digital protection virus help.

View previous topic View next topic Go down

digital protection virus help.

Post by jjr1765 on 12th April 2010, 11:23 pm

i read the input from the post 3 malware programs and it says to use avira is it safe
i know you would not say to use it if it was not
just want to check you guys say some of it is not to be used with out supervison so is it ok for me to use it
also i think it may have deleted some of my directory's i can not update and i cant turn on my security center how would i go about fixing this i used malwarebytes anti-male ware to remove most of it is there anything else i shold fix so it will run normal again.

jjr1765
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-04-12
Gender Gender : Male
OS OS : windows vista primium
Points Points : 24540
# Likes # Likes : 0

View user profile

Back to top Go down

Re: digital protection virus help.

Post by Belahzur on 13th April 2010, 6:58 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

otl.txt

Post by jjr1765 on 18th April 2010, 5:22 am

OTL logfile created on: 4/18/2010 12:10:24 AM - Run 1
OTL by OldTimer - Version 3.2.1.2 Folder = C:\Users\kayla and bear\Documents\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.45 Gb Total Space | 11.75 Gb Free Space | 18.22% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.10 Gb Free Space | 60.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KALYA-PC
Current User Name: kayla and bear
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/18 00:08:59 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\kayla and bear\Documents\Downloads\OTL.exe
PRC - [2010/01/12 12:25:45 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/01/12 12:25:36 | 000,298,608 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2009/12/16 11:34:56 | 000,503,808 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe
PRC - [2009/12/14 18:13:32 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/03/03 19:59:15 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/10/25 09:03:00 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/08/21 10:32:40 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/08/21 10:32:34 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/08/21 10:31:44 | 000,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2007/07/11 08:15:58 | 000,202,800 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/04/27 08:34:18 | 001,123,872 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/02/08 00:11:04 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/11/02 07:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/10/03 11:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/04/18 00:08:59 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\kayla and bear\Documents\Downloads\OTL.exe
MOD - [2006/11/02 04:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/14 18:13:32 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/10/25 09:02:59 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/25 01:43:59 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/08/21 10:32:40 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/08/21 10:32:40 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/08/21 10:32:40 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/08/21 10:32:40 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/08/21 10:31:44 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2007/08/21 10:30:40 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/08/21 10:29:56 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/07/11 08:15:58 | 000,202,800 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - [2010/04/10 00:15:22 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dhlset.sys -- (tasaqjy)
DRV - [2010/01/26 21:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2007/10/25 09:08:56 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/10/25 09:08:56 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/10/25 09:08:56 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/25 01:45:52 | 000,115,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/08/21 10:34:30 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/08/21 10:34:28 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/08/21 10:34:28 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/08/21 10:34:28 | 000,038,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2007/08/21 10:34:28 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/08/21 10:34:26 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2007/08/21 10:29:48 | 000,212,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys -- (IDSvix86)
DRV - [2007/03/11 23:49:54 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/08 00:11:04 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/25 00:46:38 | 002,085,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/20 14:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/20 14:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/20 14:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/17 18:13:04 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2006/11/11 18:10:40 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/11 18:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/11 18:10:38 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/11 18:10:38 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/30 10:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/18 13:39:05 | 000,000,000 | ---D | M]

[2010/01/11 23:17:03 | 000,000,000 | ---D | M] -- C:\Users\kayla and bear\AppData\Roaming\mozilla\Extensions
[2010/01/04 23:27:58 | 000,000,000 | ---D | M] -- C:\Users\kayla and bear\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Pop-up Blocker) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (NetZero, Inc.)
O2 - BHO: (URLHooker2 Class) - {93935F7F-9C88-42F8-8445-95251D27FABC} - C:\Program Files\Flash Video Downloader\URLHooker.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [%PROVIDERID%] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\kayla and bear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\kayla and bear\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\kayla and bear\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{008534a5-3e7c-11df-b78f-001c23998695}\Shell - "" = AutoRun
O33 - MountPoints2\{008534a5-3e7c-11df-b78f-001c23998695}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/17 21:15:19 | 000,000,000 | ---D | C] -- C:\Users\kayla and bear\Desktop\no$gba 2
[2010/04/17 00:32:57 | 000,000,000 | ---D | C] -- C:\Users\kayla and bear\Desktop\warioware diy
[2010/04/15 15:05:46 | 000,000,000 | ---D | C] -- C:\Users\kayla and bear\Desktop\New Folder (2)
[2010/04/15 14:37:28 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/15 14:37:28 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/15 14:37:22 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/15 14:37:16 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/15 14:37:16 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/15 14:37:10 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/04/15 14:37:10 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010/04/13 18:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\OXXOGames
[2010/04/13 17:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Selectsoft
[2010/04/12 16:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/04/10 22:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\Flash Video Downloader
[2010/04/09 23:57:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/09 23:57:10 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/09 23:29:41 | 000,000,000 | ---D | C] -- C:\Users\kayla and bear\AppData\Roaming\Malwarebytes
[2010/04/09 23:29:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/09 23:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/09 21:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Protection
[2010/04/09 21:02:38 | 000,000,000 | ---D | C] -- C:\Windows\PRAGMArcvpidxrhd
[2010/04/08 15:50:23 | 000,000,000 | ---D | C] -- C:\Users\kayla and bear\Documents\stuff
[2010/04/08 15:35:03 | 000,000,000 | ---D | C] -- C:\Users\kayla and bear\Desktop\BATTERY
[2010/04/08 15:34:52 | 000,000,000 | ---D | C] -- C:\Users\kayla and bear\Desktop\SLOT
[2010/04/08 00:59:44 | 000,000,000 | ---D | C] -- C:\Users\kayla and bear\AppData\Roaming\PeerNetworking
[2010/04/05 16:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\FlashOffliner
[2010/04/05 15:34:26 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL
[2010/04/05 15:34:26 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2010/04/05 15:34:24 | 000,939,224 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\Flash.ocx
[2010/04/05 15:34:24 | 000,102,400 | ---- | C] (Miguel Redondo) -- C:\Windows\System32\MRActLabel.ocx
[2010/04/05 15:34:22 | 000,184,320 | ---- | C] (Alvaro Redondo) -- C:\Windows\System32\ARFrmExt.ocx
[2010/04/05 15:34:22 | 000,069,632 | ---- | C] (Alvaro Redondo) -- C:\Windows\System32\ARFlatButton.ocx
[2010/04/05 15:34:21 | 000,131,072 | ---- | C] (Alvaro Redondo) -- C:\Windows\System32\ARButton.ocx
[2010/04/03 20:17:32 | 000,000,000 | ---D | C] -- C:\Users\kayla and bear\Documents\jimmys mp3s
[2010/03/30 21:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010/03/30 18:52:03 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/30 18:52:03 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/30 18:52:02 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/30 18:52:02 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/30 18:52:01 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/30 18:52:01 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/30 18:52:01 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/30 18:52:01 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/03/30 18:52:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/30 18:52:00 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/03/30 18:52:00 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/30 18:52:00 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/30 18:52:00 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/30 18:51:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/30 18:51:59 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/29 18:34:29 | 000,000,000 | ---D | C] -- C:\Users\kayla and bear\AppData\Roaming\School Zone Preferences
[2010/03/27 16:23:54 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010/03/23 13:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/23 13:55:41 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/03/23 13:55:41 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/03/23 13:55:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/03/23 13:55:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/03/19 18:03:16 | 000,000,000 | ---D | C] -- C:\Users\kayla and bear\AppData\Roaming\Roxio
[2010/03/19 13:16:42 | 000,000,000 | ---D | C] -- C:\Users\kayla and bear\Desktop\Cheats
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/18 00:10:08 | 001,835,008 | -HS- | M] () -- C:\Users\kayla and bear\NTUSER.DAT
[2010/04/17 23:42:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/17 23:21:49 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/17 23:21:49 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/17 23:13:56 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{359BB293-7694-4D98-8FB9-E4F81022EC8C}.job
[2010/04/17 20:29:04 | 000,735,142 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/17 20:29:04 | 000,624,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/17 20:29:04 | 000,108,578 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/17 20:23:36 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/17 20:21:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/17 20:21:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/17 20:19:39 | 003,413,786 | -H-- | M] () -- C:\Users\kayla and bear\AppData\Local\IconCache.db
[2010/04/17 15:31:32 | 000,140,408 | ---- | M] () -- C:\Users\kayla and bear\Desktop\Hold.dat
[2010/04/17 15:31:32 | 000,003,718 | ---- | M] () -- C:\Users\kayla and bear\Desktop\Gens32.cfg
[2010/04/16 23:16:53 | 000,309,197 | ---- | M] () -- C:\Users\kayla and bear\Desktop\miles egdeworth walkthrough.rtf
[2010/04/16 17:24:13 | 000,026,449 | ---- | M] () -- C:\Users\kayla and bear\Desktop\snes9x.cfg
[2010/04/15 16:19:22 | 000,002,219 | ---- | M] () -- C:\Users\kayla and bear\Desktop\wham.rtf
[2010/04/15 15:05:22 | 000,001,536 | ---- | M] () -- C:\Users\kayla and bear\Desktop\NO$GBA.INP
[2010/04/15 14:43:16 | 000,002,327 | ---- | M] () -- C:\Users\kayla and bear\Desktop\NO$GBA.INI
[2010/04/15 12:38:09 | 000,003,549 | ---- | M] () -- C:\Users\kayla and bear\Desktop\vba.ini
[2010/04/14 11:40:50 | 000,000,680 | ---- | M] () -- C:\Users\kayla and bear\AppData\Local\d3d9caps.dat
[2010/04/13 18:27:47 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Puzzle and Board XP Championship.lnk
[2010/04/12 20:48:10 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/12 17:07:35 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2010/04/12 16:59:37 | 000,320,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/12 16:54:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/04/12 16:53:10 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/04/12 16:48:07 | 000,101,376 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2010/04/12 16:48:02 | 000,079,872 | ---- | M] (Axalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2010/04/10 00:15:22 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\dhlset.sys
[2010/04/10 00:15:22 | 000,000,004 | ---- | M] () -- C:\Windows\System32\wpjrnqf
[2010/04/09 23:57:16 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/09 23:26:31 | 000,000,146 | ---- | M] () -- C:\Windows\System32\PRAGMAlmalhrhfho.dat
[2010/04/09 22:04:18 | 000,000,036 | ---- | M] () -- C:\Users\kayla and bear\AppData\Local\housecall.guid.cache
[2010/04/09 21:02:42 | 000,001,187 | ---- | M] () -- C:\ProgramData\pragmamfeklnmal.dll
[2010/04/09 19:12:11 | 000,049,664 | ---- | M] () -- C:\Users\kayla and bear\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/08 18:56:12 | 000,000,866 | ---- | M] () -- C:\Users\kayla and bear\Desktop\FlashOffliner.lnk
[2010/04/08 00:59:45 | 000,031,274 | ---- | M] () -- C:\Users\kayla and bear\AppData\Roaming\UserTile.png
[2010/04/07 20:38:22 | 000,000,381 | ---- | M] () -- C:\Users\kayla and bear\Documents\Pictures - Shortcut.lnk
[2010/04/05 15:54:40 | 000,000,003 | -H-- | M] () -- C:\Windows\System32\FR33
[2010/04/05 15:53:06 | 000,002,485 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[2010/04/01 21:42:48 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/03/31 19:19:53 | 000,298,379 | ---- | M] () -- C:\Users\kayla and bear\Documents\quick_eng_200704.pdf
[2010/03/31 19:19:16 | 000,516,049 | ---- | M] () -- C:\Users\kayla and bear\Documents\guidelines_smaw.pdf
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/24 19:38:59 | 000,042,496 | ---- | M] () -- C:\Users\kayla and bear\Documents\san adreas.rtf.wps
[2010/03/24 19:38:59 | 000,000,330 | ---- | M] () -- C:\Users\kayla and bear\AppData\Roaming\wklnhst.dat
[2010/03/24 16:00:30 | 000,000,188 | ---- | M] () -- C:\Users\kayla and bear\Documents\myler disabilty.rtf
[2010/03/24 00:05:58 | 000,041,724 | ---- | M] () -- C:\Users\kayla and bear\Documents\san adreas.rtf
[2010/03/23 14:47:20 | 006,827,763 | ---- | M] () -- C:\Users\kayla and bear\Desktop\chris crocker.flv
[2010/03/23 13:54:59 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/03/23 13:54:59 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/03/23 13:54:59 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/03/23 13:54:59 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/03/22 19:40:54 | 000,000,175 | ---- | M] () -- C:\Users\kayla and bear\Documents\billy.rtf
[2010/03/21 11:54:50 | 001,048,576 | -HS- | M] () -- C:\Users\kayla and bear\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.2.regtrans-ms
[2010/03/21 11:54:50 | 001,048,576 | -HS- | M] () -- C:\Users\kayla and bear\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.1.regtrans-ms
[2010/03/21 11:54:50 | 001,048,576 | -HS- | M] () -- C:\Users\kayla and bear\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.0.regtrans-ms
[2010/03/21 11:54:50 | 000,065,536 | -HS- | M] () -- C:\Users\kayla and bear\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.blf
[2010/03/20 18:08:45 | 000,000,998 | ---- | M] () -- C:\Users\Public\Desktop\FLV Player.lnk
[2010/03/19 13:16:27 | 000,000,134 | R--- | M] () -- C:\Users\kayla and bear\Desktop\Valid.Ext
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/16 23:07:14 | 000,309,197 | ---- | C] () -- C:\Users\kayla and bear\Desktop\miles egdeworth walkthrough.rtf
[2010/04/15 16:16:46 | 000,002,219 | ---- | C] () -- C:\Users\kayla and bear\Desktop\wham.rtf
[2010/04/13 18:27:47 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Puzzle and Board XP Championship.lnk
[2010/04/12 20:48:10 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/12 16:54:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/04/12 16:53:10 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/04/11 01:37:17 | 000,000,436 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{359BB293-7694-4D98-8FB9-E4F81022EC8C}.job
[2010/04/10 00:15:22 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\dhlset.sys
[2010/04/10 00:15:22 | 000,000,004 | ---- | C] () -- C:\Windows\System32\wpjrnqf
[2010/04/09 23:57:16 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/09 22:04:18 | 000,000,036 | ---- | C] () -- C:\Users\kayla and bear\AppData\Local\housecall.guid.cache
[2010/04/09 21:02:42 | 000,001,187 | ---- | C] () -- C:\ProgramData\pragmamfeklnmal.dll
[2010/04/09 21:02:38 | 000,000,146 | ---- | C] () -- C:\Windows\System32\PRAGMAlmalhrhfho.dat
[2010/04/08 18:56:12 | 000,000,866 | ---- | C] () -- C:\Users\kayla and bear\Desktop\FlashOffliner.lnk
[2010/04/08 15:35:40 | 000,001,536 | ---- | C] () -- C:\Users\kayla and bear\Desktop\NO$GBA.INP
[2010/04/08 15:35:36 | 000,002,327 | ---- | C] () -- C:\Users\kayla and bear\Desktop\NO$GBA.INI
[2010/04/08 15:34:14 | 000,162,454 | ---- | C] () -- C:\Users\kayla and bear\Desktop\NO$GBA.EXE
[2010/04/07 20:38:22 | 000,000,381 | ---- | C] () -- C:\Users\kayla and bear\Documents\Pictures - Shortcut.lnk
[2010/04/05 15:54:40 | 000,000,003 | -H-- | C] () -- C:\Windows\System32\FR33
[2010/04/05 15:34:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2010/03/31 19:19:53 | 000,298,379 | ---- | C] () -- C:\Users\kayla and bear\Documents\quick_eng_200704.pdf
[2010/03/31 19:19:16 | 000,516,049 | ---- | C] () -- C:\Users\kayla and bear\Documents\guidelines_smaw.pdf
[2010/03/27 12:55:33 | 000,003,549 | ---- | C] () -- C:\Users\kayla and bear\Desktop\vba.ini
[2010/03/24 16:00:30 | 000,000,188 | ---- | C] () -- C:\Users\kayla and bear\Documents\myler disabilty.rtf
[2010/03/24 00:34:24 | 000,042,496 | ---- | C] () -- C:\Users\kayla and bear\Documents\san adreas.rtf.wps
[2010/03/23 15:16:29 | 000,041,724 | ---- | C] () -- C:\Users\kayla and bear\Documents\san adreas.rtf
[2010/03/23 14:42:51 | 006,827,763 | ---- | C] () -- C:\Users\kayla and bear\Desktop\chris crocker.flv
[2010/03/22 19:40:54 | 000,000,175 | ---- | C] () -- C:\Users\kayla and bear\Documents\billy.rtf
[2010/03/21 11:54:50 | 001,048,576 | -HS- | C] () -- C:\Users\kayla and bear\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.2.regtrans-ms
[2010/03/21 11:54:50 | 001,048,576 | -HS- | C] () -- C:\Users\kayla and bear\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.1.regtrans-ms
[2010/03/21 11:54:50 | 001,048,576 | -HS- | C] () -- C:\Users\kayla and bear\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.0.regtrans-ms
[2010/03/21 11:54:50 | 000,065,536 | -HS- | C] () -- C:\Users\kayla and bear\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.blf
[2010/03/20 18:08:45 | 000,000,998 | ---- | C] () -- C:\Users\Public\Desktop\FLV Player.lnk
[2010/03/19 13:16:27 | 000,000,134 | R--- | C] () -- C:\Users\kayla and bear\Desktop\Valid.Ext
[2010/03/11 21:05:12 | 000,000,680 | ---- | C] () -- C:\Users\kayla and bear\AppData\Local\d3d9caps.dat
[2010/02/27 00:43:47 | 000,031,274 | ---- | C] () -- C:\Users\kayla and bear\AppData\Roaming\UserTile.png
[2010/02/12 17:59:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/26 21:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/01/09 22:00:16 | 000,000,330 | ---- | C] () -- C:\Users\kayla and bear\AppData\Roaming\wklnhst.dat
[2010/01/04 23:18:44 | 000,049,664 | ---- | C] () -- C:\Users\kayla and bear\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/04 22:32:32 | 000,000,632 | RHS- | C] () -- C:\Users\kayla and bear\ntuser.pol
[2010/01/04 22:30:44 | 000,000,020 | -HS- | C] () -- C:\Users\kayla and bear\ntuser.ini
[2010/01/04 22:30:43 | 000,524,288 | -HS- | C] () -- C:\Users\kayla and bear\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/01/04 22:30:42 | 001,835,008 | -HS- | C] () -- C:\Users\kayla and bear\NTUSER.DAT
[2010/01/04 22:30:42 | 000,524,288 | -HS- | C] () -- C:\Users\kayla and bear\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/04 22:30:42 | 000,262,144 | -H-- | C] () -- C:\Users\kayla and bear\ntuser.dat.LOG2
[2010/01/04 22:30:42 | 000,262,144 | -H-- | C] () -- C:\Users\kayla and bear\ntuser.dat.LOG1
[2010/01/04 22:30:42 | 000,065,536 | -HS- | C] () -- C:\Users\kayla and bear\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/03/11 13:33:17 | 000,001,141 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/04/13 18:24:41 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008/02/01 13:42:11 | 000,000,041 | ---- | C] () -- C:\Windows\SIERRA.INI
[2007/10/25 09:09:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/10/25 09:09:21 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/10/25 01:30:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:5856B2C0
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:2430E4FC
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:1C9565AC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:3E7393FC
< End of report >

jjr1765
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-04-12
Gender Gender : Male
OS OS : windows vista primium
Points Points : 24540
# Likes # Likes : 0

View user profile

Back to top Go down

extras.txt

Post by jjr1765 on 18th April 2010, 5:26 am

OTL Extras logfile created on: 4/18/2010 12:10:24 AM - Run 1
OTL by OldTimer - Version 3.2.1.2 Folder = C:\Users\kayla and bear\Documents\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.45 Gb Total Space | 11.75 Gb Free Space | 18.22% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.10 Gb Free Space | 60.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KALYA-PC
Current User Name: kayla and bear
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DF1FA29-094E-4142-8D8A-CFC9D7FDE9DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{30534B40-BB50-469A-BA48-E8F811BEE316}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{3CF0E6CE-B597-47EE-A672-214CB08A9AFA}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{4B66616E-5226-4065-A11C-E347AD9754CB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{4C06CEE8-0570-4ECA-8367-D4244C584C4B}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{5117DE26-12E4-487C-80FC-02C147F900F7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{59EF9665-1A4A-46C8-9B82-8C2DC5F6A763}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{62874BE4-0A9B-43D9-A1E7-AA26A64D1284}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{63DBFAC1-A8FD-405D-81DB-FE7340275587}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{6424586F-AB62-4A99-AE01-3E00ABE6AE44}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{684BE669-DBF2-4A8C-8702-B7FFB8F79584}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{6B1F0711-3204-40DC-93C9-FCD7465A4751}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{76700345-6A3F-48FE-9AA4-F4E34A9FA883}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{7A6761CC-C2D9-4034-8FEB-207D3C9CDE8C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{7BEEC9BA-46BE-4A98-A4D7-A85337AA4CD3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{812E229C-B454-4EA6-A642-1072829AB325}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{930A3D1C-F0C8-4890-8EB4-7EC14E6C9998}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{A78166FB-770D-4B43-AA77-7ACAE51849EE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{A78C3C7E-0919-4B0C-924E-A1FD99D4101D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{C5726878-266F-4038-9196-317331A17E5F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D535C2C7-9AD3-4288-BD19-D9EB5062BEE4}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F66A7868-E20A-49E2-977C-F43A8AC24CED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{FC7C7F54-726E-487A-98C6-8DCF93FADB0E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"TCP Query User{1E2E82A3-8388-42E6-B319-8F12AF2B3137}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{D5A0D0DF-D4F5-4648-A278-6E03F79C0872}C:\users\kayla and bear\desktop\visualboyadvance.exe" = protocol=6 | dir=in | app=c:\users\kayla and bear\desktop\visualboyadvance.exe |
"UDP Query User{9ED141AD-898A-4CA1-9679-A318A5A42C14}C:\users\kayla and bear\desktop\visualboyadvance.exe" = protocol=17 | dir=in | app=c:\users\kayla and bear\desktop\visualboyadvance.exe |
"UDP Query User{A48C3B81-86B4-429D-A4A7-5DD8B3B610AC}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6c651250-2eb2-11d5-8e33-0050dad72ac2}" = NetZero Internet
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B63C1E49-2E0E-406B-BD8A-C703E4263E0A}" = AdVantage
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}" = ATI PCI Express (3GIO) Filter Driver
"{EAB9C426-6626-7B76-64F3-569FDCA9852D}" = ATI Catalyst Control Center Ex
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"500 Solitaire Games" = 500 Solitaire Games
"7-Zip" = 7-Zip 9.10 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Flash Video Downloader_is1" = Flash Video Downloader 0.1
"FlashOffliner" = FlashOffliner 1.0
"FLV Player" = FLV Player 2.0 (build 25)
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"LimeWire" = LimeWire 5.4.6
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Puzzle and Board XP Championship" = Puzzle and Board XP Championship
"Puzzle XP Championship 3000" = Puzzle XP Championship 3000
"Shop for HP Supplies" = Shop for HP Supplies
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"VideoGet_is1" = Nuclear Coffee - VideoGet
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/16/2010 10:45:09 PM | Computer Name = kalya-PC | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.6000.6353, time stamp
0x4aa91b5d, faulting module wmp.dll, version 11.0.6000.6353, time stamp 0x4aa93aa7,
exception code 0xc0000005, fault offset 0x00585ee9, process id 0xfc0, application
start time 0x01caddd557634a85.

Error - 4/17/2010 3:42:08 AM | Computer Name = kalya-PC | Source = Google Update | ID = 20
Description =

Error - 4/17/2010 2:42:07 PM | Computer Name = kalya-PC | Source = Google Update | ID = 20
Description =

Error - 4/17/2010 4:42:08 PM | Computer Name = kalya-PC | Source = Google Update | ID = 20
Description =

Error - 4/17/2010 5:42:06 PM | Computer Name = kalya-PC | Source = Google Update | ID = 20
Description =

Error - 4/17/2010 6:42:06 PM | Computer Name = kalya-PC | Source = Google Update | ID = 20
Description =

Error - 4/17/2010 7:42:06 PM | Computer Name = kalya-PC | Source = Google Update | ID = 20
Description =

Error - 4/17/2010 8:42:06 PM | Computer Name = kalya-PC | Source = Google Update | ID = 20
Description =

Error - 4/17/2010 9:24:04 PM | Computer Name = kalya-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 4/17/2010 9:29:04 PM | Computer Name = kalya-PC | Source = WerSvc | ID = 5007
Description =

[ Broadcom Wireless LAN Events ]
Error - 1/20/2010 12:48:22 PM | Computer Name = kalya-PC | Source = WLAN-Tray | ID = 0
Description = 10:48:21, Wed, Jan 20, 10 Error - Unable to gain access to user store


Error - 1/21/2010 1:54:27 PM | Computer Name = kalya-PC | Source = WLAN-Tray | ID = 0
Description = 11:54:26, Thu, Jan 21, 10 Error - Unable to gain access to user store


Error - 1/21/2010 7:27:22 PM | Computer Name = kalya-PC | Source = WLAN-Tray | ID = 0
Description = 17:27:22, Thu, Jan 21, 10 Error - Unable to gain access to user store


Error - 1/21/2010 11:55:15 PM | Computer Name = kalya-PC | Source = WLAN-Tray | ID = 0
Description = 21:55:15, Thu, Jan 21, 10 Error - Unable to gain access to user store


Error - 1/22/2010 2:44:23 AM | Computer Name = kalya-PC | Source = WLAN-Tray | ID = 0
Description = 00:44:23, Fri, Jan 22, 10 Error - Unable to gain access to user store


Error - 1/24/2010 12:48:29 AM | Computer Name = kalya-PC | Source = WLAN-Tray | ID = 0
Description = 22:48:29, Sat, Jan 23, 10 Error - Unable to gain access to user store


Error - 1/25/2010 2:41:11 AM | Computer Name = kalya-PC | Source = WLAN-Tray | ID = 0
Description = 00:41:10, Mon, Jan 25, 10 Error - Unable to gain access to user store


Error - 1/26/2010 5:36:36 PM | Computer Name = kalya-PC | Source = WLAN-Tray | ID = 0
Description = 15:36:35, Tue, Jan 26, 10 Error - Unable to gain access to user store


Error - 1/29/2010 12:34:11 PM | Computer Name = kalya-PC | Source = WLAN-Tray | ID = 0
Description = 10:34:10, Fri, Jan 29, 10 Error - Unable to gain access to user store


Error - 2/2/2010 12:59:11 AM | Computer Name = kalya-PC | Source = WLAN-Tray | ID = 0
Description = 22:59:10, Mon, Feb 01, 10 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 5/19/2009 1:29:01 PM | Computer Name = kalya-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 4/18/2010 12:51:01 AM | Computer Name = kalya-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 4/18/2010 12:51:07 AM | Computer Name = kalya-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 4/18/2010 12:57:37 AM | Computer Name = kalya-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 4/18/2010 12:57:44 AM | Computer Name = kalya-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 4/18/2010 12:57:50 AM | Computer Name = kalya-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 4/18/2010 12:57:56 AM | Computer Name = kalya-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 4/18/2010 12:58:02 AM | Computer Name = kalya-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 4/18/2010 12:58:09 AM | Computer Name = kalya-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 4/18/2010 12:58:15 AM | Computer Name = kalya-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 4/18/2010 12:58:21 AM | Computer Name = kalya-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.


< End of report >

jjr1765
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-04-12
Gender Gender : Male
OS OS : windows vista primium
Points Points : 24540
# Likes # Likes : 0

View user profile

Back to top Go down

Re: digital protection virus help.

Post by jjr1765 on 18th April 2010, 5:31 am

is it ok for me to run a de-frag or will i haf to re run the scan because it will change something in the log.
i'm new to this trouble and am not experienced with this kind of stuff i saw it said that it ran some errors in the romdrive right and it also said that it could not gain accsess to some files is it impotant to see them if so how can i help you to help me?

jjr1765
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-04-12
Gender Gender : Male
OS OS : windows vista primium
Points Points : 24540
# Likes # Likes : 0

View user profile

Back to top Go down

Re: digital protection virus help.

Post by Belahzur on 18th April 2010, 4:51 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Adobe Reader 8.1.0
    Java(TM) SE Runtime Environment 6
    LimeWire 5.4.6

  • Click on the Uninstall/Change button at the top.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O4 - HKLM..\Run: [] File not found
    O33 - MountPoints2\{008534a5-3e7c-11df-b78f-001c23998695}\Shell - "" = AutoRun
    [2010/04/10 00:15:22 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\dhlset.sys
    [2010/04/10 00:15:22 | 000,000,004 | ---- | M] () -- C:\Windows\System32\wpjrnqf
    [2010/04/09 21:02:42 | 000,001,187 | ---- | C] () -- C:\ProgramData\pragmamfeklnmal.dll
    [2010/04/09 21:02:38 | 000,000,146 | ---- | C] () -- C:\Windows\System32\PRAGMAlmalhrhfho.dat


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

ok

Post by jjr1765 on 18th April 2010, 11:43 pm

Error: Unable to interpret in the current context!
Error: Unable to interpret ~[Filtered]~ in the current context!
Error: Unable to interpret <[2010/04/10 00:15:22 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\dhlset.sys> in the current context!
Error: Unable to interpret <[2010/04/10 00:15:22 | 000,000,004 | ---- | M] () -- C:\Windows\System32\wpjrnqf> in the current context!
Error: Unable to interpret <[2010/04/09 21:02:42 | 000,001,187 | ---- | C] () -- C:\ProgramData\pragmamfeklnmal.dll> in the current context!
Error: Unable to interpret <[2010/04/09 21:02:38 | 000,000,146 | ---- | C] () -- C:\Windows\System32\PRAGMAlmalhrhfho.dat> in the current context!

OTL by OldTimer - Version 3.2.1.2 log created on 04182010_184015

jjr1765
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-04-12
Gender Gender : Male
OS OS : windows vista primium
Points Points : 24540
# Likes # Likes : 0

View user profile

Back to top Go down

Re: digital protection virus help.

Post by Belahzur on 18th April 2010, 11:44 pm

Hello.
Did you miss :OTL as the top line? the script didn't work correctly.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

sorry

Post by jjr1765 on 18th April 2010, 11:48 pm

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{008534a5-3e7c-11df-b78f-001c23998695}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{008534a5-3e7c-11df-b78f-001c23998695}\ not found.
C:\Windows\System32\drivers\dhlset.sys moved successfully.
C:\Windows\System32\wpjrnqf moved successfully.
C:\ProgramData\pragmamfeklnmal.dll moved successfully.
C:\Windows\System32\PRAGMAlmalhrhfho.dat moved successfully.

OTL by OldTimer - Version 3.2.1.2 log created on 04182010_184559

jjr1765
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-04-12
Gender Gender : Male
OS OS : windows vista primium
Points Points : 24540
# Likes # Likes : 0

View user profile

Back to top Go down

Re: digital protection virus help.

Post by Belahzur on 18th April 2010, 11:53 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

ok

Post by jjr1765 on 18th April 2010, 11:56 pm

sorry i have that already i'm running it again and will post in a few

jjr1765
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-04-12
Gender Gender : Male
OS OS : windows vista primium
Points Points : 24540
# Likes # Likes : 0

View user profile

Back to top Go down

mbma-log

Post by jjr1765 on 19th April 2010, 12:11 am

Malwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 3973

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

4/18/2010 7:08:41 PM
mbam-log-2010-04-18 (19-08-41).txt

Scan type: Quick scan
Objects scanned: 113109
Time elapsed: 7 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jjr1765
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-04-12
Gender Gender : Male
OS OS : windows vista primium
Points Points : 24540
# Likes # Likes : 0

View user profile

Back to top Go down

Re: digital protection virus help.

Post by Belahzur on 19th April 2010, 12:13 am

I want one more MBAM scan, but it needs updating first.

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: digital protection virus help.

Post by jjr1765 on 19th April 2010, 12:20 am

now as i said i cleared most of it off but i cant get the security center to run could it be something not up to date and Microsoft needs me to update cause their changing something but i cant do that ether.

jjr1765
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-04-12
Gender Gender : Male
OS OS : windows vista primium
Points Points : 24540
# Likes # Likes : 0

View user profile

Back to top Go down

here you go

Post by jjr1765 on 19th April 2010, 12:41 am

Malwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 4005

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

4/18/2010 7:29:22 PM
mbam-log-2010-04-18 (19-29-22).txt

Scan type: Quick scan
Objects scanned: 114505
Time elapsed: 7 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\pragma (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Windows\PRAGMArcvpidxrhd (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

jjr1765
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-04-12
Gender Gender : Male
OS OS : windows vista primium
Points Points : 24540
# Likes # Likes : 0

View user profile

Back to top Go down

Re: digital protection virus help.

Post by jjr1765 on 19th April 2010, 12:45 am

hello

jjr1765
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-04-12
Gender Gender : Male
OS OS : windows vista primium
Points Points : 24540
# Likes # Likes : 0

View user profile

Back to top Go down

Re: digital protection virus help.

Post by Belahzur on 19th April 2010, 12:52 am

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: digital protection virus help.

Post by jjr1765 on 19th April 2010, 4:44 am

it did not give me a log to post to you but it said that it was clean i did not uninstall so what next

jjr1765
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-04-12
Gender Gender : Male
OS OS : windows vista primium
Points Points : 24540
# Likes # Likes : 0

View user profile

Back to top Go down

Re: digital protection virus help.

Post by Belahzur on 19th April 2010, 9:43 am

Hello.

Please download and install [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: digital protection virus help.

Post by jjr1765 on 19th April 2010, 10:46 pm

then i should run the scan again or search for it
when i did the last time it said that there was no file by that name the reader will help right.

jjr1765
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-04-12
Gender Gender : Male
OS OS : windows vista primium
Points Points : 24540
# Likes # Likes : 0

View user profile

Back to top Go down

Re: digital protection virus help.

Post by Belahzur on 20th April 2010, 11:54 am

Hello.
No, just install it so you get the latest updates, this should be fine now, everything looks good.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: digital protection virus help.

Post by jjr1765 on 21st April 2010, 1:38 am

ok i surfed around and found that norton will shut the secutity center down thats ok but i want to beef up my security and i'm using the post"how did i get infected" i want to use one of the antivirus on there but i here avira has a adware bug in it should i still use it

jjr1765
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-04-12
Gender Gender : Male
OS OS : windows vista primium
Points Points : 24540
# Likes # Likes : 0

View user profile

Back to top Go down

Re: digital protection virus help.

Post by Belahzur on 21st April 2010, 3:55 pm

Haha, Avira has a popup ad for the premium version of Avira, but I don't mind it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: digital protection virus help.

Post by jjr1765 on 24th April 2010, 10:22 pm

ok thank you.

jjr1765
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-04-12
Gender Gender : Male
OS OS : windows vista primium
Points Points : 24540
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum