Hi editorfox
it should be "Yes"
Hi editorfox
it should be "Yes"
I don't help with logs thru PM. If you have problems create a thread in the forum, please.
Here is the first log
OTListIt logfile created on: 1/03/2009 8:30:12 PM - Run 5
OTListIt2 by OldTimer - Version 2.0.3.0 Folder = C:\Documents and Settings\Gavin Kroeger\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
1023.48 Mb Total Physical Memory | 388.48 Mb Available Physical Memory | 37.96% Memory free
2.40 Gb Paging File | 2.00 Gb Available in Paging File | 83.06% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 151.33 Gb Free Space | 81.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: VIXEN3
Current User Name: Gavin Kroeger
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
PRC - C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 2007\PcScnSrv.exe (Trend Micro Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe (Logitech Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Gavin Kroeger\Desktop\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVSrvLauncher [Auto | Stopped]) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (PcCtlCom [Auto | Running]) -- C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe (Trend Micro Inc.)
SRV - (PcScnSrv [On_Demand | Running]) -- C:\Program Files\Trend Micro\Internet Security 2007\PcScnSrv.exe (Trend Micro Inc.)
SRV - (Tmntsrv [Auto | Running]) -- C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe (Trend Micro Inc.)
SRV - (TmPfw [Auto | Running]) -- C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe (Trend Micro Inc.)
SRV - (tmproxy [Auto | Running]) -- C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe (Trend Micro Inc.)
SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (LVcKap [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LVcKap.sys ()
DRV - (LVMVDrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys (Logitech Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVUSBSta [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys (Logitech Inc.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (PID_0928 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LV561AV.SYS (Logitech Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (tmcfw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\TM_CFW.sys (Trend Micro Inc.)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmmbd [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\tm_mbd_c.sys (Trend Micro Inc.)
DRV - (Tmpreflt [Auto | Running]) -- C:\WINDOWS\system32\drivers\Tmpreflt.sys (Trend Micro Inc.)
DRV - (tmtdi [System | Running]) -- C:\WINDOWS\system32\DRIVERS\tmtdi.sys (Trend Micro Inc.)
DRV - (tmxpflt [Auto | Running]) -- C:\WINDOWS\system32\drivers\TmXPFlt.sys (Trend Micro Inc.)
DRV - (Vsapint [Auto | Running]) -- C:\WINDOWS\system32\drivers\VsapiNT.sys (Trend Micro Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Invalid data type.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.furry.org.au/fz/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.0
FF - prefs.js..extensions.enabledItems: en-AU@dictionaries.addons.mozilla.org:2.1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2008/12/15 22:07:43 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/02/10 16:54:52 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/02/10 16:54:52 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Gavin Kroeger\Application Data\mozilla\Extensions [2008/12/19 20:55:12 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Gavin Kroeger\Application Data\mozilla\Extensions [2008/12/19 20:55:12 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Gavin Kroeger\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/12/19 20:55:12 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Gavin Kroeger\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/12/19 20:55:12 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Gavin Kroeger\Application Data\mozilla\Firefox\Profiles\vr3tyudd.default\extensions [2009/03/01 15:29:39 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Gavin Kroeger\Application Data\mozilla\Firefox\Profiles\vr3tyudd.default\extensions [2009/03/01 15:29:39 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Gavin Kroeger\Application Data\mozilla\Firefox\Profiles\vr3tyudd.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009/02/15 12:45:59 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Gavin Kroeger\Application Data\mozilla\Firefox\Profiles\vr3tyudd.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009/02/15 12:45:59 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Gavin Kroeger\Application Data\mozilla\Firefox\Profiles\vr3tyudd.default\extensions\en-AU@dictionaries.addons.mozilla.org [2008/12/23 23:41:32 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Gavin Kroeger\Application Data\mozilla\Firefox\Profiles\vr3tyudd.default\extensions\en-AU@dictionaries.addons.mozilla.org [2008/12/23 23:41:32 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2008/12/19 20:55:16 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2008/12/19 20:55:16 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/02/10 16:54:52 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/02/10 16:54:52 00,000,000 | ---D | M]
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" (Trend Micro Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" (Trend Micro Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1229232235078 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD5/JSC...ws-i586-jc.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
========== Files/Folders - Created Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[2009/03/01 20:10:29 | 00,000,966 | ---- | C] () -- C:\Documents and Settings\Gavin Kroeger\My Documents\Fox - The Forsaken.rtf
[2009/03/01 13:16:46 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/03/01 10:50:37 | 00,497,152 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gavin Kroeger\Desktop\OTListIt2.exe
[2009/02/28 22:20:06 | 00,193,462 | ---- | C] () -- C:\Documents and Settings\Gavin Kroeger\My Documents\Half Life 2 Guide.rtf
[2009/02/28 18:36:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gavin Kroeger\Desktop\I.T Work
[2009/02/28 17:23:08 | 00,003,636 | ---- | C] () -- C:\Documents and Settings\Gavin Kroeger\Desktop\English Second Essay.doc
[2009/02/28 15:58:38 | 00,000,000 | ---D | C] -- C:\rsit
[2009/02/28 15:58:08 | 00,781,851 | ---- | C] () -- C:\Documents and Settings\Gavin Kroeger\Desktop\RSIT.exe
[2009/02/28 15:18:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gavin Kroeger\Application Data\Malwarebytes
[2009/02/28 15:18:21 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/28 15:18:21 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/28 15:18:15 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/28 15:18:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/02/28 15:18:13 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/02/28 15:16:44 | 02,876,728 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gavin Kroeger\Desktop\mbam-setup.exe
[2009/02/28 14:11:56 | 00,005,592 | ---- | C] () -- C:\Documents and Settings\Gavin Kroeger\My Documents\English, second essay, Language Control.rtf
[2009/02/21 23:37:50 | 00,002,008 | ---- | C] () -- C:\Documents and Settings\Gavin Kroeger\My Documents\hero story practice.rtf
[2009/02/21 22:52:50 | 00,644,792 | ---- | C] () -- C:\Documents and Settings\Gavin Kroeger\My Documents\Ninja Gaiden Guide.rtf
[2009/02/21 10:57:42 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Gavin Kroeger\Desktop\hijackthis.exe
[2009/02/17 16:35:18 | 00,003,487 | ---- | C] () -- C:\Documents and Settings\Gavin Kroeger\Desktop\English First Essay.rtf
[2009/02/15 12:35:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/02/13 17:14:46 | 00,000,734 | ---- | C] () -- C:\Documents and Settings\Gavin Kroeger\Desktop\growl.aup
[2009/02/13 17:14:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gavin Kroeger\Desktop\growl_data
[2009/02/08 11:51:06 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/02/08 11:51:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gavin Kroeger\Application Data\skypePM
[2009/02/08 11:50:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gavin Kroeger\Application Data\Skype
[2009/02/08 11:50:12 | 00,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/02/08 11:50:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/02/08 11:50:08 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/02/08 11:50:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/02/07 22:34:12 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\Gavin Kroeger\Desktop\Audacity.lnk
[2009/02/07 22:34:11 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity
[2009/02/05 23:11:10 | 00,140,446 | ---- | C] () -- C:\Documents and Settings\Gavin Kroeger\My Documents\The Hero College.rtf
[2009/02/01 22:59:04 | 00,009,017 | ---- | C] () -- C:\Documents and Settings\Gavin Kroeger\My Documents\Wolfy's Story for Foxy.rtf
========== Files - Modified Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/03/01 20:30:09 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\tmvsthfud.bin
[2009/03/01 20:30:07 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\tmvsthfss.bin
[2009/03/01 20:18:30 | 00,000,966 | ---- | M] () -- C:\Documents and Settings\Gavin Kroeger\My Documents\Fox - The Forsaken.rtf
[2009/03/01 15:19:25 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Gavin Kroeger\My Documents\My Sharing Folders.lnk
[2009/03/01 13:16:47 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2009/03/01 10:50:48 | 00,497,152 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gavin Kroeger\Desktop\OTListIt2.exe
[2009/03/01 10:30:00 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/03/01 10:29:54 | 00,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/03/01 10:29:51 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/01 10:29:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/01 10:29:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/28 22:20:06 | 00,193,462 | ---- | M] () -- C:\Documents and Settings\Gavin Kroeger\My Documents\Half Life 2 Guide.rtf
[2009/02/28 17:23:47 | 00,005,592 | ---- | M] () -- C:\Documents and Settings\Gavin Kroeger\My Documents\English, second essay, Language Control.rtf
[2009/02/28 17:23:32 | 00,003,636 | ---- | M] () -- C:\Documents and Settings\Gavin Kroeger\Desktop\English Second Essay.doc
[2009/02/28 15:58:16 | 00,781,851 | ---- | M] () -- C:\Documents and Settings\Gavin Kroeger\Desktop\RSIT.exe
[2009/02/28 15:18:21 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/28 15:17:29 | 02,876,728 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gavin Kroeger\Desktop\mbam-setup.exe
[2009/02/26 16:25:54 | 00,140,446 | ---- | M] () -- C:\Documents and Settings\Gavin Kroeger\My Documents\The Hero College.rtf
[2009/02/24 16:29:19 | 00,006,656 | ---- | M] () -- C:\Documents and Settings\Gavin Kroeger\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/22 11:16:36 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/02/22 00:21:16 | 00,002,008 | ---- | M] () -- C:\Documents and Settings\Gavin Kroeger\My Documents\hero story practice.rtf
[2009/02/21 22:52:50 | 00,644,792 | ---- | M] () -- C:\Documents and Settings\Gavin Kroeger\My Documents\Ninja Gaiden Guide.rtf
[2009/02/18 22:36:40 | 00,848,222 | ---- | M] () -- C:\Documents and Settings\Gavin Kroeger\My Documents\Distant Stars rp.rtf
[2009/02/17 22:14:19 | 00,003,487 | ---- | M] () -- C:\Documents and Settings\Gavin Kroeger\Desktop\English First Essay.rtf
[2009/02/13 17:14:46 | 00,000,734 | ---- | M] () -- C:\Documents and Settings\Gavin Kroeger\Desktop\growl.aup
[2009/02/11 22:53:39 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/08 11:51:06 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/02/07 22:34:12 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Gavin Kroeger\Desktop\Audacity.lnk
[2009/02/04 10:21:12 | 21,244,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/01 23:04:53 | 00,009,017 | ---- | M] () -- C:\Documents and Settings\Gavin Kroeger\My Documents\Wolfy's Story for Foxy.rtf
< End of report >
Second log
OTListIt Extras logfile created on: 1/03/2009 8:30:12 PM - Run 5
OTListIt2 by OldTimer - Version 2.0.3.0 Folder = C:\Documents and Settings\Gavin Kroeger\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
1023.48 Mb Total Physical Memory | 388.48 Mb Available Physical Memory | 37.96% Memory free
2.40 Gb Paging File | 2.00 Gb Available in Paging File | 83.06% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 151.33 Gb Free Space | 81.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: VIXEN3
Current User Name: Gavin Kroeger
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 ()
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}" = iTunes
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{7D2370AC-D8E6-4996-986A-19824F8A167C}" = Logitech QuickCam
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BB4B6355-D38A-492C-873B-A1B2CF6C3832}" = Trend Micro PC-cillin Internet Security 2007
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"QcDrv" = Logitech® Camera Driver
"TmPcc" = Trend Micro PC-cillin Internet Security 2007
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/01/2009 12:08:09 AM | Computer Name = VIXEN3 | Source = Windows Live Messenger | ID = 1000
Description =
Error - 11/01/2009 1:56:23 AM | Computer Name = VIXEN3 | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 8.1.178.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 8/02/2009 4:08:59 AM | Computer Name = VIXEN3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 8/02/2009 4:13:38 AM | Computer Name = VIXEN3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 10/02/2009 1:54:28 AM | Computer Name = VIXEN3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 14/02/2009 9:30:33 PM | Computer Name = VIXEN3 | Source = Application Hang | ID = 1002
Description = Hanging application PCCVScan.exe, version 15.0.0.1329, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 20/02/2009 7:44:55 PM | Computer Name = VIXEN3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 28/02/2009 12:13:50 AM | Computer Name = VIXEN3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 1/03/2009 5:26:27 AM | Computer Name = VIXEN3 | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.3.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 1/03/2009 5:28:15 AM | Computer Name = VIXEN3 | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.3.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 18/01/2009 11:26:18 PM | Computer Name = VIXEN3 | Source = Service Control Manager | ID = 7022
Description = The Trend Micro Personal Firewall service hung on starting.
< End of report >
Hi editorfox
Please download OTMoveIT3 to your Desktop.
- Double-click OTMoveIt3.exe to start the program.
- Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
Code::Files C:\WINDOWS\System32\drivers\etc\tmvsthfud.bin C:\WINDOWS\System32\drivers\etc\tmvsthfss.bin
- Return to OTMoveIt3, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
- Then click the red MoveIt! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
- If OTMoveIt asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
- Close OTMoveIt3.
Please reply with
1. the OTMoveIt3 log
Is problem away ?
Thanks peku006
I don't help with logs thru PM. If you have problems create a thread in the forum, please.
========== FILES ==========
C:\WINDOWS\System32\drivers\etc\tmvsthfud.bin moved successfully.
C:\WINDOWS\System32\drivers\etc\tmvsthfss.bin moved successfully.
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03022009_170155
Things seem fine...but it may take a bit for the problem to re-appear. In the mean time, is there anything else I should do? and can you please explain what the moving thing did? I am rather interested ^.^
Hi editorfox
it is a tool which is used to remove folders and files etc.
Looking good
Let's make sure we got everything
1 - Clean temp files
- Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.
Under Main choose:
- Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
if you use Firefox:
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program
2 - F-Secure Online Scan
- Please go to F-Secure website to perform an online scan. Click on Start scanning at the bottom of the page.
- You may be prompted to install an ActiveX before you are able to accept the License Agreement. If prompted, please install it. After installing, the Accept button will be available.
- Click on Accept to accept the License Agreement.
- Click on Custom Scan.
- Under Virus Scan Options, select the Scan whole system option.
- Under Other Scan Options, select these options:
- Scan all files
- Scan whole system for rootkits
- Scan whole system for spyware
- Scan inside archives
- Use advanced heuristics
- Click Start.
- It will start installing the scanner and virus definitions. Once the installation is done, it will start scanning automatically. This takes a while. Please be patient.
- Click on I want decide item by item.
- Under Actions, select None for all infections found.
- Click Next.
- Click on Show Report.
- Please copy and paste this report in your next reply.
- Click Finish.
3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
4 - Status Check
Please reply with
1. the F-Secure online scanner report
2. a fresh HijackThis log
Thanks peku006
I don't help with logs thru PM. If you have problems create a thread in the forum, please.
The problem occurred again in I.E. should I continue with the last steps given? Or wait for new orders?
Hi editorfox
Do this first
Open Notepad.
Copy the text from the box to an empty file.
Save it as export.bat to your desktop.
Choose save as all types
Close Notepad.Code:regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32"
Locate Export.bat on your Desktop and double-click on it It will create a file called look.txt in C:\
Copy the entire text and past it to your reply here in this topic.
Thanks peku006
I don't help with logs thru PM. If you have problems create a thread in the forum, please.
Here is the log from the export.bat file.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"VIDC.I420"="lvcodec2.dll"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVU9"="tsbyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"wavemapper"="msacm32.drv"
"msacm.msg723"="msg723.acm"
"vidc.M263"="msh263.drv"
"vidc.M261"="msh261.drv"
"msacm.msaudio1"="msaud32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.iac2"="C:\\WINDOWS\\system32\\iac25_32.ax"
"vidc.iv50"="ir50_32.dll"
"msacm.l3acm"="C:\\WINDOWS\\system32\\l3codeca.acm"
"msacm.siren"="sirenacm.dll"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"MSVideo"="vfwwdm32.dll"
"MSVideo8"="VfWWDM32.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server\RDP]
"wave"="rdpsnd.dll"
"mixer"="rdpsnd.dll"
"MaxBandwidth"=dword:000056b9
"wavemapper"="msacm32.drv"
"EnableMP3Codec"=dword:00000001
"midimapper"="midimap.dll"
Hi editorfox
Please continue with F-Secure Online Scan
Thanks peku006
I don't help with logs thru PM. If you have problems create a thread in the forum, please.
I tried to do the online scan but after having scanned 163,731 items and skipped 1000, it crashed.
What should I do now almighty Peku?