Page 3 of 3 FirstFirst 123
Results 21 to 30 of 30

Thread: unable to remove rootkit

  1. 2009-03-25, 19:50 #21
    peku006
    peku006 is offline
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi turkish135
    Are you manually stopped someone Services or Win32 Services
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.
  2. 2009-03-25, 20:18 #22
    turkish135
    turkish135 is offline
    Junior Member
    Join Date
    Mar 2009
    Posts
    16

    Default

    Im not sure the answer to your question- but yes I have opened the Services to check everything thats running but I haven't stopped any of them (short of an apple (ipod) program).......also the eset basically froze the website while 3/4 downloaded -and it stopped on the folder of Hewlett Packard\Documentation\1_2_2_3_34 etc...
  3. 2009-03-25, 21:32 #23
    peku006
    peku006 is offline
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi turkish135
    I do not understand ,why none of the tool does not work......
    take a look at OTListIt logfile (first page)
    and check below Win32 Services and Driver Services why are almost all Disabled , Stopped

    Look in the event logs for anything showing an error:
    Right-click on Computer -> Manage -> Event Viewer -> Windows Logs -> System

    If you scroll down through the list look for errors, if you find any, Double-click on it, and copy the log, then paste it here.

    The lastest 5 errors should be enough to give us an idea of what is going on.
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.
  4. 2009-03-25, 21:45 #24
    turkish135
    turkish135 is offline
    Junior Member
    Join Date
    Mar 2009
    Posts
    16

    Default

    in regard to the system log I get an error - Event viewer cannot open the event log or custom view. Verify that Event Log service is running. The data log is invalid (13)

    OTListIt logfile created on: 3/25/2009 4:39:33 PM - Run 3
    OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Users\fuck\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18372)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    957.87 Mb Total Physical Memory | 380.59 Mb Available Physical Memory | 39.73% Memory free
    2.13 Gb Paging File | 0.98 Gb Available in Paging File | 46.18% Paging File free
    Paging file location(s): ?:\pagefile.sys;

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 105.20 Gb Total Space | 46.50 Gb Free Space | 44.20% Space Free | Partition Type: NTFS
    Drive D: | 6.59 Gb Total Space | 0.61 Gb Free Space | 9.31% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    Drive F: | 1.82 Gb Total Space | 0.86 Gb Free Space | 47.08% Space Free | Partition Type: FAT32
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: LANCSY
    Current User Name: fuck
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Output = Minimal
    File Age = 30 Days
    Company Name Whitelist: On

    ========== Processes (SafeList) ==========

    PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
    PRC - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
    PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
    PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
    PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
    PRC - C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
    PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
    PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Windows\system32\WUDFHost.exe (Microsoft Corporation)
    PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
    PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
    PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
    PRC - C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe ()
    PRC - C:\Users\fuck\Desktop\OTListIt2.exe (OldTimer Tools)
    PRC - C:\Windows\system32\mmc.exe (Microsoft Corporation)

    ========== Win32 Services (SafeList) ==========

    SRV - (AddFiltr [On_Demand | Stopped]) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)
    SRV - (Apple Mobile Device [Auto | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (CLCapSvc [Auto | Running]) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
    SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (CLSched [Auto | Running]) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
    SRV - (CLTNetCnService [Auto | Stopped]) -- File not found
    SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
    SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
    SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
    SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
    SRV - (gupdate1c9949fe5d9f1ed [Auto | Stopped]) -- File not found
    SRV - (gusvc [Auto | Stopped]) -- File not found
    SRV - (HP Health Check Service [Auto | Running]) -- C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
    SRV - (hpqwmiex [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
    SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
    SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
    SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
    SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
    SRV - (LiveUpdate Notice Ex [Auto | Stopped]) -- File not found
    SRV - (LiveUpdate Notice Service [Auto | Stopped]) -- File not found
    SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
    SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
    SRV - (sdAuxService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
    SRV - (sdCoreService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
    SRV - (stllssvr [On_Demand | Stopped]) -- File not found
    SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
    SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
    SRV - (XAudioService [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

    ========== Driver Services (SafeList) ==========

    DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
    DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
    DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
    DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
    DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
    DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
    DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
    DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
    DRV - (AvgLdx86 [System | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgMfx86 [System | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgRkx86 [Boot | Running]) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (BCM43XV [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\bcmwl6.sys (Broadcom Corporation)
    DRV - (BCM43XX [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\bcmwl6.sys (Broadcom Corporation)
    DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
    DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
    DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
    DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
    DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
    DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
    DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
    DRV - (E100B [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\e100b325.sys (Intel Corporation)
    DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
    DRV - (eabfiltr [System | Running]) -- C:\Windows\system32\DRIVERS\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
    DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
    DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV - (HBtnKey [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\cpqbttn.sys (Hewlett-Packard Development Company, L.P.)
    DRV - (HdAudAddService [On_Demand | Running]) -- C:\Windows\system32\drivers\CHDART.sys (Conexant Systems Inc.)
    DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
    DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\VSTAZL3.SYS (Conexant Systems, Inc.)
    DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
    DRV - (HSXHWAZL [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
    DRV - (ialm [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\igdkmd32.sys (Intel Corporation)
    DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
    DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
    DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
    DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
    DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
    DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
    DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
    DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys (Conexant)
    DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
    DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
    DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
    DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
    DRV - (NVENETFD [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvm60x32.sys (NVIDIA Corporation)
    DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
    DRV - (nvsmu [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvsmu.sys (NVIDIA Corporation)
    DRV - (nvstor [Boot | Running]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
    DRV - (PCTCore [Boot | Running]) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
    DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
    DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
    DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
    DRV - (rimmptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimmptsk.sys (REDC)
    DRV - (rimsptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimsptsk.sys (REDC)
    DRV - (rismxdp [Auto | Running]) -- C:\Windows\system32\DRIVERS\rixdptsk.sys (REDC)
    DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
    DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
    DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
    DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
    DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
    DRV - (SynTP [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
    DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
    DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
    DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
    DRV - (UMPass [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
    DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
    DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
    DRV - (winachsf [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
    DRV - (XAudio [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/03/17 22:57:11 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/16 12:04:37 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/10 08:49:59 | 00,000,000 | ---D | M]

    [2008/06/26 13:19:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
    [2009/03/10 08:49:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2009/03/10 08:49:42 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
    [2009/03/10 08:49:42 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
    [2008/07/19 17:06:02 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
    [2008/07/19 17:06:02 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
    [2008/07/19 17:06:02 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
    [2008/11/17 11:46:20 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
    [2008/07/19 17:06:02 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
    [2008/07/19 17:06:02 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
    [2008/07/19 17:06:02 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

    O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
    O4 - HKLM..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto (Microsoft Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (NVIDIA Corporation)
    O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKCU..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [Bluetooth Namespace] - C:\Windows\system32\wshbth.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - Autorun File - C:\autoexec.bat () - [ NTFS ]
    O32 - Autorun File - D:\AUTOMODE () - [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2009/03/25 00:39:02 | 10,051,74784 | -HS- | C] () -- C:\hiberfil.sys
    [2009/03/24 16:45:35 | 00,000,000 | ---D | C] -- C:\fsaua.data
    [2009/03/24 16:42:40 | 00,000,000 | ---D | C] -- C:\ProgramData\fssg
    [2009/03/24 16:33:25 | 00,000,000 | ---D | C] -- C:\ProgramData\f-secure
    [2009/03/24 15:05:55 | 00,000,000 | ---D | C] -- C:\Windows\Sun
    [2009/03/24 12:23:04 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/03/24 12:23:03 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2009/03/24 12:23:01 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2009/03/24 12:15:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2009/03/24 12:04:11 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2009/03/24 10:43:37 | 00,000,000 | -H-D | C] -- C:\ProgramData\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
    [2009/03/22 18:53:14 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2009/03/22 16:19:12 | 00,049,369 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
    [2009/03/20 03:12:42 | 00,000,000 | ---D | C] -- C:\4def1fb4c283e45e9166c55fa90a
    [2009/03/20 02:48:52 | 00,000,000 | ---D | C] -- C:\ec219bc8d6ba0b0b0921a4efb1
    [2009/03/20 02:25:12 | 00,000,000 | ---D | C] -- C:\8e6ebc1bb1c1c707162a7e0495cc32
    [2009/03/18 00:50:30 | 00,159,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
    [2009/03/18 00:50:00 | 00,130,424 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
    [2009/03/18 00:50:00 | 00,073,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
    [2009/03/18 00:49:50 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2009/03/18 00:49:45 | 00,064,392 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
    [2009/03/18 00:49:45 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2009/03/18 00:49:34 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2009/03/18 00:49:34 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
    [2009/03/18 00:17:02 | 00,000,000 | ---D | C] -- C:\Windows\temp
    [2009/03/18 00:03:50 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2009/03/18 00:03:50 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2009/03/18 00:03:50 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2009/03/18 00:03:50 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2009/03/18 00:03:50 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\Windows\fdsv.exe
    [2009/03/18 00:03:50 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2009/03/18 00:03:50 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2009/03/18 00:03:50 | 00,049,152 | ---- | C] () -- C:\Windows\VFIND.exe
    [2009/03/18 00:03:50 | 00,029,696 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2009/03/18 00:03:41 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2009/03/18 00:01:34 | 00,000,000 | ---D | C] -- C:\Qoobox
    [2009/03/17 22:58:37 | 00,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG 8.0.lnk
    [2009/03/17 22:58:11 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
    [2009/03/17 22:58:02 | 00,012,936 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
    [2009/03/17 22:57:48 | 00,090,632 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
    [2009/03/17 22:57:40 | 00,098,440 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
    [2009/03/17 22:57:33 | 34,326,727 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
    [2009/03/17 22:57:33 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
    [2009/03/17 22:57:33 | 00,401,372 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
    [2009/03/17 22:57:33 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
    [2009/03/17 22:57:33 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
    [2009/03/17 12:32:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Google
    [2009/03/16 21:23:47 | 00,000,000 | ---D | C] -- C:\FUCK YOU
    [2009/03/16 12:53:59 | 00,325,128 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys.prepare
    [2009/03/16 12:53:59 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys.prepare
    [2009/03/16 12:53:59 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll.prepare
    [2009/03/16 12:53:48 | 00,107,272 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys.prepare
    [2009/03/16 12:53:33 | 00,012,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys.prepare
    [2009/03/16 12:14:57 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
    [2009/03/16 12:04:40 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2009/03/10 22:25:47 | 10,622,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
    [2009/03/10 22:25:46 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
    [2009/03/10 22:25:46 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
    [2009/03/10 22:25:46 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
    [2009/03/10 22:25:46 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
    [2009/03/10 22:25:40 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
    [2009/03/10 22:25:37 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

    ========== Files - Modified Within 30 Days ==========

    [2009/03/25 16:01:23 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2009/03/25 16:01:23 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2009/03/25 14:01:26 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2009/03/25 14:01:20 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2009/03/25 14:01:13 | 10,051,74784 | -HS- | M] () -- C:\hiberfil.sys
    [2009/03/25 13:43:40 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2009/03/24 12:23:04 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/03/22 16:19:27 | 34,326,727 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
    [2009/03/22 16:19:12 | 00,049,369 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
    [2009/03/22 16:19:11 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
    [2009/03/22 16:19:11 | 00,401,372 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
    [2009/03/18 00:13:37 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
    [2009/03/17 22:58:37 | 00,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG 8.0.lnk
    [2009/03/17 22:58:11 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
    [2009/03/17 22:58:02 | 00,012,936 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
    [2009/03/17 22:57:48 | 00,090,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
    [2009/03/17 22:57:40 | 00,098,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
    [2009/03/17 22:57:33 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
    [2009/03/16 21:29:47 | 00,313,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/03/16 12:53:59 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys.prepare
    [2009/03/16 12:53:59 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys.prepare
    [2009/03/16 12:53:59 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll.prepare
    [2009/03/16 12:53:48 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys.prepare
    [2009/03/16 12:53:33 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys.prepare
    [2009/03/16 12:04:40 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
    [2009/03/12 02:07:59 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2009/03/12 02:07:59 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2009/03/12 02:07:59 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2009/03/06 16:45:06 | 00,130,424 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
    [2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    < End of report >
  5. 2009-03-25, 21:46 #25
    turkish135
    turkish135 is offline
    Junior Member
    Join Date
    Mar 2009
    Posts
    16

    Default xtras

    OTListIt Extras logfile created on: 3/25/2009 4:39:33 PM - Run 3
    OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Users\fuck\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18372)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    957.87 Mb Total Physical Memory | 380.59 Mb Available Physical Memory | 39.73% Memory free
    2.13 Gb Paging File | 0.98 Gb Available in Paging File | 46.18% Paging File free
    Paging file location(s): ?:\pagefile.sys;

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 105.20 Gb Total Space | 46.50 Gb Free Space | 44.20% Space Free | Partition Type: NTFS
    Drive D: | 6.59 Gb Total Space | 0.61 Gb Free Space | 9.31% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    Drive F: | 1.82 Gb Total Space | 0.86 Gb Free Space | 47.08% Space Free | Partition Type: FAT32
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: LANCSY
    Current User Name: fuck
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Output = Minimal
    File Age = 30 Days
    Company Name Whitelist: On

    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UacDisableNotify" = 1
    "InternetSettingsDisableNotify" = 1
    "AutoUpdateDisableNotify" = 1
    "FirewallDisableNotify" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" =
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink File not found

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}" = HP Wireless Assistant
    "{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
    "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 B9
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.0
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
    "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}" = HP Total Care Advisor
    "{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
    "{B0F97FBF-9F98-4522-B65D-8980FE38C726}" = HP User Guide 0042
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
    "{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
    "{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "AOL Instant Messenger" = AOL Instant Messenger
    "AVG8Uninstall" = AVG 8.0
    "CNXT_HDAUDIO" = Conexant HD Audio
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = Soft Data Fax Modem with SmartCP
    "ERUNT_is1" = ERUNT 1.1j
    "HijackThis" = HijackThis 2.0.2
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
    "NVIDIA Drivers" = NVIDIA Drivers
    "RealPlayer 6.0" = RealPlayer
    "Spyware Doctor" = Spyware Doctor 6.0
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinRAR archiver" = WinRAR archiver

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/24/2009 5:04:16 PM | Computer Name = lancsy | Source = EventSystem | ID = 4609
    Description =

    Error - 3/25/2009 12:42:30 AM | Computer Name = lancsy | Source = Windows Search Service | ID = 3013
    Description =

    Error - 3/25/2009 12:42:30 AM | Computer Name = lancsy | Source = Windows Search Service | ID = 3013
    Description =

    Error - 3/25/2009 12:42:36 AM | Computer Name = lancsy | Source = Windows Search Service | ID = 3013
    Description =

    Error - 3/25/2009 12:42:36 AM | Computer Name = lancsy | Source = Windows Search Service | ID = 3013
    Description =

    Error - 3/25/2009 12:42:39 AM | Computer Name = lancsy | Source = Windows Search Service | ID = 3013
    Description =

    Error - 3/25/2009 12:42:39 AM | Computer Name = lancsy | Source = Windows Search Service | ID = 3013
    Description =

    Error - 3/25/2009 1:52:39 AM | Computer Name = lancsy | Source = Windows Search Service | ID = 3013
    Description =

    Error - 3/25/2009 1:52:39 AM | Computer Name = lancsy | Source = Windows Search Service | ID = 3013
    Description =

    Error - 3/25/2009 1:52:39 AM | Computer Name = lancsy | Source = Windows Search Service | ID = 3013
    Description =

    [ Media Center Events ]
    Error - 3/29/2008 1:11:06 PM | Computer Name = TEST-PC | Source = McrMgr | ID = 100
    Description =

    Error - 3/29/2008 1:13:02 PM | Computer Name = TEST-PC | Source = Mcx2Prov | ID = 505
    Description =

    Error - 3/29/2008 1:13:02 PM | Computer Name = TEST-PC | Source = Mcx2Dvcs | ID = 405
    Description =

    Error - 5/25/2008 8:27:13 AM | Computer Name = TEST-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 5/26/2008 7:17:54 AM | Computer Name = TEST-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 5/27/2008 1:43:18 PM | Computer Name = TEST-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 5/27/2008 6:02:34 PM | Computer Name = TEST-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 6/4/2008 3:25:06 PM | Computer Name = TEST-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 7/5/2008 1:34:04 PM | Computer Name = TEST-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 12/25/2008 2:45:00 PM | Computer Name = TEST-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 9/11/2008 5:35:12 PM | Computer Name = TEST-PC | Source = ACPI | ID = 327686
    Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
    2, function 0. Please contact your system vendor for technical assistance.

    Error - 9/11/2008 5:35:12 PM | Computer Name = TEST-PC | Source = ACPI | ID = 327686
    Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
    3, function 0. Please contact your system vendor for technical assistance.

    Error - 9/14/2008 4:54:49 AM | Computer Name = TEST-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 4:53:28 AM on 9/14/2008 was unexpected.

    Error - 9/14/2008 4:55:57 AM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 9/14/2008 4:55:57 AM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 9/21/2008 8:45:05 AM | Computer Name = TEST-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 8:42:41 AM on 9/21/2008 was unexpected.

    Error - 9/21/2008 8:46:05 AM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 9/21/2008 8:46:05 AM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 9/21/2008 12:48:28 PM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 9/21/2008 12:48:28 PM | Computer Name = TEST-PC | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >
  6. 2009-03-26, 00:19 #26
    turkish135
    turkish135 is offline
    Junior Member
    Join Date
    Mar 2009
    Posts
    16

    Default

    Also..don't know if this helps..while trying that escan WHILE on safemode--the computer just shut down. And when it shuts down like that (without rebooting) it stays shut down. I can try powering it up but it just shuts off in a split second. The only way to re-power the computer with taking the battery out. You don't think its a hardware problem? I hope those error logs provided something(problem) for you to notice. Thx.
  7. 2009-03-26, 09:24 #27
    peku006
    peku006 is offline
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi turkish135
    You don't think its a hardware problem?
    I am not sure what it is ,hardware or software problem,but something is seriously wrong.

    Have you tried repairing system files?

    Run>sfc /scannow
    Some Windows Vista functions may not work, or Windows Vista may stop responding

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.
  8. 2009-03-26, 15:47 #28
    turkish135
    turkish135 is offline
    Junior Member
    Join Date
    Mar 2009
    Posts
    16

    Default

    After 64% completed of a verification process it says--Windows Resource Protection could not perform the requested operation. Do I need to be in safe mode or something?
  9. 2009-03-26, 17:06 #29
    peku006
    peku006 is offline
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi turkish135

    There is no malware that would be causing your problem.May be software,hardware,windows problem.
    Unfortunately you are now outside my area of knowledge, so I'm going to have to recommend that you visit one of the tech forums for assistance.
    http://www.techsupportforum.com/
    http://www.bleepingcomputer.com/forums/
    http://forums.whatthetech.com/forums.html
    http://forums.pcpitstop.com/

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.
  10. 2009-04-02, 19:16 #30
    peku006
    peku006 is offline
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Due to inactivity, this thread will now be closed.

    Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

    If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
    Last edited by tashi; 2009-04-09 at 01:19. Reason: Thank you peku006 :-)
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules