:53 325,128 a------- c:\windows\system32\drivers\avgldx86.sys.prepare
2009-03-16 12:53 27,656 a------- c:\windows\system32\drivers\avgmfx86.sys.prepare
2009-03-16 12:53 10,520 a------- c:\windows\system32\avgrsstx.dll.prepare
2009-03-16 12:53 107,272 a------- c:\windows\system32\drivers\avgtdix.sys.prepare
2009-03-16 12:53 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys.prepare
2009-03-16 12:14 <DIR> --d----- c:\programdata\avg8
2009-03-16 12:14 <DIR> --d----- c:\progra~2\avg8
2009-03-13 19:32 <DIR> --d----- c:\users\fuck
2009-03-10 22:25 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-10 22:25 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-10 22:25 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-10 22:25 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-10 22:25 268,288 a------- c:\windows\system32\schannel.dll
2009-03-10 22:25 2,033,152 a------- c:\windows\system32\win32k.sys
==================== Find3M ====================
2009-03-24 10:45 51,200 a------- c:\windows\inf\infpub.dat
2009-03-24 10:45 143,360 a------- c:\windows\inf\infstrng.dat
2009-03-24 10:45 86,016 a------- c:\windows\inf\infstor.dat
2009-01-15 06:05 911,872 a------- c:\windows\system32\wininet.dll
2009-01-15 06:05 43,008 a------- c:\windows\system32\licmgr10.dll
2009-01-15 06:04 18,944 a------- c:\windows\system32\corpol.dll
2009-01-15 06:04 109,056 a------- c:\windows\system32\iesysprep.dll
2009-01-15 06:04 132,096 a------- c:\windows\system32\ieUnatt.exe
2009-01-15 06:04 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-01-15 06:04 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-01-15 06:04 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-01-15 06:04 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-01-15 06:03 420,352 a------- c:\windows\system32\vbscript.dll
2009-01-15 06:03 72,704 a------- c:\windows\system32\admparse.dll
2009-01-15 06:03 71,680 a------- c:\windows\system32\iesetup.dll
2009-01-15 06:03 66,560 a------- c:\windows\system32\wextract.exe
2009-01-15 06:02 169,472 a------- c:\windows\system32\iexpress.exe
2009-01-15 06:01 34,304 a------- c:\windows\system32\imgutil.dll
2009-01-15 06:00 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-15 06:00 45,568 a------- c:\windows\system32\mshta.exe
2009-01-15 05:50 156,160 a------- c:\windows\system32\msls31.dll
2008-09-24 17:21 174 a--sh--- c:\program files\desktop.ini
2008-09-24 17:01 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-03-10 22:50 22 a--sh--- c:\windows\sminst\HPCD.sys
============= FINISH: 11:22:25.49 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-03-16.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/6/2008 8:20:01 PM
System Uptime: 3/23/2009 11:19:45 AM (24 hours ago)
Motherboard: Quanta | | 30B9
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-52 | Socket S1 | 1600/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 105 GiB total, 42.393 GiB free.
D: is FIXED (NTFS) - 7 GiB total, 0.613 GiB free.
E: is CDROM ()
F: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP61: 3/22/2009 12:00:01 AM - Scheduled Checkpoint
RP62: 3/23/2009 3:24:26 AM - Scheduled Checkpoint
RP63: 3/23/2009 2:20:49 PM - Windows Update
RP64: 3/24/2009 10:43:23 AM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
==== Installed Programs ======================
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8
Adobe Shockwave Player
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ASL_HS_Installer32
AutoUpdate
AVG 8.0
Conexant HD Audio
DivX Codec
DivX Converter
DivX Player
ERUNT 1.1j
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Easy Setup - Core
HP Quick Launch Buttons 6.10 B9
HP QuickPlay 3.0
HP Total Care Advisor
HP Update
HP User Guide 0042
HP Wireless Assistant
HPNetworkAssistant
iTunes
Java(TM) SE Runtime Environment 6
LightScribe 1.4.124.1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
NVIDIA Drivers
QuickTime
RealPlayer
Soft Data Fax Modem with SmartCP
Sonic Activation Module
Spyware Doctor 6.0
Synaptics Pointing Device Driver
WinRAR archiver
==== End Of File ===========================
Hi turkish135
looks good........
1 - Remove bad HijackThis entries
Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.
2 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to a convenient location.
Double click on mbam-setup.exe to install it.
Before clicking the Finish button, make sure that these 2 boxes are checked (ticked): Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
Select the Scanner tab. Click on Perform full scan, then click on Scan.
Leave the default options as it is and click on Start Scan.
When done, you will be prompted. Click OK, then click on Show Results.
Checked (ticked) all items except items in the System Volume Information folder and click on Remove Selected.
http://i35.photobucket.com/albums/d165/ndmmxiaomayi/mayi/mbam1.png
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.
3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
4 - Status Check
Please reply with
1. the Malwarebytes' Anti-Malware Log
2. a fresh HijackThis log
description of any problems you are having with your PC
Thanks peku006
turkish135
2009-03-24, 17:21
I tried installing the Malware twice and both times I got the blue screen of horror- Kernal_ Inpage_ Error_Dump--something of that. The first blue screen gave a reason/cause of the Ntfs.sys file. The second blue screen gave nothing.
Hi turkish135
The first blue screen gave a reason/cause of the Ntfs.sys
interesting, I found this page (http://www.vistax64.com/general-discussion/134167-ntfs-sys-bsod.html) which had the same problem
Remeber to run each of the tools when possible in Administrator mode, not simply as an Administrator user. Right click the file to be run, and choose "Run as Administrator"
Please download OTListIt2 by OldTimer from Geeks to Go (http://oldtimer.geekstogo.com/OTListIt2.exe). Save it your desktop.
Right click on OTListIt2.exe and select Run As Administrator to run it. If Windows prompts, please allow it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
Thanks pekuu006
turkish135
2009-03-24, 17:50
Reading that VISTA forum was a wee bit difficult, but I got the gist. Also I was on their forums reading why my Windows Security won't start. I set it to automatic but it still won't start. No idea on that new problem. Here's logs::
OTListIt logfile created on: 3/24/2009 12:47:31 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.1 Folder = C:\Users\fuck\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
957.87 Mb Total Physical Memory | 474.76 Mb Available Physical Memory | 49.56% Memory free
2.13 Gb Paging File | 1.64 Gb Available in Paging File | 77.10% Paging File free
Paging file location(s): ?:\pagefile.sys;
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.20 Gb Total Space | 43.94 Gb Free Space | 41.77% Space Free | Partition Type: NTFS
Drive D: | 6.59 Gb Total Space | 0.61 Gb Free Space | 9.31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.82 Gb Total Space | 0.86 Gb Free Space | 47.08% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LANCSY
Current User Name: fuck
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Windows\helppane.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\fuck\Downloads\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (AddFiltr [On_Demand | Stopped]) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)
SRV - (Apple Mobile Device [Auto | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (avg8wd [Auto | Stopped]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (CLCapSvc [Auto | Stopped]) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CLSched [Auto | Stopped]) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLTNetCnService [Auto | Stopped]) -- File not found
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1c9949fe5d9f1ed [Auto | Stopped]) -- File not found
SRV - (gusvc [Auto | Stopped]) -- File not found
SRV - (HP Health Check Service [Auto | Stopped]) -- C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
SRV - (hpqwmiex [Auto | Stopped]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LightScribeService [Auto | Stopped]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LiveUpdate Notice Ex [Auto | Stopped]) -- File not found
SRV - (LiveUpdate Notice Service [Auto | Stopped]) -- File not found
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (sdAuxService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (stllssvr [On_Demand | Stopped]) -- File not found
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Stopped]) -- C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
========== Driver Services (SafeList) ==========
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (AvgLdx86 [System | Stopped]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Stopped]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86 [Boot | Running]) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BCM43XV [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\bcmwl6.sys (Broadcom Corporation)
DRV - (BCM43XX [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\bcmwl6.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E100B [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (eabfiltr [System | Stopped]) -- C:\Windows\system32\DRIVERS\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HBtnKey [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\cpqbttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\Windows\system32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (mdmxsdk [Auto | Stopped]) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvm60x32.sys (NVIDIA Corporation)
DRV - (nvlddmkm [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvsmu [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvsmu.sys (NVIDIA Corporation)
DRV - (nvstor [Boot | Running]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (PCTCore [Boot | Running]) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (secdrv [Auto | Stopped]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (UMPass [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winachsf [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio [Auto | Stopped]) -- C:\Windows\system32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/03/17 22:57:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/16 12:04:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/10 08:49:59 | 00,000,000 | ---D | M]
[2008/06/26 13:19:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/10 08:49:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/10 08:49:42 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/10 08:49:42 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/07/19 17:06:02 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/07/19 17:06:02 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/07/19 17:06:02 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/17 11:46:20 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/07/19 17:06:02 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/07/19 17:06:02 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/07/19 17:06:02 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
O4 - HKLM..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [Bluetooth Namespace] - C:\Windows\system32\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\autoexec.bat () - [ NTFS ]
O32 - Autorun File - D:\AUTOMODE () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/03/24 12:23:04 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/24 12:23:03 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/03/24 12:23:01 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/03/24 12:15:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/24 12:04:11 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/03/24 10:43:37 | 00,000,000 | -H-D | C] -- C:\ProgramData\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2009/03/22 18:53:14 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/22 16:19:12 | 00,049,369 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/03/21 22:01:32 | 00,000,000 | ---- | C] () -- C:\Users\Public\Desktop\BitComet.lnk
[2009/03/20 03:12:42 | 00,000,000 | ---D | C] -- C:\4def1fb4c283e45e9166c55fa90a
[2009/03/20 02:48:52 | 00,000,000 | ---D | C] -- C:\ec219bc8d6ba0b0b0921a4efb1
[2009/03/20 02:25:12 | 00,000,000 | ---D | C] -- C:\8e6ebc1bb1c1c707162a7e0495cc32
[2009/03/18 00:50:30 | 00,159,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2009/03/18 00:50:00 | 00,130,424 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2009/03/18 00:50:00 | 00,073,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2009/03/18 00:49:50 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/03/18 00:49:45 | 00,064,392 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2009/03/18 00:49:45 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/03/18 00:49:34 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/03/18 00:49:34 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/03/18 00:17:02 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/03/18 00:03:50 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/03/18 00:03:50 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/03/18 00:03:50 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/03/18 00:03:50 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/03/18 00:03:50 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\Windows\fdsv.exe
[2009/03/18 00:03:50 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/03/18 00:03:50 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/03/18 00:03:50 | 00,049,152 | ---- | C] () -- C:\Windows\VFIND.exe
[2009/03/18 00:03:50 | 00,029,696 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/03/18 00:03:41 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/03/18 00:01:34 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/17 22:58:37 | 00,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG 8.0.lnk
[2009/03/17 22:58:11 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/03/17 22:58:02 | 00,012,936 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2009/03/17 22:57:48 | 00,090,632 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/03/17 22:57:40 | 00,098,440 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/03/17 22:57:33 | 34,326,727 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/03/17 22:57:33 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/03/17 22:57:33 | 00,401,372 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/03/17 22:57:33 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/03/17 22:57:33 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/03/17 12:32:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Google
[2009/03/16 21:23:47 | 00,000,000 | ---D | C] -- C:\FUCK YOU
[2009/03/16 12:53:59 | 00,325,128 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys.prepare
[2009/03/16 12:53:59 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys.prepare
[2009/03/16 12:53:59 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll.prepare
[2009/03/16 12:53:48 | 00,107,272 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys.prepare
[2009/03/16 12:53:33 | 00,012,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys.prepare
[2009/03/16 12:14:57 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/03/16 12:04:40 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/03/10 22:25:47 | 10,622,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/03/10 22:25:46 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/03/10 22:25:46 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/03/10 22:25:46 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/03/10 22:25:46 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/03/10 22:25:40 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/03/10 22:25:37 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
========== Files - Modified Within 30 Days ==========
[2009/03/24 12:30:51 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/03/24 12:23:04 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/24 12:05:50 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/03/24 12:05:49 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/03/24 12:05:39 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/03/22 16:19:27 | 34,326,727 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/03/22 16:19:12 | 00,049,369 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/03/22 16:19:11 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/03/22 16:19:11 | 00,401,372 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/03/21 22:01:32 | 00,000,000 | ---- | M] () -- C:\Users\Public\Desktop\BitComet.lnk
[2009/03/18 00:20:17 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/03/18 00:13:37 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/03/17 22:58:37 | 00,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG 8.0.lnk
[2009/03/17 22:58:11 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/03/17 22:58:02 | 00,012,936 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2009/03/17 22:57:48 | 00,090,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/03/17 22:57:40 | 00,098,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/03/17 22:57:33 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/03/16 21:29:47 | 00,313,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/03/16 12:53:59 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys.prepare
[2009/03/16 12:53:59 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys.prepare
[2009/03/16 12:53:59 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll.prepare
[2009/03/16 12:53:48 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys.prepare
[2009/03/16 12:53:33 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys.prepare
[2009/03/16 12:04:40 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/03/12 02:07:59 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/03/12 02:07:59 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/03/12 02:07:59 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/03/06 16:45:06 | 00,130,424 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
turkish135
2009-03-24, 17:51
OTListIt Extras logfile created on: 3/24/2009 12:47:31 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.1 Folder = C:\Users\fuck\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
957.87 Mb Total Physical Memory | 474.76 Mb Available Physical Memory | 49.56% Memory free
2.13 Gb Paging File | 1.64 Gb Available in Paging File | 77.10% Paging File free
Paging file location(s): ?:\pagefile.sys;
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.20 Gb Total Space | 43.94 Gb Free Space | 41.77% Space Free | Partition Type: NTFS
Drive D: | 6.59 Gb Total Space | 0.61 Gb Free Space | 9.31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.82 Gb Total Space | 0.86 Gb Free Space | 47.08% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LANCSY
Current User Name: fuck
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" =
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 0
"EnableFirewall" = 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}" = HP Wireless Assistant
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 B9
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.0
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}" = HP Total Care Advisor
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B0F97FBF-9F98-4522-B65D-8980FE38C726}" = HP User Guide 0042
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AOL Instant Messenger" = AOL Instant Messenger
"AVG8Uninstall" = AVG 8.0
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = Soft Data Fax Modem with SmartCP
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"Spyware Doctor" = Spyware Doctor 6.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/20/2009 2:32:26 AM | Computer Name = lancsy | Source = Windows Search Service | ID = 3013
Description =
Error - 3/20/2009 2:32:26 AM | Computer Name = lancsy | Source = Windows Search Service | ID = 3013
Description =
Error - 3/20/2009 2:32:26 AM | Computer Name = lancsy | Source = Windows Search Service | ID = 3013
Description =
Error - 3/20/2009 2:32:26 AM | Computer Name = lancsy | Source = Windows Search Service | ID = 3013
Description =
Error - 3/21/2009 12:13:37 AM | Computer Name = lancsy | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: b60 Start Time: 01c9a9db2c954dd4 Termination Time: 277
Error - 3/21/2009 12:13:42 AM | Computer Name = lancsy | Source = Application Error | ID = 1000
Description = Faulting application WiFiMsg.exe, version 3.0.2.1, time stamp 0x45362a53,
faulting module pctgmhk.dll_unloaded, version 0.0.0.0, time stamp 0x4995011f, exception
code 0xc0000005, fault offset 0x00bf3745, process id 0xbe0, application start time
0x01c9a9db31431e74.
Error - 3/21/2009 10:05:20 PM | Computer Name = lancsy | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 6.0.6000.16386, time stamp
0x4549b0e1, faulting module pctgmhk.dll_unloaded, version 0.0.0.0, time stamp 0x4995011f,
exception code 0xc0000005, fault offset 0x0016371e, process id 0xd3c, application
start time 0x01c9aa9279ff1a5f.
Error - 3/22/2009 4:29:18 PM | Computer Name = lancsy | Source = Application Error | ID = 1000
Description = Faulting application avgscanx.exe, version 8.0.0.228, time stamp 0x4950db5a,
faulting module avgrktx.dll, version 8.0.0.223, time stamp 0x493fb084, exception
code 0xc0000005, fault offset 0x00003d96, process id 0x101c, application start time
0x01c9ab2bb5f5323f.
Error - 3/24/2009 10:47:05 AM | Computer Name = lancsy | Source = MsiInstaller | ID = 10005
Description =
Error - 3/24/2009 10:47:09 AM | Computer Name = lancsy | Source = MsiInstaller | ID = 1013
Description =
[ Media Center Events ]
Error - 3/29/2008 1:11:06 PM | Computer Name = TEST-PC | Source = McrMgr | ID = 100
Description =
Error - 3/29/2008 1:13:02 PM | Computer Name = TEST-PC | Source = Mcx2Prov | ID = 505
Description =
Error - 3/29/2008 1:13:02 PM | Computer Name = TEST-PC | Source = Mcx2Dvcs | ID = 405
Description =
Error - 5/25/2008 8:27:13 AM | Computer Name = TEST-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 5/26/2008 7:17:54 AM | Computer Name = TEST-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 5/27/2008 1:43:18 PM | Computer Name = TEST-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 5/27/2008 6:02:34 PM | Computer Name = TEST-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 6/4/2008 3:25:06 PM | Computer Name = TEST-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 7/5/2008 1:34:04 PM | Computer Name = TEST-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 12/25/2008 2:45:00 PM | Computer Name = TEST-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ System Events ]
Error - 9/11/2008 5:35:12 PM | Computer Name = TEST-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
2, function 0. Please contact your system vendor for technical assistance.
Error - 9/11/2008 5:35:12 PM | Computer Name = TEST-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
3, function 0. Please contact your system vendor for technical assistance.
Error - 9/14/2008 4:54:49 AM | Computer Name = TEST-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:53:28 AM on 9/14/2008 was unexpected.
Error - 9/14/2008 4:55:57 AM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 9/14/2008 4:55:57 AM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 9/21/2008 8:45:05 AM | Computer Name = TEST-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:42:41 AM on 9/21/2008 was unexpected.
Error - 9/21/2008 8:46:05 AM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 9/21/2008 8:46:05 AM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 9/21/2008 12:48:28 PM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 9/21/2008 12:48:28 PM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Hi turkish135
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:dir
C:\ProgramData\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} /s
C:\4def1fb4c283e45e9166c55fa90a /s
C:\ec219bc8d6ba0b0b0921a4efb1 /s
C:\8e6ebc1bb1c1c707162a7e0495cc32 /s
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
thanks peku006
turkish135
2009-03-24, 18:56
Got a problem after pressing THE LOOK.
System Querying Tool has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.
Hi
1 - Clean temp files
Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
if you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program
2 - Kaspersky Online Scan
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
4 - Status Check
Please reply with
1. the Kaspersky online scanner report
2. a fresh HijackThis log
Thanks peku006
turkish135
2009-03-24, 21:05
Ok everything was going fine with Kaspersky scan-it was taking a little while-then l left the comp. for 2 minutes and came back to the computer shut off. I'm guessing another blue screen-but that usually reboots the computer not shut down. ANyways going back to Kaspersky to try again-When I try upgrading it gives me the message:
Starting java applet has failed! Please go online to use Kaspersky.
Thats weird considering it worked the first time.
Hi
it seems that nothing will work......
1 - F-Secure Online Scan
Please go to F-Secure website (http://support.f-secure.com/ols3beta/start.html) to perform an online scan. Click on Start scanning at the bottom of the page.
You may be prompted to install an ActiveX before you are able to accept the License Agreement. If prompted, please install it. After installing, the Accept button will be available.
Click on Accept to accept the License Agreement.
Click on Custom Scan. Under Virus Scan Options, select the Scan whole system option.
Under Other Scan Options, select these options: Scan all files
Scan whole system for rootkits
Scan whole system for spyware
Scan inside archives
Use advanced heuristics Click Start.
It will start installing the scanner and virus definitions. Once the installation is done, it will start scanning automatically. This takes a while. Please be patient.
Click on I want decide item by item.
Under Actions, select None for all infections found.
Click Next.
Click on Show Report.
Please copy and paste this report in your next reply.
Click Finish.
2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
3 - Status Check
Please reply with
1. the F-Secure online scanner report
2. a fresh HijackThis log
Thanks peku006
turkish135
2009-03-24, 21:31
I don't see a start scanning....option...but I did just start downloading the free trial scanner.
Hi turkish135
sorry, I made a mistake.... :banghead: it should be this (http://support.f-secure.com/enu/home/ols.shtml)
turkish135
2009-03-24, 22:07
Heh no problem:laugh:--im still utterly amazed that there are people on the internet that HELP others! Instead of file manipulating maggots in CHINA creating some rdpwd file all those russians, and germans, and romans, and lithuanians! They are all viruses haha- you can tell my frustration.
Basically the computer shut down during this past scan..! I hope its not a hardware problem...which you may tell me. Still..thanks for the help..any other ideas!?
Hi turkish135
we can try eset.....
Please go to Eset website (http://www.eset.com/onlinescan/) to perform an online scan. Please use Internet Explorer as it uses ActiveX.
Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Uncheck (untick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.
Thanks peku006
turkish135
2009-03-25, 18:15
Should it be taking more than 5 hours? It seems to get stuck on some zip. files and I was just wondering if it takes this long...Im just happy it may actually finish without a reboot.:cowboy:
Hi turkish135
Are you manually stopped someone Services or Win32 Services
turkish135
2009-03-25, 20:18
Im not sure the answer to your question- but yes I have opened the Services to check everything thats running but I haven't stopped any of them (short of an apple (ipod) program).......also the eset basically froze the website while 3/4 downloaded -and it stopped on the folder of Hewlett Packard\Documentation\1_2_2_3_34 etc...
Hi turkish135
I do not understand ,why none of the tool does not work......:sad:
take a look at OTListIt logfile (first page)
and check below Win32 Services and Driver Services why are almost all Disabled , Stopped
Look in the event logs for anything showing an error:
Right-click on Computer -> Manage -> Event Viewer -> Windows Logs -> System
If you scroll down through the list look for errors, if you find any, Double-click on it, and copy the log, then paste it here.
The lastest 5 errors should be enough to give us an idea of what is going on.
turkish135
2009-03-25, 21:45
in regard to the system log I get an error - Event viewer cannot open the event log or custom view. Verify that Event Log service is running. The data log is invalid (13)
OTListIt logfile created on: 3/25/2009 4:39:33 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Users\fuck\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
957.87 Mb Total Physical Memory | 380.59 Mb Available Physical Memory | 39.73% Memory free
2.13 Gb Paging File | 0.98 Gb Available in Paging File | 46.18% Paging File free
Paging file location(s): ?:\pagefile.sys;
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.20 Gb Total Space | 46.50 Gb Free Space | 44.20% Space Free | Partition Type: NTFS
Drive D: | 6.59 Gb Total Space | 0.61 Gb Free Space | 9.31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.82 Gb Total Space | 0.86 Gb Free Space | 47.08% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LANCSY
Current User Name: fuck
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Windows\system32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe ()
PRC - C:\Users\fuck\Desktop\OTListIt2.exe (OldTimer Tools)
PRC - C:\Windows\system32\mmc.exe (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (AddFiltr [On_Demand | Stopped]) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)
SRV - (Apple Mobile Device [Auto | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (CLCapSvc [Auto | Running]) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CLSched [Auto | Running]) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLTNetCnService [Auto | Stopped]) -- File not found
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1c9949fe5d9f1ed [Auto | Stopped]) -- File not found
SRV - (gusvc [Auto | Stopped]) -- File not found
SRV - (HP Health Check Service [Auto | Running]) -- C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
SRV - (hpqwmiex [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LiveUpdate Notice Ex [Auto | Stopped]) -- File not found
SRV - (LiveUpdate Notice Service [Auto | Stopped]) -- File not found
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (sdAuxService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (stllssvr [On_Demand | Stopped]) -- File not found
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
========== Driver Services (SafeList) ==========
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86 [Boot | Running]) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BCM43XV [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\bcmwl6.sys (Broadcom Corporation)
DRV - (BCM43XX [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\bcmwl6.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E100B [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (eabfiltr [System | Running]) -- C:\Windows\system32\DRIVERS\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HBtnKey [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\cpqbttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HdAudAddService [On_Demand | Running]) -- C:\Windows\system32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvm60x32.sys (NVIDIA Corporation)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvsmu [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvsmu.sys (NVIDIA Corporation)
DRV - (nvstor [Boot | Running]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (PCTCore [Boot | Running]) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (UMPass [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/03/17 22:57:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/16 12:04:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/10 08:49:59 | 00,000,000 | ---D | M]
[2008/06/26 13:19:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/10 08:49:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/10 08:49:42 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/10 08:49:42 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/07/19 17:06:02 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/07/19 17:06:02 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/07/19 17:06:02 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/17 11:46:20 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/07/19 17:06:02 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/07/19 17:06:02 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/07/19 17:06:02 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
O4 - HKLM..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [Bluetooth Namespace] - C:\Windows\system32\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\autoexec.bat () - [ NTFS ]
O32 - Autorun File - D:\AUTOMODE () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/03/25 00:39:02 | 10,051,74784 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/24 16:45:35 | 00,000,000 | ---D | C] -- C:\fsaua.data
[2009/03/24 16:42:40 | 00,000,000 | ---D | C] -- C:\ProgramData\fssg
[2009/03/24 16:33:25 | 00,000,000 | ---D | C] -- C:\ProgramData\f-secure
[2009/03/24 15:05:55 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/03/24 12:23:04 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/24 12:23:03 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/03/24 12:23:01 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/03/24 12:15:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/24 12:04:11 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/03/24 10:43:37 | 00,000,000 | -H-D | C] -- C:\ProgramData\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2009/03/22 18:53:14 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/22 16:19:12 | 00,049,369 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/03/20 03:12:42 | 00,000,000 | ---D | C] -- C:\4def1fb4c283e45e9166c55fa90a
[2009/03/20 02:48:52 | 00,000,000 | ---D | C] -- C:\ec219bc8d6ba0b0b0921a4efb1
[2009/03/20 02:25:12 | 00,000,000 | ---D | C] -- C:\8e6ebc1bb1c1c707162a7e0495cc32
[2009/03/18 00:50:30 | 00,159,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2009/03/18 00:50:00 | 00,130,424 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2009/03/18 00:50:00 | 00,073,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2009/03/18 00:49:50 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/03/18 00:49:45 | 00,064,392 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2009/03/18 00:49:45 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/03/18 00:49:34 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/03/18 00:49:34 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/03/18 00:17:02 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/03/18 00:03:50 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/03/18 00:03:50 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/03/18 00:03:50 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/03/18 00:03:50 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/03/18 00:03:50 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\Windows\fdsv.exe
[2009/03/18 00:03:50 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/03/18 00:03:50 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/03/18 00:03:50 | 00,049,152 | ---- | C] () -- C:\Windows\VFIND.exe
[2009/03/18 00:03:50 | 00,029,696 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/03/18 00:03:41 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/03/18 00:01:34 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/17 22:58:37 | 00,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG 8.0.lnk
[2009/03/17 22:58:11 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/03/17 22:58:02 | 00,012,936 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2009/03/17 22:57:48 | 00,090,632 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/03/17 22:57:40 | 00,098,440 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/03/17 22:57:33 | 34,326,727 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/03/17 22:57:33 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/03/17 22:57:33 | 00,401,372 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/03/17 22:57:33 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/03/17 22:57:33 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/03/17 12:32:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Google
[2009/03/16 21:23:47 | 00,000,000 | ---D | C] -- C:\FUCK YOU
[2009/03/16 12:53:59 | 00,325,128 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys.prepare
[2009/03/16 12:53:59 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys.prepare
[2009/03/16 12:53:59 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll.prepare
[2009/03/16 12:53:48 | 00,107,272 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys.prepare
[2009/03/16 12:53:33 | 00,012,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys.prepare
[2009/03/16 12:14:57 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/03/16 12:04:40 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/03/10 22:25:47 | 10,622,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/03/10 22:25:46 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/03/10 22:25:46 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/03/10 22:25:46 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/03/10 22:25:46 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/03/10 22:25:40 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/03/10 22:25:37 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
========== Files - Modified Within 30 Days ==========
[2009/03/25 16:01:23 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/03/25 16:01:23 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/03/25 14:01:26 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/03/25 14:01:20 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/03/25 14:01:13 | 10,051,74784 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/25 13:43:40 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/03/24 12:23:04 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/22 16:19:27 | 34,326,727 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/03/22 16:19:12 | 00,049,369 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/03/22 16:19:11 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/03/22 16:19:11 | 00,401,372 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/03/18 00:13:37 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/03/17 22:58:37 | 00,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG 8.0.lnk
[2009/03/17 22:58:11 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/03/17 22:58:02 | 00,012,936 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2009/03/17 22:57:48 | 00,090,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/03/17 22:57:40 | 00,098,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/03/17 22:57:33 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/03/16 21:29:47 | 00,313,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/03/16 12:53:59 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys.prepare
[2009/03/16 12:53:59 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys.prepare
[2009/03/16 12:53:59 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll.prepare
[2009/03/16 12:53:48 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys.prepare
[2009/03/16 12:53:33 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys.prepare
[2009/03/16 12:04:40 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/03/12 02:07:59 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/03/12 02:07:59 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/03/12 02:07:59 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/03/06 16:45:06 | 00,130,424 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
turkish135
2009-03-25, 21:46
OTListIt Extras logfile created on: 3/25/2009 4:39:33 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Users\fuck\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
957.87 Mb Total Physical Memory | 380.59 Mb Available Physical Memory | 39.73% Memory free
2.13 Gb Paging File | 0.98 Gb Available in Paging File | 46.18% Paging File free
Paging file location(s): ?:\pagefile.sys;
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.20 Gb Total Space | 46.50 Gb Free Space | 44.20% Space Free | Partition Type: NTFS
Drive D: | 6.59 Gb Total Space | 0.61 Gb Free Space | 9.31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.82 Gb Total Space | 0.86 Gb Free Space | 47.08% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LANCSY
Current User Name: fuck
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 0
"EnableFirewall" = 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}" = HP Wireless Assistant
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 B9
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.0
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}" = HP Total Care Advisor
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B0F97FBF-9F98-4522-B65D-8980FE38C726}" = HP User Guide 0042
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AOL Instant Messenger" = AOL Instant Messenger
"AVG8Uninstall" = AVG 8.0
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = Soft Data Fax Modem with SmartCP
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"Spyware Doctor" = Spyware Doctor 6.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/24/2009 5:04:16 PM | Computer Name = lancsy | Source = EventSystem | ID = 4609
Description =
Error - 3/25/2009 12:42:30 AM | Computer Name = lancsy | Source = Windows Search Service | ID = 3013
Description =
Error - 3/25/2009 12:42:30 AM | Computer Name = lancsy | Source = Windows Search Service | ID = 3013
Description =
Error - 3/25/2009 12:42:36 AM | Computer Name = lancsy | Source = Windows Search Service | ID = 3013
Description =
Error - 3/25/2009 12:42:36 AM | Computer Name = lancsy | Source = Windows Search Service | ID = 3013
Description =
Error - 3/25/2009 12:42:39 AM | Computer Name = lancsy | Source = Windows Search Service | ID = 3013
Description =
Error - 3/25/2009 12:42:39 AM | Computer Name = lancsy | Source = Windows Search Service | ID = 3013
Description =
Error - 3/25/2009 1:52:39 AM | Computer Name = lancsy | Source = Windows Search Service | ID = 3013
Description =
Error - 3/25/2009 1:52:39 AM | Computer Name = lancsy | Source = Windows Search Service | ID = 3013
Description =
Error - 3/25/2009 1:52:39 AM | Computer Name = lancsy | Source = Windows Search Service | ID = 3013
Description =
[ Media Center Events ]
Error - 3/29/2008 1:11:06 PM | Computer Name = TEST-PC | Source = McrMgr | ID = 100
Description =
Error - 3/29/2008 1:13:02 PM | Computer Name = TEST-PC | Source = Mcx2Prov | ID = 505
Description =
Error - 3/29/2008 1:13:02 PM | Computer Name = TEST-PC | Source = Mcx2Dvcs | ID = 405
Description =
Error - 5/25/2008 8:27:13 AM | Computer Name = TEST-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 5/26/2008 7:17:54 AM | Computer Name = TEST-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 5/27/2008 1:43:18 PM | Computer Name = TEST-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 5/27/2008 6:02:34 PM | Computer Name = TEST-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 6/4/2008 3:25:06 PM | Computer Name = TEST-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 7/5/2008 1:34:04 PM | Computer Name = TEST-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 12/25/2008 2:45:00 PM | Computer Name = TEST-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ System Events ]
Error - 9/11/2008 5:35:12 PM | Computer Name = TEST-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
2, function 0. Please contact your system vendor for technical assistance.
Error - 9/11/2008 5:35:12 PM | Computer Name = TEST-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
3, function 0. Please contact your system vendor for technical assistance.
Error - 9/14/2008 4:54:49 AM | Computer Name = TEST-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:53:28 AM on 9/14/2008 was unexpected.
Error - 9/14/2008 4:55:57 AM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 9/14/2008 4:55:57 AM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 9/21/2008 8:45:05 AM | Computer Name = TEST-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:42:41 AM on 9/21/2008 was unexpected.
Error - 9/21/2008 8:46:05 AM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 9/21/2008 8:46:05 AM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 9/21/2008 12:48:28 PM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 9/21/2008 12:48:28 PM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
turkish135
2009-03-26, 00:19
Also..don't know if this helps..while trying that escan WHILE on safemode--the computer just shut down. And when it shuts down like that (without rebooting) it stays shut down. I can try powering it up but it just shuts off in a split second. The only way to re-power the computer with taking the battery out. You don't think its a hardware problem? I hope those error logs provided something(problem) for you to notice. Thx.
Hi turkish135
You don't think its a hardware problem?
I am not sure what it is ,hardware or software problem,but something is seriously wrong.
Have you tried repairing system files?
Run>sfc /scannow
Some Windows Vista functions may not work, or Windows Vista may stop responding (http://support.microsoft.com/kb/929833)
Thanks peku006
turkish135
2009-03-26, 15:47
After 64% completed of a verification process it says--Windows Resource Protection could not perform the requested operation. Do I need to be in safe mode or something?
Hi turkish135
There is no malware that would be causing your problem.May be software,hardware,windows problem.
Unfortunately you are now outside my area of knowledge, so I'm going to have to recommend that you visit one of the tech forums for assistance.
http://www.techsupportforum.com/
http://www.bleepingcomputer.com/forums/
http://forums.whatthetech.com/forums.html
http://forums.pcpitstop.com/
Thanks peku006
Due to inactivity, this thread will now be closed.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.