Have a virus, but cannot find it!! HELP Please

View previous topic View next topic Go down

Have a virus, but cannot find it!! HELP Please

Post by mmiklos on Thu 10 Jun 2010, 10:36 am

My computer is infected with a spyware/malware - I have gone through the Malwarebytes scan and it does not find anything, I try to run my Symantec scan and it start for only a second and then says scan stopped by user - I am not stopping the scan! I had one of those fake scans come up and start running the other day, I shut my computer down before it completed but fear there is something going on behind the scenes! I am operating Windows XP, any help would be greatly appreciated!!

mmiklos
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-06-10
OS OS : Windows XP
Points Points : 23788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Have a virus, but cannot find it!! HELP Please

Post by Belahzur on Thu 10 Jun 2010, 6:07 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Have a virus, but cannot find it!! HELP Please

Post by mmiklos on Fri 11 Jun 2010, 10:53 am

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 39.11 Gb Free Space | 52.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 280.40 Gb Total Space | 244.52 Gb Free Space | 87.20% Space Free | Partition Type: NTFS
Drive H: | 280.40 Gb Total Space | 244.52 Gb Free Space | 87.20% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive P: | 280.40 Gb Total Space | 244.52 Gb Free Space | 87.20% Space Free | Partition Type: NTFS
Drive R: | 280.40 Gb Total Space | 244.52 Gb Free Space | 87.20% Space Free | Partition Type: NTFS
Drive Z: | 280.40 Gb Total Space | 244.52 Gb Free Space | 87.20% Space Free | Partition Type: NTFS

Computer Name: WORKSTATION12
Current User Name: mmiklos
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/11 09:47:24 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mmiklos\Desktop\OTL.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/12/08 21:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/08/17 22:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2008/11/04 02:44:24 | 000,814,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE
PRC - [2008/08/20 21:18:00 | 000,443,968 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/24 21:12:48 | 001,036,288 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/07/26 21:03:46 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/26 21:03:44 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/06/20 16:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/04/18 12:10:16 | 000,692,224 | ---- | M] (SHARP CORPORATION) -- C:\Program Files\Sharp\Sharpdesk\FTPServer.exe
PRC - [2006/04/18 12:08:02 | 000,544,768 | ---- | M] (SHARP CORPORATION) -- C:\Program Files\Sharp\Sharpdesk\nsapp.exe
PRC - [2006/04/17 02:16:14 | 000,032,768 | ---- | M] (SHARP CORPORATION) -- C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
PRC - [2003/05/21 01:27:46 | 000,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2003/05/21 01:22:36 | 000,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2003/05/21 01:21:18 | 000,090,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
PRC - [2001/10/09 11:20:56 | 000,067,848 | ---- | M] (Seiko Instruments USA, Inc.) -- C:\WINDOWS\system32\slpmonx.exe
PRC - [2001/10/09 11:20:54 | 000,032,256 | ---- | M] (ProdEx Technologies) -- C:\WINDOWS\system32\slpservice.exe
PRC - [2001/10/09 11:19:58 | 000,049,152 | ---- | M] (Seiko Instruments USA Inc.) -- C:\WINDOWS\Seiko\slpcap.exe


========== Modules (SafeList) ==========

MOD - [2010/06/11 09:47:24 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mmiklos\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2007/07/26 21:03:46 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/06/20 16:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2003/05/21 01:27:46 | 000,610,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2003/05/21 01:22:36 | 000,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2001/10/09 11:20:54 | 000,032,256 | ---- | M] (ProdEx Technologies) [Auto | Running] -- C:\WINDOWS\system32\slpservice.exe -- (SLPMONX)


========== Driver Services (SafeList) ==========

DRV - [2010/06/04 20:24:36 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100604.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/06/04 20:24:36 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100604.006\NAVENG.SYS -- (NAVENG)
DRV - [2008/10/04 11:31:57 | 000,073,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/24 21:12:48 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2007/09/24 21:12:48 | 000,307,712 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/09/24 20:06:46 | 000,305,688 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/07/25 22:55:36 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/07/17 15:24:00 | 005,761,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/06/20 16:30:20 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/08/11 21:42:42 | 003,958,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/05/02 21:08:22 | 000,030,208 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL)
DRV - [2003/05/02 21:08:18 | 000,224,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.*;192.168.1.*;
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/11 04:28:38 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File not found
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [FtpServer.exe] C:\Program Files\Sharp\Sharpdesk\FtpServer.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexTray] C:\Program Files\Sharp\Sharpdesk\IndexTray.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SharpTray] C:\Program Files\Sharp\Sharpdesk\SharpTray.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TypeRegChecker] C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe (Seiko Instruments USA Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} [You must be registered and logged in to see this link.] (EPUImageControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} [You must be registered and logged in to see this link.] (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} [You must be registered and logged in to see this link.] (CamImage Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [You must be registered and logged in to see this link.] (GpcContainer Class)
O16 - DPF: 89F5242A-1C1E-4AA9-ACB4-9DCBD93F9927 [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.3 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = insureonebenefits.com
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sds {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\mmiklos\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mmiklos\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4a67698e-552d-11df-9885-001d092087cf}\Shell\AutoRun\command - "" = E:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{4a67698e-552d-11df-9885-001d092087cf}\Shell\slacker\command - "" = E:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{9d41d5f7-1772-11df-9873-001d092087cf}\Shell - "" = AutoRun
O33 - MountPoints2\{9d41d5f7-1772-11df-9873-001d092087cf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9d41d5f7-1772-11df-9873-001d092087cf}\Shell\AutoRun\command - "" = E:\launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/11 09:47:19 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mmiklos\Desktop\OTL.exe
[2010/06/11 03:10:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/10 19:50:14 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/10 14:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/06/10 14:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/06/10 14:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/06/10 14:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/06/10 14:27:39 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/10 14:27:39 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/10 14:27:39 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/10 14:27:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/10 14:27:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/10 09:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\Free CraigsList Reader Pro from CraigsPal
[2010/06/09 08:51:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/09 08:51:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/08 12:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2010/06/08 12:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Help
[2010/06/04 14:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Power Commander 5
[2010/05/18 09:20:33 | 000,000,000 | ---D | C] -- C:\PHPIN201007
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/11 09:47:24 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mmiklos\Desktop\OTL.exe
[2010/06/11 09:14:01 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3713246345-629901265-1636707324-1126UA.job
[2010/06/11 09:13:50 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A83FB961-E33F-467E-A0B5-7F6B0F67E5A0}.job
[2010/06/11 09:11:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/11 09:07:21 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/06/11 08:57:44 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/11 08:56:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/11 08:56:03 | 000,000,540 | ---- | M] () -- C:\Documents and Settings\mmiklos\Desktop\Ratings Disk.lnk
[2010/06/11 08:56:03 | 000,000,532 | ---- | M] () -- C:\Documents and Settings\mmiklos\Desktop\Shared.lnk
[2010/06/11 08:55:55 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/11 04:48:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/11 04:48:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/11 04:48:23 | 1062,170,624 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/11 04:48:23 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 04:48:11 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\mmiklos\NTUSER.DAT
[2010/06/11 04:48:02 | 000,000,626 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/11 04:48:00 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\mmiklos\ntuser.ini
[2010/06/11 04:31:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/11 03:26:54 | 000,533,588 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/11 03:26:54 | 000,463,530 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/11 03:26:54 | 000,080,124 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/11 02:14:02 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3713246345-629901265-1636707324-1126Core.job
[2010/06/10 14:27:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/10 14:27:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/10 14:27:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/10 14:27:09 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/10 14:27:08 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/10 09:24:16 | 000,001,948 | ---- | M] () -- C:\Documents and Settings\mmiklos\Desktop\Free CraigsList Reader Pro v4.2.4.lnk
[2010/06/10 09:20:53 | 000,005,707 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/09 09:09:05 | 004,240,656 | -H-- | M] () -- C:\Documents and Settings\mmiklos\Local Settings\Application Data\IconCache.db
[2010/06/09 08:51:24 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/08 17:14:52 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\mmiklos\Desktop\Google Chrome.lnk
[2010/06/08 11:50:36 | 000,190,664 | ---- | M] () -- C:\Documents and Settings\mmiklos\Desktop\OrendtTempIdCard.pdf
[2010/06/07 12:07:49 | 000,001,911 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Style Builder.lnk
[2010/06/07 12:07:48 | 000,001,825 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LayOut 2.lnk
[2010/06/07 12:07:48 | 000,001,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google SketchUp 7.lnk
[2010/06/06 12:56:45 | 000,001,862 | -H-- | M] () -- C:\Documents and Settings\mmiklos\My Documents\Default.rdp
[2010/06/04 23:22:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/02 14:58:07 | 000,000,313 | ---- | M] () -- C:\Documents and Settings\mmiklos\My Documents\My Documents (4).lnk
[2010/06/02 14:02:26 | 000,012,647 | ---- | M] () -- C:\Documents and Settings\mmiklos\My Documents\Boryenace Anthem Bill.pdf
[2010/06/01 15:08:28 | 000,000,313 | ---- | M] () -- C:\Documents and Settings\mmiklos\My Documents\My Documents (3).lnk
[2010/06/01 08:36:50 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\mmiklos\Desktop\Microsoft Office Outlook 2007.lnk
[2010/05/27 12:58:34 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\mmiklos\My Documents\timplate bbq circular firebox.xls
[2010/05/17 02:16:04 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/10 09:24:16 | 000,001,948 | ---- | C] () -- C:\Documents and Settings\mmiklos\Desktop\Free CraigsList Reader Pro v4.2.4.lnk
[2010/06/09 09:09:50 | 1062,170,624 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/09 08:51:24 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/08 11:50:36 | 000,190,664 | ---- | C] () -- C:\Documents and Settings\mmiklos\Desktop\OrendtTempIdCard.pdf
[2010/06/07 12:07:49 | 000,001,911 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Style Builder.lnk
[2010/06/07 12:07:48 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LayOut 2.lnk
[2010/06/02 14:58:07 | 000,000,313 | ---- | C] () -- C:\Documents and Settings\mmiklos\My Documents\My Documents (4).lnk
[2010/06/02 14:02:26 | 000,012,647 | ---- | C] () -- C:\Documents and Settings\mmiklos\My Documents\Boryenace Anthem Bill.pdf
[2010/06/01 15:08:28 | 000,000,313 | ---- | C] () -- C:\Documents and Settings\mmiklos\My Documents\My Documents (3).lnk
[2010/05/27 12:58:39 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\mmiklos\My Documents\timplate bbq circular firebox.xls
[2010/05/17 02:16:04 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/15 13:52:50 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/06/15 13:52:50 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/06/15 13:52:50 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/15 13:52:50 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/15 13:52:05 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/06/15 13:52:01 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2009/06/15 13:51:42 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2009/04/01 13:10:08 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/04/01 13:10:06 | 000,256,512 | ---- | C] () -- C:\WINDOWS\System32\Image32.dll
[2009/04/01 13:10:06 | 000,134,656 | ---- | C] () -- C:\WINDOWS\System32\Png32.dll
[2009/04/01 13:10:06 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2009/04/01 13:10:06 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\Pcx32.dll
[2009/04/01 13:10:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\Gif32.dll
[2009/04/01 13:08:38 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\lpng.dll
[2009/03/25 11:24:15 | 000,000,033 | ---- | C] () -- C:\WINDOWS\BiMonitor.ini
[2009/03/25 11:24:00 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll
[2008/10/14 11:16:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/01/08 13:07:19 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\iu50unin.dll
[2008/01/08 13:07:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\iduninst.dll
[2008/01/06 17:10:35 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\SlpApi42.dll
[2008/01/06 16:00:55 | 000,000,672 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/27 13:06:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/12/27 12:48:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2007/12/27 12:47:28 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 19:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/05/21 01:19:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2002/04/17 09:24:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\crdb218s.dll
[2002/04/17 09:17:00 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\drda18iv.dll
[2002/04/17 09:17:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\sock18iv.dll
[2002/04/17 09:16:00 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\xcpg18iv.dll
[2002/04/17 09:16:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\prot18iv.dll
[2002/04/17 09:15:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\bind18iv.dll
[2002/04/17 09:15:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\cosi18iv.dll
[2002/04/17 09:15:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\memr18iv.dll
[2002/04/17 09:15:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\clrt18iv.dll
[2002/04/17 09:15:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\appc18iv.dll
[2002/04/03 17:01:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\crinfdtc18.dll
< End of report >

mmiklos
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-06-10
OS OS : Windows XP
Points Points : 23788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Have a virus, but cannot find it!! HELP Please

Post by mmiklos on Fri 11 Jun 2010, 10:54 am

OTL Extras logfile created on: 6/11/2010 9:47:50 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\mmiklos\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 390.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 39.11 Gb Free Space | 52.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 280.40 Gb Total Space | 244.52 Gb Free Space | 87.20% Space Free | Partition Type: NTFS
Drive H: | 280.40 Gb Total Space | 244.52 Gb Free Space | 87.20% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive P: | 280.40 Gb Total Space | 244.52 Gb Free Space | 87.20% Space Free | Partition Type: NTFS
Drive R: | 280.40 Gb Total Space | 244.52 Gb Free Space | 87.20% Space Free | Partition Type: NTFS
Drive Z: | 280.40 Gb Total Space | 244.52 Gb Free Space | 87.20% Space Free | Partition Type: NTFS

Computer Name: WORKSTATION12
Current User Name: mmiklos
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sharp\Sharpdesk\FTPServer.exe" = C:\Program Files\Sharp\Sharpdesk\FTPServer.exe:*:Enabled:Network Scanner Tool -- (SHARP CORPORATION)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07D96709-4D40-424B-BA91-E2509BCEF711}" = Free CraigsList Reader Pro from CraigsPal 4.2.4
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0AEF384B-610F-4309-8DA3-91834FE4E80E}" = Sharpdesk
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E8EF6C8-1DC7-4DEA-A776-4EDF78B9654B}" = Microsoft Network Monitor: Microsoft Parsers 3.3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2605B39B-4F04-4408-80F9-1EF088EF36FB}" = GoldMine
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{322DAA1C-9D06-441C-982C-9E0BFC9156B9}" = Anthem Rate Calculator
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{63F2DFB3-7DCA-49F2-82EB-DCEB81E9DB1E}" = Setup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6E82EB65-108D-11D4-8ADE-00A0C9497122}" = OmniRush
"{71A7D000-0D1F-4CF9-BB75-BB5920436F0C}" = Crystal Reports 9
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1B60C3-8825-4B7B-A8CE-4E52A2F73E60}" = wellpoint rate generator
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{9195706A-CEB6-4B88-85CE-D3BEB19F11C4}" = Microsoft Network Monitor 3.3
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9B2E8AF3-0BF6-4822-BF21-32D493319042}" = Component Checker
"{9CC55B9A-5DB1-47CC-B6F1-D159DF426C1F}" = WellPoint Rate Generator
"{A01FB440-65BB-473C-B6DD-59C6773E2668}" = Anthem Rate Calculator
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B61CEE19-C693-4402-9A3E-8B50BF4C289C}" = Crystal 9
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload Software
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CA9483A2-742A-4A72-881D-B81C6B1ACB3E}" = Google SketchUp Pro 7
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E286F53C-75A8-4584-943B-E70A634F2540}" = GoldMine PLUS for Microsoft® Office®
"{E56D5DC8-4C73-44B1-B650-AAD75C7A2701}" = Broadcom ASF Management Applications
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB46C18F-2258-424D-9202-0C9DB4A5E74C}" = FB46C18F-2258-424D-9202-0C9DB4A5E74C
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BDE 5.01 Upgrade" = BDE 5.01 Upgrade
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0AEF384B-610F-4309-8DA3-91834FE4E80E}" = Sharpdesk
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NY Snowmobile Trails 2007_is1" = NY Snowmobile Trails 2007
"NY Snowmobile Trails Free 2009_is1" = NY Snowmobile Trails Free 2009 v1.0
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"Picasa 3" = Picasa 3
"SearchAssist" = SearchAssist
"Slp32V4" = Smart Label Printer
"STANDARDR" = Microsoft Office Standard 2007
"ViewpointMediaPlayer" = Viewpoint Media Player
"VVMapping-Michigan_SMORV v2.3.0_is1" = VVMapping - Michigan Snowmobile & ORV GPS Maps v2.3.0
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.0.0.320
"WellPoint Rate Generator" = WellPoint Rate Generator

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/9/2010 9:10:44 AM | Computer Name = WORKSTATION12 | Source = NSSDK.MfpifValidator.1 | ID = 34938914
Description = IP 192.168.1.15 cannot be reached on the network. (0x8215110b)

Error - 6/9/2010 9:10:58 AM | Computer Name = WORKSTATION12 | Source = NSSDK.MfpifValidator.1 | ID = 34938914
Description = HTTP error 404: Object not found. (0x8215071e)

Error - 6/9/2010 9:11:07 AM | Computer Name = WORKSTATION12 | Source = NSSDK.CprXml.1 | ID = 34938914
Description = Operation timed out when pinging IP 192.168.1.15. (0x82150737)

Error - 6/11/2010 4:48:00 AM | Computer Name = WORKSTATION12 | Source = Userenv | ID = 1512
Description = Windows cannot unload your registry file. The memory used by the registry
has not been freed. This is often caused by services running as a user account,
try configuring the services to run in either the LocalService or NetworkService
account. If this problem persists, contact your administrator. DETAIL - Insufficient
system resources exist to complete the requested service.

Error - 6/11/2010 8:55:04 AM | Computer Name = WORKSTATION12 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (A socket operation was attempted to an unreachable host. ). Group Policy
processing aborted.

Error - 6/11/2010 8:59:13 AM | Computer Name = WORKSTATION12 | Source = NSSDK.MfpifValidator.1 | ID = 34938914
Description = IP 192.168.1.15 cannot be reached on the network. (0x8215110b)

Error - 6/11/2010 8:59:28 AM | Computer Name = WORKSTATION12 | Source = NSSDK.MfpifValidator.1 | ID = 34938914
Description = Timeout after sending HTTP request in Validation at IP = 192.168.1.204
(0x82151109)

Error - 6/11/2010 8:59:29 AM | Computer Name = WORKSTATION12 | Source = NSSDK.MfpifValidator.1 | ID = 34938914
Description = HTTP error 404: Object not found. (0x8215071e)

Error - 6/11/2010 8:59:51 AM | Computer Name = WORKSTATION12 | Source = NSSDK.CprXml.1 | ID = 34938914
Description = Operation timed out when pinging IP 192.168.1.15. (0x82150737)

Error - 6/11/2010 9:48:11 AM | Computer Name = WORKSTATION12 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.6514.5000, stamp 4a89dc70,
faulting module msdart.dll, version 2.81.1132.0, stamp 4802a138, debug? 0, fault
address 0x00008f09.

[ OSession Events ]
Error - 4/17/2008 3:23:37 PM | Computer Name = WORKSTATION12 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7630
seconds with 240 seconds of active time. This session ended with a crash.

Error - 8/21/2008 8:37:25 AM | Computer Name = WORKSTATION12 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 258851
seconds with 6900 seconds of active time. This session ended with a crash.

Error - 11/4/2008 4:28:36 PM | Computer Name = WORKSTATION12 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 974145
seconds with 14640 seconds of active time. This session ended with a crash.

Error - 11/15/2008 10:21:29 AM | Computer Name = WORKSTATION12 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 175049
seconds with 2520 seconds of active time. This session ended with a crash.

Error - 11/18/2008 5:30:47 PM | Computer Name = WORKSTATION12 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 16338
seconds with 480 seconds of active time. This session ended with a crash.

Error - 12/9/2008 9:12:02 PM | Computer Name = WORKSTATION12 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 369504
seconds with 4200 seconds of active time. This session ended with a crash.

Error - 6/16/2009 9:48:13 AM | Computer Name = WORKSTATION12 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 63871
seconds with 300 seconds of active time. This session ended with a crash.

Error - 6/16/2009 9:48:26 AM | Computer Name = WORKSTATION12 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/16/2009 9:48:44 AM | Computer Name = WORKSTATION12 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/21/2009 10:27:53 AM | Computer Name = WORKSTATION12 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6522
seconds with 840 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/25/2010 4:11:00 AM | Computer Name = WORKSTATION12 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: Insufficient system resources exist to complete the requested service.
.

Error - 5/25/2010 4:11:00 AM | Computer Name = WORKSTATION12 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Google\Update\GoogleUpdate.exe.
Reference
error message: The operation completed successfully. .

Error - 5/25/2010 4:14:00 AM | Computer Name = WORKSTATION12 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: Insufficient system resources exist to complete the requested service.
.

Error - 5/25/2010 4:14:00 AM | Computer Name = WORKSTATION12 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Documents and Settings\mmiklos\Local
Settings\Application Data\Google\Update\GoogleUpdate.exe. Reference error message:
The operation completed successfully. .

Error - 5/25/2010 5:33:44 AM | Computer Name = WORKSTATION12 | Source = W32Time | ID = 39452718
Description = The time service encountered an error and was forced to shut down.
The error was: 0xC0000022

Error - 6/9/2010 8:48:23 AM | Computer Name = WORKSTATION12 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/9/2010 8:48:41 AM | Computer Name = WORKSTATION12 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 6/9/2010 8:49:00 AM | Computer Name = WORKSTATION12 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm

Error - 6/9/2010 8:49:53 AM | Computer Name = WORKSTATION12 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 6/9/2010 9:09:07 AM | Computer Name = WORKSTATION12 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

mmiklos
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-06-10
OS OS : Windows XP
Points Points : 23788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Have a virus, but cannot find it!! HELP Please

Post by Belahzur on Sat 12 Jun 2010, 6:38 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Have a virus, but cannot find it!! HELP Please

Post by mmiklos on Mon 14 Jun 2010, 10:37 am

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4197

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/14/2010 9:39:28 AM
mbam-log-2010-06-14 (09-39-28).txt

Scan type: Quick scan
Objects scanned: 174708
Time elapsed: 21 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

mmiklos
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-06-10
OS OS : Windows XP
Points Points : 23788
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Have a virus, but cannot find it!! HELP Please

Post by Belahzur on Mon 14 Jun 2010, 8:51 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum